Special thanks to James Kettle @albinowax Persistence is key, do it for the learning, not for the bounty ;) Quick note: Not all bounties are a success, this is a story about how I tried harder when failing. (As full time Security Consultant I spent my own time on this which was about 1 week and I don’t regret the learning experience) To make this process easier I’d recommend using the Burp plugin “HTTP Request Smuggler”.
