Using Burp Sequencer to test the session randomness
In this recipe, we will learn how to use the Sequencer tool to check the of the session token in web applications.
Getting ready
To step through this recipe, you will need Kali Linux running on Oracle Virtualbox and an Internet connection. No other prerequisites are required.
How to do it...
For this recipe, you need to perform the following steps:
- Open the application in the browser and intercept the request using Burp, as shown in the following screenshot:
- We need to analyze the response for the request, forward this request, and capture the response from the server, as shown in the following screenshot:
- Since the has set up
Set-Cookie PHPSESSIONID
, in order to analyze this token, we need to send it to the sequencer, as shown in the following screenshot:
- Now open the Burp Sequencer. To check the randomness, Burp needs to know the location cookie in the request and then we will have start the live capture, as shown in the following...