test-2-report.md

Test 2 Report

Conducting the test

1. In Shopmost application register customer with following credentials:
   • Full Name: Jane Killer
   • Email: [email protected]
   • Password: killer
2. In Burp Suite go to Intruder > Positions tab.
3. In Positions tab:
   • Set Attack type to Sniper.
   • Set Target to http://[::1]:3000 (localhost or 127.0.0.1 won't work).
   • In the request textfield paste the following content:

     POST /api/customers/sessions HTTP/1.1
     Content-Type: application/json
     
     {
         "email": "[email protected]",
         "password": "§ps1§"
     }

4. Click Start attack button and wait for the attack to finish.
5. You should see that the request with password killer was successful.

Results

Register customer

Customer dashboard after successful registration

Prepare test

Test results