Phi10s

The Setup  The only tool we will use for the exploitation process, in addition to a normal browser, is Burp Suite. Start up Burp, and edit your browser's proxy settings to point to the port Burp is running on. Be sure to turn Burp proxy's intercept mode off until ready to use it. We'll be attacking DVWA - "Damn Vulnerable Web App," which comes preinstalled in the Metasploitable 2 VM. You can download the VM  here . Once the VM is set up in your hypervisor of choice, no further configuration is required. We simply navigate to the VM's IP address in our browser, click on "DVWA," and log in to the app with the credentials listed on the login page. Be sure to set the security level to "low" for this exercise. Baseline Testing After navigating to the vulnerable page, we see a box that takes user supplied input in the form of a user ID. Let's see what happens when we send a normal input. We'll capture the request using Burp Pr...