not even mitm lol,mitm would be with the original cookie but this dude is just copying the response from an valid password auth and pasting it into his request,useless video tbh
you get those after you login with a valid account first, so you know how the server responds on a correct login, then you copy that response and you paste it in the interceptor to perform the attack, that's the Response manipulation Vulnerability, good luck !
There are millions of videos on RU-vid about reflected XSS payload injection techniques, but none of them educate students on what to do after encountering an XSS POP-UP ... Please provide guidance on the next steps to escalate this vulnerability and earn bug bounties.......
First you need to send correct one and check what the flow of working authentication. Then do it for the wrong one if you will get in then means you can successfully bypass the flow of authentication.
First Understand the vulnerability then understand the cve or read the cve of the particular vulnerability then you know how to hunt or you can use the chat gpt or Hacker gpt