// CTF CHALLENGE 18

Advanced Web Audit

You have intercepted traffic to a banking API. You need to configure Burp Suite correctly to execute your attacks. Answer the 3 proxy configuration questions.

[1] Intruder Configuration

You have a form with user=§U§ and pass=§P§. You want to test all possible combinations crossing your user list with your password list. What Intruder "Attack Type" should you select?

[2] Token Analysis

You noticed the API issues a cookie called AuthToken. You doubt if it is cryptographically securely generated. To which main Burp Suite tab (module) would you send the request to mathematically analyze the token's entropy and randomness?

[3] Extensions (BApp Store)

You need to test for IDOR and privilege escalation vulnerabilities by automatically repeating your Admin requests as if you were a low-level user. What is the most famous BApp Store extension that does this?

Advanced Web Audit

🛡️ Generar Reporte OSINT