Finally, we are ready to start Intruder. On either the Payloads or the Options tabs, click the Start attack button to begin:

When the attack has started, an attack results table will appear. This allows the tester to review all requests using the payloads within the payload marker positions. It also allows us to review of all responses and columns showing Status, Error, Timeout, Length, and Comment.

For the purpose of this recipe, we note that the payload of admin in the password parameter produced a status code of 302, which is a redirect. This means we logged into the Mutillidae application successfully:

Looking at Response | Render within the attack table allows us to see how the web application responded to our payload. As you can see, we are successfully logged in as an admin: