Let's try to decode the value of the session token PHPSESSID found in the OWASP Mutillidae II application. When a user initially browses to the URL (http://<Your_VM_Assigned_IP_Address>/mutillidae/), that user will be assigned a PHPSESSID cookie. The PHPSESSID value appears to be encrypted and then wrapped in base 64 encoding. Using Decoder, we can unwrap the value.
- Browse to the http://<Your_VM_Assigned_IP_Address>/mutillidae/ application.
- Find the HTTP request you just generated from your browse within the Proxy | HTTP history tab (shown in the next screenshot). Highlight the PHPSESSID value, not the parameter name, right-click, and select Send to Decoder:
- In the Decoder tab, in the Decode as… drop-down as follows, ...