Because of what you know about the structure
and handling of session
tokens, your attack only needs to modify the final portion of the token. In fact,
because of the sequence identified, the most productive initial attack will mod-
ify only the last few digits of the token. Accordingly, you configure Intruder
with a single payload position, as shown in Figure 13-2.
Figure 13-2: Setting a custom payload position
Your payloads need to sequence through all possible values for the final
three digits. The token appears to use the same character set as hexadecimal
numbers: 0–9 and a–f. So you configure a payload source to generate all hexa-
decimal numbers in the range 0x000–0xfff, as shown in Figure 13-3.
Do'stlaringiz bilan baham: