User ID controlled by request parameter
Let's login using the following credentials:
| Username | Password |
|---|---|
| wiener | peter |
Since we are proxying the traffic through Burp Suite, we can view this request by going to Porxy > HTTP History.
We can see that the request contains a parameter called ìd which is set to wiener.
Let's forward the request to the Repeater and set the id parameter to the following:
carlos
We can now submit this API key through the browser.
We have solved the lab.