Visit the CWP Control Panlel url : Enter a valid username and any email address (here the attacker will put his email id) Capture the request in Burp Suite Click Forward In the next intercept, change the value "0" to "1" Forward the request