This is just making requests to the website and seeing if any usernames respond with something like username xyz already exists
If you can use a tool, do it! lots of wordlists online
ffuf was a good one, I just forwarded the output to a txt file and could mess around with it as needed.
Task 3 - Brute Force
Using a list of usernames or emails, this is just making requests to the website with passwords to try and login, or get a successful response.
Perhaps ratelimiting the speed of a tool being used could be helpful here
Task 4 - Logic Flaws
Breaking the intended path of an application flow.
Ex: User wants to reset a password, the application grabs the username, and email from a client side post request. It sends the reset form to the email provided. If you spoof the email provided, badabing badaboom, you’ve got a reset link you shouldn’t have.
Task 5 - Cookie Tampering
Cookies are sometimes in plain text, or a JSON format, and we can see them, and modify certain conditions within the text.
Sometimes we can bypass authentication completely if the developer forgot something!
Not all cookies will be in human readable text, some may be encoded- knowing how to identify base64, md5, sha1, and other encoding methods is helpful to decode a cookie! There are also tools to help with this :)