Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cannot access labs with Burp browser

fil | Last updated: Apr 08, 2023 01:43PM UTC

I can log to Portswigger site but when I press Acess the lab, I have an error message: This site can’t be reached x.web-security-academy.net took too long to respond. ERR_TIMED_OUT Same things happened yesterday. I can access the labs if I use my default browser (Firefox with FoxyProxy) so it's just a minor inconvenience. I have the latest version of Burp: 2023.3.2 Chromium (Burp browser): 112.0.5615.50 I also disabled extension (I only had WAPPalyzer) and reset my settings in Chromium, but didnt make a difference.

ta32 | Last updated: Apr 09, 2023 01:37AM UTC

same issue downgrading the version works - I think its an issue with the TLS cert

Liam, PortSwigger Agent | Last updated: Apr 10, 2023 08:51AM UTC

Hi Fil, ta32. Are you still encountering this issue?

Marian | Last updated: Apr 10, 2023 09:17AM UTC

Hi, Liam! I have the same issue. Can you please advise? Thank you!

Liam, PortSwigger Agent | Last updated: Apr 10, 2023 11:00AM UTC

Thanks for this report, Marian. Could you send me your diagnostics information? You can find this by going to "Help > Diagnostics" within Burp.

You can email us via support@portswigger.net.

Drea | Last updated: Apr 11, 2023 07:55AM UTC

I am also having this issue. The labs loads perfectly fine outside of Burp's browser but just timeouts on me in the browser.

Liam, PortSwigger Agent | Last updated: Apr 11, 2023 08:42AM UTC

Thanks for this report, Drea. Could you send me your diagnostics information? You can find this by going to "Help > Diagnostics" within Burp.

You can email us via support@portswigger.net.

Josh | Last updated: Apr 12, 2023 02:51PM UTC

Same issue as the others above have reported. I'll send diagnostics.

Liam, PortSwigger Agent | Last updated: Apr 13, 2023 07:29AM UTC

Thanks, Josh.

Dariusz | Last updated: Apr 17, 2023 01:02PM UTC

Same for me. The browser built in Burp doesn't work and shows ERR_TIMED_OUT while trying to load labs. In the same time, FireFox configured to connect using Burp works without any issues and I'm able to load any website. It looks it is related to TLS certificates. Some well known websites works well eg. you can access Google without any issues, while accessing NASA website is not possible. Eg. while typing nasa.gov in the Burp's browser the GET request to http://nasa.gov is made, then NASA's server replies with Location: https://www.nasa.gov/. I can see the response in Burp History, but there is no further request to https://www.nasa.gov/ made. While using FireFox that is configured to connect via Burp it works without any issues. I've tried to reinstall Burp, clear browser history, remove application folders but it doesn't help. While accessing some website using HTTPS or if the Location header to https:// is sent there is a proxy issue reported in Burp: "The client failed to negotiate a TLS connection to www.nasa.gov:443: Remote host terminated the handshake". After closing Burp browser and opening it once again and typing nasa.gov everything works, until some of rare domains are requested. Eg. after requesting m.addthis.com there is an issue with TLS and after it happend the further requests are blocked. In such case there is not possible to access Google website, which works before. So, it seems to be related with TLS and everything works until first handshake error. After the error appears the browser doesn't connect to other websites over HTTPS. It doesn't seem to be a Burp issue, because FireFox is able to connect any HTTPS website in the same time, and the requests made from FireFox are shown in Burp History. So it is most probably a Burp Browser issue.

Dariusz | Last updated: Apr 17, 2023 07:38PM UTC

I think I found a workaround for the issue. 1. Open Burp Browser and go to chrome://flags/#tls13-variant 2. In the search box type TLS 3. Find "Encrypted ClientHello" section and set it do "disabled". 4. Relaunch browser. After the browser restats you can access PortSwigger Labs.

Liam, PortSwigger Agent | Last updated: Apr 18, 2023 09:52AM UTC

Thanks for the update, amk.

Przemek | Last updated: Apr 23, 2023 02:01PM UTC

AMK, thank you very much!!!!! I thought im gonna get karen rage with this issue haha.

nyetings | Last updated: May 03, 2023 11:58AM UTC

thanks amk!!

