Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Long Version

In this video, we cover Lab #5 in the Authentication module of the Web Security Academy. This lab is vulnerable to username enumeration using its response times. To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page. - Your credentials: wiener:peter - Candidate usernames: https://portswigger.net/web-security/authentication/auth-lab-usernames - Candidate passwords: https://portswigger.net/web-security/authentication/auth-lab-passwords ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series ▬ ? Contents of this video ? ▬▬▬▬▬▬▬▬▬▬ 00:00 - Introduction 00:11 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:22 - Navigation to the exercise 01:50 - Understand the exercise and make notes about what is required to solve it 02:20 - Exploit the lab 14:47 - Summary 15:09 - Thank You ▬ ? Links ? ▬▬▬▬▬▬▬▬▬▬ Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-authentication/lab-05/notes.txt Web Security Academy Lab Exercise: https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-response-timing Rana's Twitter account: https://twitter.com/rana__khalil