Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Academy - Lab: Username enumeration via response timing - Unable to access usernames/passwords

Daniel | Last updated: Sep 18, 2024 02:14AM UTC

Hello, In the Lab: Username enumeration via response timing, the list of candidate usernames/passwords is not accessible. In the lab, the below are not linked to anything, they seem to just be plain text. Candidate usernames Candidate passwords How can I access the lists to complete the lab? Have checked on different browsers/devices and finding the same behaviour. The same problem is present in Lab: Broken brute-force protection, IP block.

Daniel | Last updated: Sep 18, 2024 05:06AM UTC

Answering my own question for future reference..the required lists are available at https://portswigger.net/web-security/authentication/auth-lab-passwords https://portswigger.net/web-security/authentication/auth-lab-usernames They were at some point available and linked from the lab itself, perhaps this has been changed.

Ben, PortSwigger Agent | Last updated: Sep 18, 2024 06:19AM UTC

Hi Daniel, Just to confirm, you are seeing this within the learning path section of the Web Academy is that correct?

Daniel | Last updated: Sep 23, 2024 10:04PM UTC

Hi Ben, Yes, sorry should have popped the link in there. For example: https://portswigger.net/web-security/learning-paths/authentication-vulnerabilities/password-based-vulnerabilities/authentication/password-based/lab-broken-bruteforce-protection-ip-block#

Ben, PortSwigger Agent | Last updated: Sep 24, 2024 08:06AM UTC