Burp Suite User Forum

Login to post

Are there issues with the Academy labs?

Luca | Last updated: Jul 12, 2022 02:54PM UTC

I have been using the Academy in the last 3 days and I have been experiencing random periods when labs do not work properly, sessions with the server time out, and so on. Are you aware of this issue? Perhaps are you performing maintenance work? Thank you

Ben, PortSwigger Agent | Last updated: Jul 13, 2022 06:37AM UTC

Hi Luca, We are not aware of any issues with the Web Academy. Are you still seeing this behaviour? If so, is it happening with specific labs or does it appear to be completely random?

Luca | Last updated: Jul 13, 2022 09:31AM UTC

Hi Ben, completely random labs, with some requests that time out (POST requests in the lab or in the related exploit server) and some resources that are unable to load. Like for 10-15 minutes, then it goes back to normal. I have a feeling that occurs only in the integrated Burp browser though... but I have to confirm that.

Ben, PortSwigger Agent | Last updated: Jul 13, 2022 01:42PM UTC

Hi Luca, We are not aware of any general issues (we obviously do the odd bit of maintenance on the Academy every so often but there has not been any major work carried out that would explain consistent issues over a longer period of time) and I do not believe any other users have raised this with us so it does not seem like it is something that other people are encountering. If you do discover any pattern to the behaviour that you are seeing then please let us know and we can do some further investigations.

Luca | Last updated: Jul 14, 2022 11:45AM UTC

Hi, it's really weird but it looks like I experience issues mostly at loading images, which cause timeouts and pages not available or not displayed properly Example: 4113 https://exploit-0a3300aa039ea42ac0333b1401ee00c0.web-security-academy.net GET /resources/labheader/images/ps-lab-notsolved.svg burp.rrr@585541b burp.rrr@6d94c63d 0 0 svg burp.rrr@2791992 1657798699904 8080# I am still trying to understand if this happens ONLY when proxying through Burp.

Luca | Last updated: Jul 14, 2022 12:47PM UTC

Even weirder... sometimes I repeat the same request in a different browser without proxying through Burp, and it works. Sometimes it doesn't. I don't understand. I have no issue with anything else, including the Academy pages. I'm experiencing this only with spun up labs and exploit servers, and at random times.

Ben, PortSwigger Agent | Last updated: Jul 15, 2022 12:42PM UTC

Hi Luca, We can take another look at this and see if we can spot anything.

Luca | Last updated: Jul 15, 2022 01:45PM UTC

I was afraid it could happen during the Exam as well, but it didn't. I still failed, though - LOL

Luca | Last updated: Jul 31, 2022 11:39AM UTC

so today I'm back on the labs and I am experiencing this issue again (randomly). What I've noticed today: I launched an active scan on a lab in Burp (as I am checking if Burp can find stored xss in the labs, and it cannot find them for me, but that's a different issue). After a while the active scan hangs (the number of requests no longer increases). If I try to refresh the lab page in the browser (I am using the Burp browser), I get a timeout. Then I open a second browser, for example Firefox, and I put the lab URL: that opens up fine. Once that worked, the Active scan "resumes" and the number of requests begins to quickly increase again, and of course the lab page can also be refreshed in the burp browser. No idea where the issue may be located but I have rarely seen something weirder than this

Ben, PortSwigger Agent | Last updated: Aug 01, 2022 06:42AM UTC

Hi Luca, Is this happening on one specific lab or multiple labs?

Luca | Last updated: Aug 01, 2022 09:19AM UTC

any labs, randomly, not all the time. Perhaps some form of protection against active scan?

Anthony | Last updated: Aug 01, 2022 05:54PM UTC

Hi Luca, I would like to add I'm experiencing a similar issue. I'm going through the labs a second time, so I'm making quick progress. I spend about 5 minutes on each lab since I'm doing easier ones first. Usually, the first 2-3 are fine, then as I open more labs the more frequently the labs hang. The labs seem to hang more often in the integrated chromium browser, less so in a proxied Firefox browser, and even less so in an unproxied browser like Chrome. I'm not scanning anything, I think it might have to do with how quickly I'm opening labs. Do you have any thoughts on the matter?

Ben, PortSwigger Agent | Last updated: Aug 02, 2022 10:15AM UTC

Hi Luca, I am not aware of anything that would really explain the behaviour that you are seeing - it almost sounds like Burp is 'locking" up the lab and this is only resolved by accessing the lab URL separately. Is the second browser you use to access the lab instance proxying its traffic through Burp or is it a standard browser? When you see the scans stall, is there any indication within the Event log of why this might be or does the scan simply stop sending requests? The fact that you see all of this behaviour randomly is also quite puzzling.

Ben, PortSwigger Agent | Last updated: Aug 02, 2022 10:16AM UTC

Hi Anthony, When you describe the labs as 'hanging' you are referring to the pages not loading as quickly as you would expect or something else?

Luca | Last updated: Aug 02, 2022 08:10PM UTC

Hi Ben, the second browser is usually not proxied through Burp (usually Firefox). It really looks like Burp is "locking up" the lab. To be honest I haven't checked the Event log: the scan seems to stop sending request but it is the lab url that is not responding: in fact if I refresh the page I get a timeout (in the Burp browser). Then I sort of "unlock" it by using a different browser for the same url. But I cannot find a 100% reproducible pattern: for instance when I opened the issue it was not related to active scan (manual POST requests in the lab or in the related exploit server would time out, or GET requests for images - like GET /resources/labheader/images/logoAcademy.svg or GET /resources/labheader/images/ps-lab-notsolved.svg were not able to load, they would time out and with them the whole page.) I also completely 100% agree with what Anthony is experiencing: apart from the active scan, it seems to happen after I've solved some labs in quick succession, and I start an additional lab. I was under the impression that solved labs environments get immediately afterwards, so not sure how to interpret this. But I also agree with Anthony about the browsers: most problems with the integrated chrome browser, less with firefox - better when unproxied. What a mystery!

John | Last updated: Aug 05, 2022 07:56PM UTC

I would like to add that I am also getting issues like this. I will be doing labs and it works or it will have trouble loading resources like images or css. Sometimes it won't load the lab at all. Sometimes refreshing suddenly loads it, sometimes not so much. And to add to the ambiguity, sometimes it works in a non-proxied browser, sometimes it does not.

Ben, PortSwigger Agent | Last updated: Aug 08, 2022 04:33PM UTC

Hi John, Is this happening randomly (i.e. in random labs in the same manner that Anthony and Luca have experienced) or are you experiencing it in specific labs?

You need to Log in to post a reply. Or register here, for free.