Do not use your real portswinger.net credentials!
We can now see an email change form on the Shop page.
Now, make sure that Burp Suite has Intercept Mode turned ON.
Enter some random email address here and Burp Suite will capture web
traffic automatically. In this instance, we entered
user@example.com
as the
new email address.
Task 4:
Let’s look at the Burp Suite’s interception window.
Right-click on the current Burp Suite window and select the Copy URL.
Paste this URL somewhere, as it will be needed in the next task.
Task 5:
In this step, we will create a malicious HTML form page which is filled by
the email address and URL we have caught in the previous task.
Open a text editor, select the following text, then copy and paste it into editor.
Fill the URL and e-mail address values in the corresponding places in the
editor:
|
