Burp Suite User Forum

Login to post

Academy lab "Blind SQL injection with conditional responses" times out

Alysson | Last updated: Feb 19, 2021 11:53PM UTC

This lab cannot be completed with a community edition of Burp Suite as it stands today. Due to the limit of just one thread when using the intruder function, the sheer number of SQLi requests that have to be sent and received (exactly 546 in my case)take such a long time that the server simply starts returning a 504 gateway timeout response. I was able to send 390 requests before reaching the point in which the server decides not to respond anymore. I need to perform all requests in order to extract the password required to complete the challenge. You could either extend the time the server remains online for the session or disclose that the completion of this challenge requires Burp Pro. Can this be solved?

Uthman, PortSwigger Agent | Last updated: Feb 22, 2021 03:00PM UTC

Hi Alysson, If you wait ~15 mins for the lab to reset and try again, does your issue persist?

You need to Log in to post a reply. Or register here, for free.