To find IDOR, hackers intercept API requests and substitute new identifiers into them using a web proxy, such as BURP Suite. Sometimes they rely on luck and brute-force IDs, but there are more elegant techniques, such as swapping session labels. To find IDOR: You need to create two users and save their session labels. This […]