Today we take an adventure into Post Swigger's Web Security Academy and their process.
The nice thing about this is that it feels more practical. ...
For further actions, you may consider blocking this person and/or reporting abuse
Thanks buddy for your post.
I think you missed one thing. when performing the attack in the exploit server, you should be logged out, because as a real attacker you would not be logged in the account carlos/montoya.
Thanks for info. Maybe this was why I had struggled to get it to work for so long. I'll have to try this again and log out.