Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

"Blacklisted" responses in the WebSocket handshake manipulation lab

Dmitry | Last updated: Oct 10, 2020 02:12PM UTC

Hi, for some reason I started receiving an Unauthorized response during the lab "Manipulating the WebSocket handshake to exploit vulnerabilities" This only occurs at the /chat endpoint Request url (GET from browser): ac2f1f681f1ece4f8022a7c100db007e.web-security-academy.net/chat Response: HTTP/1.1 401 Unauthorized Content-Type: application/json; charset=utf-8 X-XSS-Protection: 0 Connection: close Content-Length: 29 "This address is blacklisted"

Dmitry | Last updated: Oct 10, 2020 02:17PM UTC

Please disregard. I missed the note about "IP based restrictions" :D

AndreasHorvat | Last updated: Dec 08, 2022 08:36PM UTC

same here

Ben, PortSwigger Agent | Last updated: Dec 09, 2022 01:41PM UTC

Hi, Just to clarify, you are receiving the 'This address is blacklisted' error message like the user that originally created this forum post or something else? If it is the former, have you added the X-Forwarded-For header to your handshake request in order to spoof your IP address as mentioned in the solution?

Matty | Last updated: Sep 17, 2024 09:13PM UTC

me too

Ben, PortSwigger Agent | Last updated: Sep 18, 2024 07:23AM UTC

Hi Matty, Are you able to provide us with details of exactly what steps you have taken and what you are seeing so that we can assist you further with this lab?

Jhon | Last updated: Oct 16, 2024 03:32PM UTC