Insecure Login (2)

Let’s try

Click the "log in" button to send a request containing login credentials of another user. Then, write these credentials into the appropriate fields and submit to confirm. Try using a packet sniffer to intercept the request.


  • Open the Development Tools in the browser, and go to the Network tab.

  • On WebGoat, click on Log in.

  • Locate the query to in the Network tab and click on Parameters.

  • Notice the parameters {"username":"CaptainJack","password":"BlackPearl"}.

Last updated