Stella | Last updated: May 16, 2023 03:59PM UTC

The above solution did not work for me, I am not able to access portswigger lab

Ben, PortSwigger Agent | Last updated: May 17, 2023 07:30AM UTC

Hi Stella, Are you using Burp on Windows? We are aware of a number of users experiencing similar issues with timeouts happening when attempting to launch labs from our Web Academy. We are still investigating the possible cause of these issues. If you copy the URL for the lab once the ERR_TIMED_OUT message has been displayed in the browser, close all embedded browsers and open a new one, and then paste the URL into the browser, does this allow you to access the lab?

Elisha | Last updated: May 17, 2023 02:18PM UTC

I tried all the solutions, closing all embedded browsers but still its not working

Michelle, PortSwigger Agent | Last updated: May 18, 2023 03:34PM UTC

Hi Which messages do you see in the browser and the Event Log on Burp's Dashboard? Which version of Burp are you using and what OS is it installed on?

Elisha | Last updated: May 21, 2023 01:59AM UTC

Message: This site can’t be reached0a74003c03921afd83bbf116005200d7.web-security-academy.net took too long to respond. Version: Burp Suite Community Edition v2023.4.4 windows 10 and windows 11 I have tried on both

Liam, PortSwigger Agent | Last updated: May 22, 2023 12:03PM UTC

Thanks for your message.

If you are still encountering an issue, please provide the lab title.

Suvashish | Last updated: May 30, 2023 09:00AM UTC

1. Open Burp Browser and go to chrome://flags/#tls13-variant 2. In the search box type TLS 3. Find the "Encrypted ClientHello" section and set it to "disabled". 4. Relaunch the browser. I've tried the above settings as well but still can't access them. I'm using Windows 10 and Burp version 2023.4.5 This site can’t be reached0a3600920466721281fc945500a700b1.web-security-academy.net took too long to respond. Please let me know how to fix this issue or it could be burp issue as well. Thank you.

Suvashish | Last updated: May 30, 2023 09:08AM UTC

I found a temporary solution. If the above settings don't work, reset all settings, relaunch, and it should work. If it stops working again, disable Encrypted ClientHello, relaunch, and it will work. That's what I'm currently doing. Thank you.

Liam, PortSwigger Agent | Last updated: May 30, 2023 11:01AM UTC

Thanks for the update, Suvashish.

John | Last updated: Jun 26, 2023 02:05PM UTC

Thanks for the fix @Dariusz you the real mvp B)

nightshiba | Last updated: Jul 01, 2023 07:00PM UTC

"chrome://flags/#tls13-variant" fix didn't work for me, but temporarily disabling the DOM Invader fixed the issue! Hope it will help someone :)

Liam, PortSwigger Agent | Last updated: Jul 03, 2023 08:19AM UTC

Thanks for the advice, nightshiba.

semonbright | Last updated: Jul 31, 2023 06:44AM UTC

This issue commonly arises when the service running on your local machine encounters difficulties resolving the request. If you have access to the logs, kindly review them to gain more insights into the specific error. Additionally, ensure that the application interface, server, and related services are functioning properly. Several scenarios can trigger the "this site can't be reached" error in web browsers. For example, the server might still be operational, but the interface application could be closed, or the database may be down. In cases where the application interface and server are functioning, but a dependent service is down, consider restarting your computer or server and restarting the services. Ensure that the application is bound to the localhost; it might be limited to an individual interface. You can use the "netstat -na" command to obtain clues regarding the issue. Additionally, run a port scan on your computer to verify that the port is open and accessible. https://net-informations.com/q/mis/reached.html

Dominyque, PortSwigger Agent | Last updated: Aug 14, 2023 01:53PM UTC

Hi all We have been trying to do further investigations into this issue and have not been able to replicate it yet. Are you still experiencing the issue of being unable to access the labs? Any feedback that you can provide will be helpful and appreciated.

Sakib | Last updated: Nov 02, 2023 08:00AM UTC

Hello! Just my 2 cents on this subject. Since I am a developer, we often use the port 8080. The Burp Suite proxy is also using it, by default. So if they clash you will get the same behavior as described. Of course, one workaround is just to change Burp's port to something else. I guess BurpSuite could do a better job of checking if port is available before running the browser.

Nishad | Last updated: Nov 30, 2023 07:17AM UTC

THANKS A LOT!!!!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.