Ensure Burp and OWASP BWA VM are running and that Burp is configured in the Firefox browser used to view the OWASP BWA applications.
- From the OWASP BWA Landing page, click the link to the OWASP Mutillidae II application.
- Open the Firefox browser to the login screen of OWASP Mutillidae II. From the top menu, click Login.
- At the login screen, log in with these credentials—username: john and password: monkey.
- Switch to Burp's Proxy | HTTP history tab. Find the POST and subsequent GET requests you just made by logging in as john:
- Look at the GET request from the listing; notice the cookie name/value pairs shown on the Cookie: ...