Burp Suite User Forum

Login to post

Academy Lab Bug

ArkRyder | Last updated: Nov 14, 2023 10:42PM UTC

Hello! I have been working through the Race Conditions topic, and am stuck on the last lab, Exploiting Time-Sensitive Vulnerabilities. I understand the concept, but the requests for username=wiener and username=carlos consistently take different amounts of time. The solution makes no mention of this, and none of the usual warming techniques are working. It just seems that when username=wiener the request takes ~550 ms and when username=carlos the request takes ~250 ms. Is this intended behavior, and if so, what am I supposed to do here?

Michelle, PortSwigger Agent | Last updated: Nov 15, 2023 10:51AM UTC

Hi When you worked through the step 'Bypass the per-session locking restriction' did you see a similar issue when sending the two requests in parallel for your user or were the times of the requests as expected at that stage?

You need to Log in to post a reply. Or register here, for free.