Sequencer
Sequencer is an interesting tool that comes with Burp Suite. Sequencer allows us to test how random the data is.
Applications require different types of sufficiently random tokens for a multitude of things, for example, session IDs, anti-CSRF tokens, password reset tokens, user account activation tokens, and more. The basic question that we try to answer is that given enough number of tokens, will the randomness of the tokens be enough? Will a large enough sample of tokens reveal any patterns that allow us to guess a token value that might have been generated in the past or might occur in the future?
A good place to use the Sequencer tool is when you suspect that developers have tried to use their own code to create what they feel are random values, and that additionally those values are being used for some kind of authentication in the application. A simple enough example is to test the randomness of the cookie UID that is used for authentication by Mutillidae.
Note
Mutillidae is...
