Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Academy lab always times out when using Intruder

wh4ck | Last updated: Oct 03, 2020 05:02PM UTC

I get Server Error: Gateway Timeout every time I try to brute force something. How can I avoid this with BurpSuite? It is getting in the way a lot.

Ben, PortSwigger Agent | Last updated: Oct 05, 2020 08:52AM UTC

Hi, The labs expire after a certain amount of time - are you finding that you are hitting this limit when using Intruder? If so, which particular labs are you having issues with?

Chan | Last updated: Oct 08, 2020 11:49PM UTC

Im having the same issue, mostly in this lab https://portswigger.net/web-security/request-smuggling/exploiting/lab-capture-other-users-requests

Chan | Last updated: Oct 08, 2020 11:55PM UTC

sorry, this lab https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-bypass-using-a-brute-force-attack

Ben, PortSwigger Agent | Last updated: Oct 09, 2020 07:24AM UTC

Hi, Are you using the Burp Community edition when you experience the timeout using Intruder? You could look to break up the number payload that you are required to use into several smaller sets rather than one large set of 0-9999. Or, as is mentioned in the lab description, you could look to use the Turbo Intruder extension to deliver the payload.

Daniele | Last updated: Jan 18, 2021 10:35PM UTC

I had the same issue, solved it just by keep reloading the page, doing some "keep alive actions" while the intruder was running...

Iftikhar | Last updated: Mar 20, 2021 06:40PM UTC

Yes, it is very annoying, I am seeing the issue when running the blind sql injection, I am using cluster bomb option as there are two payloads.

Charcoal | Last updated: Apr 22, 2021 02:56PM UTC

Hello, Yes, this happens in several labs. I am using Burp Professional. Are you certain there is not additional limitations in place? 400 requests in on the https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-bypass-using-a-brute-force-attack It has also happened in a few other places. While possibly beneficial to memorizing the procedures, it does get to be quite frustrating when one cannot complete a lab even though all steps are being managed properly.

Ben, PortSwigger Agent | Last updated: Apr 23, 2021 07:49AM UTC

Hi, I would say that there are some 'quality of life' issues with using Burp Community edition and some of the labs in the sense that the throttling of Intruder does mean that other methods might need to be used in order to solve the lab (splitting up the sets being tested into smaller subsets or using Turbo Intruder generally get round this issue). For Burp Professional that should not be the case though - the attacks should be performed in good time because there is no throttling of the requests being issued. Are you following the solution for this one and, if so, how long are you finding the attack lasts before the requisite 302 status request is found?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.