- Navigate to OWASP 2013 | A1 – Injection (Other) | HTMLi Via Cookie Injection | Capture Data Page:
- Note how the page looks before the attack:
- Switch to the Burp Proxy Intercept tab, and turn Interceptor on with the button Intercept is on.
- While the request is paused, make note of the last cookie, acgroupswitchpersist=nada:
- While the request is paused, replace the value of the last cookie, with this HTML injection script: ...