Welcome to a stupid test app for showing a reasonable Burp interception use!
BEFORE ANYONE WHO MIGHT SEE THIS COMPLAINS: This is purposefully ignoring some secure best-practices, and doesn't care about others, so don't sweat them if you see them.
This is a web app that allows stupid simple login and password resets. To get it up and running:
- Set up your environment the way you want (maybe get a virtualenv and enter it)
pip install -r requirements.txt
- Edit
populate_users.py
if you want usernames and passwords that aren't in there - Run
python populate_users.py
(you can removetutorial.db
and do this step again to refresh the db for whatever reason) - Run
python main.py
, navigate to localhost:4000