A Multi Level(Factor) Login should provide a strong authentication. Please note that TAN is Transaction Authentication Number, it's onetime use code that mostly used by banks

Goal: 

Break into another user Jane's account, you only know Jane's username, you also have your own login(Joe/banana) to site. 

Method: 

Use Burp Suite intercept and modify request and gain access.

Step by step Guide

1. Login with user/password : Joe/banana, once asked for Tan code, start burp suite


A Multi Level(Factor) Login should provide a strong authentication. Please note that TAN is Transaction Authentication Number, it's onetime use code that mostly used by banks

Goal: 

Try to login with Jane's username and password(Jane/tarzan), along with used TAN code#1 15648. 

Method: 

Use Burp Suite intercept and modify request and gain access.

Step by step Guide - Stage 1 

1. Normal Login as Jane with password tarzan,


Goal

The goal is to  to retrieve the password of user "webgoat", instead of manual guess we will use Burp suite perform Brute Force Login Attacks 

Step by step Guide

1. Start Burp suite and turn on intercept.

2. Enter user webgoat and then answer the secret question… here we will add test as answer just to use it request as template to create an attack


Please publish modules in offcanvas position.