This lab allows users to stay logged in even after they close their browser session. The cookie used to provide this functionality is vulnerable to brute-forcing.
To solve the lab, brute-force Carlos's cookie to gain access to his "My account" page.
stay-logged-incookie, which appears to be Base64 encoded. Highlight the cookie value, right-click it, and select "Send to Decoder".
wiener:51dc30ddc473d43a6011e9ebba6ca770. Observe the length and character set of this string and notice that it could be an MD5 hash. Given that the plaintext is your username, you can make an educated guess that this might be a hash of your password. Hash your password using MD5 to confirm that this is the case. We now know that the cookie is constructed as follows:
GET /request to Burp Intruder.
stay-logged-incookie and add your password as a single payload.
My accountand start the attack.
My account. This confirms that your payload processing rules work as expected and constructed a valid cookie.
carlosin the "Add prefix" rule and use the list of passwords as the payload set instead of your own password. Remember to add a grep match rule for
My account. Load this response in your browser.