Let’s try

Click the "log in" button to send a request containing login credentials of another user. Then, write these credentials into the appropriate fields and submit to confirm. Try using a packet sniffer to intercept the request.

Solution

• Open the Development Tools in the browser, and go to the Network tab.

• On WebGoat, click on Log in.

• Locate the query to start.mc in the Network tab and click on Parameters.

• Notice the parameters {"username":"CaptainJack","password":"BlackPearl"}.