Skip to content

Lab 05 Broken Authentication

Jump to bottom
Tomas Rosenqvist edited this page Oct 29, 2018 · 17 revisions

Broken authentication

Password strength

  1. Download the password dictionary to your computer.
  2. Start OWASP ZAP.
  3. Launch the ZAP JxBrowser by clicking the "Launch Browser" button.
  4. Enter your Juice Shop url.
  5. Go to the Login page and attempt to login using a random username and password.
  6. Check the History tab in ZAP.
  7. Select the most recent HTTP POST request and inspect the request and response.
  8. Right click the POST request and choose Attack -> Fuzz.

Reset Jim's password

Recommended reading

Clone this wiki locally