Log into a user account on target.com
Navigate to Settings, Edit Profile and change your username
Intercept the request using a proxy tool like Burp Suite
Send the request to Intruder, and set the Token header as the payload position
Token
Use a list of random session token values, ending with the valid one
Launch the attack and analyze the responses
Invalid Tokens: Response code 401 with a body length of 431
401
431
Valid Token: Response code 200 with a body length of 487
200
487
Last updated 1 month ago
