the-web-application-hackers-handbook

596 Chapter 14 n Automating Customized Attacks
Your payloads need to sequence through all possible values for the final three
digits. The token appears to use the same character set as hexadecimal numbers:
0 to 9 and a to f. So you configure a payload source to generate all hexadecimal
numbers in the range 0x000 to 0xfff, as shown in Figure 14-3.
Figure 14-3: Configuring numeric payloads
In attacks to enumerate valid session tokens, identifying hits is typically
straightforward. In the present case you have determined that the application
returns an HTTP 200 response when a valid token is supplied and an HTTP 302
redirect to the login page when an invalid token is supplied. Hence, you don’t
need to configure any custom response analysis for this attack.
Launching the attack causes Intruder to quickly iterate through the requests.
The attack results are displayed in the form of a table. You can click each
column heading to sort the results according to the contents of that column.
Sorting by status code enables you to easily identify the valid tokens you have
discovered, as shown in Figure 14-4. You can also use the filtering and search
functions within the results window to help locate interesting items within
a large set of results.