PHASE: Response Analysis33% COMPLETION
MODULE 17
Email & User Enumeration
Finding valid users via password reset and registration endpoints.
Response Analysis
How does the server react when you enter a known email vs an unknown one?
Time Timing Attack
Database takes longer to process existing users (password hashing) than non-existent users (early exit).
Error Messages
"Email already exists" vs "Account created".