CompTIA CASP+ (CAS-004) — Question 210

A penetration tester is testing a company’s login form for a web application using a list of known usernames and a common password list. According to a brute-force utility, the penetration tester needs to provide the tool with the proper headers, POST URL with variable names, and the error string returned with an improper login. Which of the following would BEST help the tester to gather this information? (Choose two.)

Answer options

• A. The new source feature of the web browser
• B. The logs from the web server
• C. The inspect feature from the web browser
• D. A tcpdump from the web server
• E. An HTTP interceptor
• F. The website certificate viewed via the web browser

Correct answer: C, E

Explanation

The 'inspect feature from the web browser' allows the tester to view and analyze the network requests and responses, making it easier to find the necessary headers and error messages. An 'HTTP interceptor' enables the tester to capture and manipulate HTTP requests and responses in real-time, providing critical insights into the login process. The other options either do not provide the required real-time data or are less effective for this specific task.