In this video, we cover Lab #9 in the Authentication module of the Web Security Academy. This lab allows users to stay logged in even after they close their browser session. The cookie used to provide this functionality is vulnerable to brute-forcing.
To solve the lab, we brute-force Carlos's cookie to gain access to his "My account" page.
Your credentials: wiener:peter
Victim's username: carlos
Candidate passwords
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: [ Ссылка ]
▬ 📚 Contents of this video 📚 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:11 - Web Security Academy Course ([ Ссылка ])
01:22 - Navigation to the exercise
01:50 - Understand the exercise and make notes about what is required to solve it
02:25 - Exploit the lab using Burp Suite Professional
08:37 - Script the Exploit in Python
18:12 - Summary
18:24 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Python script: [ Ссылка ]
Notes.txt document: [ Ссылка ]
Web Security Academy Lab Exercise: [ Ссылка ]
Rana's Twitter account: [ Ссылка ]
![](https://i.ytimg.com/vi/0oMWbUX101o/maxresdefault.jpg)