Insecure Login (2)
Click the "log in" button to send a request containing login credentials of another user. Then, write these credentials into the appropriate fields and submit to confirm. Try using a packet sniffer to intercept the request.
Lesson number does not turn green on validation.
- Open the Development Tools in the browser, and go to the Network tab.
- On WebGoat, click on Log in.
- Locate the query to
start.mc
in the Network tab and click on Parameters. - Notice the parameters
{"username":"CaptainJack","password":"BlackPearl"}
.