Burp Suite User Forum

Create new post

BSCP: Examity - Proctoring and other stuff

Giulio | Last updated: Jun 28, 2023 12:53PM UTC

Hi, I will soon start my BSCP exam but I have a few key questions that I would like to clarify before beginning the exam related to how the Examity works and the proctoring environment. Currently, I do not have a Windows environment with Burpsuite and all my tools/extensions where I can take the exam, however, I can quickly spawn a Windows VM. How does the verification work? Can I use the Windows VM to prove my identity, show the room/physical environment and then close to continue the exam on my host? Can you provide me with a little more info about that? Thanks!

nobug | Last updated: Jun 29, 2023 03:01AM UTC

I have similar questions. I run chrome in Windows host but run burp only in WSL kali VM for isolation because of security concerns. Is my workflow applicable for BSCP exam? I have experience participating in the OSCP exam, in which this kind of workflow was applicable. I am from China and thanks to the censorship for the network flow, auto scanning by scanners like nmap or burp to the exam lab VM may get great packet loss, what is too bad condition to take a exam. So I tried rent a VPS geographically close to the exam lab VM to improve the net lag and packet loss. In the exam the Proctor provided a script to detect the env of my system, but only for my host machine, no need for the VMs. And emphasized that my workflow was applicable but not recommended, because if any network problems occuerred in my workflow, they were not able to help with it as they just support for the classic direct-connection workflow. So what are the relevant policies for the BSCP?

Ben, PortSwigger Agent | Last updated: Jun 29, 2023 08:22AM UTC

Hi both, To confirm, the proctoring aspect of the exam is purely used for identification purposes at the start of the exam. After this process has been completed you no longer need to have your camera on etc. The plug-in provided by Examity, who we currently use to provide the proctoring service for the exam, does not support being used in Linux based systems, which is where the restriction on not using Linux machines within the exam comes from. It is also worth noting that there can be issues using a virtual machine to carry out the proctoring aspect as well (Examity can detect the use of virtual machines). Having said the above, we have had users who have successfully completed the exam by running a Windows host, and used this to complete the proctoring part of the exam, before then moving to a Linux virtual machine (which is being hosted on the Windows machine) to actually interact with the two exam applications and carry out the exam itself. Unfortunately, we cannot really advise anything other than using the supported Windows or Mac physical machines to perform the proctoring aspect of the exam as we cannot guarantee that any other approach will not be picked up by Examity and cause you adverse issues during the exam.

Giulio | Last updated: Jun 29, 2023 01:09PM UTC

Thank you, Ben, that was extremely clarifying. I will see If I can perform some sort of "simulation" with Examity to check if everything works fine, otherwise, I will simple set up a working windows host for both the proctoring and the actual exam. Thanks!

z10x | Last updated: Aug 09, 2023 02:47AM UTC

Hi, is it possible to run a dual boot? verify Examity from a Windows host, then move into the Linux host (i have all my enviroment, tools and notes there) to start the exam, or does Examity need to be running the entire exam?

Ben, PortSwigger Agent | Last updated: Aug 09, 2023 08:47AM UTC

Hi, As noted earlier in this thread, the proctoring phase of the exam is only used to verify your identity so you do not need to have this running for the entire exam. As also noted, we have had people using a Windows/Mac host to complete the proctoring phase of the exam before then moving to a Linux virtual machine to actually interact with the exam applications. A dual boot system should mimic this approach but we would always stress that this is carried out at your own risk.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.