Burp Suite's Sequencer requests thousands of session identifiers from the server (by repeating the login request, for example) and analyzes the responses to determine the randomness and cryptographic strength of the algorithm generating the identifiers. The stronger the algorithm, the harder for an attacker to replicate a valid ID. 

In this recipe, we will use Burp Sequencer to analyze the session ID generation by two different applications and determine some characteristics of a secure session ID generation algorithm.