Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version

In this video, we cover Lab #9 in the Authentication module of the Web Security Academy. This lab allows users to stay logged in even after they close their browser session. The cookie used to provide this functionality is vulnerable to brute-forcing. To solve the lab, we brute-force Carlos's cookie to gain access to his "My account" page. Your credentials: wiener:peter Victim's username: carlos Candidate passwords ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 📚 Contents of this video 📚 ▬▬▬▬▬▬▬▬▬▬ 00:00​​​ - Introduction 00:11 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:22 - Navigation to the exercise 01:50 - Understand the exercise and make notes about what is required to solve it 02:25 - Exploit the lab using Burp Suite Professional 08:37 - Script the Exploit in Python 18:12 - Summary 18:24 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Python script: https://github.com/rkhal101/Web-Secur... Notes.txt document: https://github.com/rkhal101/Web-Secur... Web Security Academy Lab Exercise: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil