Reader small image

You're reading from  Burp Suite Cookbook - Second Edition

Product typeBook
Published inOct 2023
PublisherPackt
ISBN-139781835081075
Edition2nd Edition
Right arrow
Author (1)
Dr. Sunny Wear
Dr. Sunny Wear
author image
Dr. Sunny Wear

Dr. Sunny Wear is a web security architect and penetration tester. She provides secure coding classes, creates software, and performs penetration testing on web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture, and security experience and holds a Doctor of Science in Cybersecurity. She is a content creator on Pluralsight, with three courses on Burp Suite. She is a published author, a developer of mobile apps such as Burp Tool Buddy, and a content creator on courses related to web security and penetration testing. She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.
Read more about Dr. Sunny Wear

Right arrow

Testing for exposed session variables

Session variables such as tokens, cookies, or hidden form fields are used by application developers to send data between the client and the server. Since these variables are exposed on the client side, an attacker can manipulate them in an attempt to gain access to unauthorized data or to capture sensitive information.

Burp Suite’s Proxy option provides a feature to enhance the visibility of so-called hidden form fields. This feature allows web application penetration testers to determine the level of sensitivity of the data held in these variables. Likewise, a pentester can determine whether the manipulation of these values produces a different behavior in the application.

Getting ready

Using the OWASP Mutillidae II application and Burp Suite’s Unhide hidden form fields feature under Proxy, we’ll determine whether manipulation of a hidden form field value results in gaining access to unauthorized data.

How to do...

lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
Burp Suite Cookbook - Second Edition
Published in: Oct 2023Publisher: PacktISBN-13: 9781835081075

Author (1)

author image
Dr. Sunny Wear

Dr. Sunny Wear is a web security architect and penetration tester. She provides secure coding classes, creates software, and performs penetration testing on web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture, and security experience and holds a Doctor of Science in Cybersecurity. She is a content creator on Pluralsight, with three courses on Burp Suite. She is a published author, a developer of mobile apps such as Burp Tool Buddy, and a content creator on courses related to web security and penetration testing. She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.
Read more about Dr. Sunny Wear