1. Web Security Academy
  2. Authentication vulnerabilities
  3. Other mechanisms
  4. Lab

Lab: Brute-forcing a stay-logged-in cookie


This lab allows users to stay logged in even after they close their browser session. The cookie used to provide this functionality is vulnerable to brute-forcing.

To solve the lab, brute-force Carlos's cookie to gain access to his "My account" page.

Find vulnerabilities in your authentication using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here