1. Send a login request, capture it in BURP and send to intruder
2. Mark the payload areas for the username and password in the body of the request
username=§test§&password=§test§
3. Select 'Cluster Bomb'
4. In payloads, load in the provided username list for the first list, and the provided passwords list for the second list
5. Click 'Start Attack'
6. Order the results by Status code or length to view the valid credentials
7. Use these credentials to login and solve the lab
