Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Academy - Lab: Username enumeration via response timing - Unable to access usernames/passwords

Daniel | Last updated: Sep 18, 2024 02:14AM UTC

Hello, In the Lab: Username enumeration via response timing, the list of candidate usernames/passwords is not accessible. In the lab, the below are not linked to anything, they seem to just be plain text. Candidate usernames Candidate passwords How can I access the lists to complete the lab? Have checked on different browsers/devices and finding the same behaviour. The same problem is present in Lab: Broken brute-force protection, IP block.

Daniel | Last updated: Sep 18, 2024 05:06AM UTC

Answering my own question for future reference..the required lists are available at https://portswigger.net/web-security/authentication/auth-lab-passwords https://portswigger.net/web-security/authentication/auth-lab-usernames They were at some point available and linked from the lab itself, perhaps this has been changed.

Ben, PortSwigger Agent | Last updated: Sep 18, 2024 06:19AM UTC

Hi Daniel, Just to confirm, you are seeing this within the learning path section of the Web Academy is that correct?

Daniel | Last updated: Sep 23, 2024 10:04PM UTC

Hi Ben, Yes, sorry should have popped the link in there. For example: https://portswigger.net/web-security/learning-paths/authentication-vulnerabilities/password-based-vulnerabilities/authentication/password-based/lab-broken-bruteforce-protection-ip-block#

Ben, PortSwigger Agent | Last updated: Sep 24, 2024 08:06AM UTC

Hi Daniel, Thank you for the confirmation. Yes, we are aware of this issue and already have a ticket raised for the content team to investigate (how we handle these links is not consistent throughout the learning path - in some of the earlier labs the links are present, in the later ones they are plain text). As you have spotted, the username/password lists are the same for all of these labs so, in the interim, you can obtain them from the standard Web Academy learning materials (or from the earlier labs in this learning path).

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.