I’m a bit confused of how to set up the attack for initial access.
I know that there is a simulated user that “interacts” with what is passed into the c****** page. I can create a profile for myself on both the normal application and the hidden o**** application. Does the user do more than just click, is there a way I can trick it into performing a P*** request instead of just G**? Could someone DM me to nudge me in the right direction?
EDIT: Figured that part out…the normal flow must be “paused” and then finished by another
EDIT2: Finally have user…this box requires learning so much. Feel free to DM me for nudges up to that point 