Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Certification

MiX_FiX | Last updated: Mar 31, 2023 04:13PM UTC

Hello, I have been working on Burp Suite certification (2/3 or 3/3). I have encountered a File Path Traversal and have tried various solutions, including different payloads, obfuscation, encoding in various ways, and even tried using the 403bypasser tool, payloadallthethings, hacktricls, but it always returned a 403 error. One of the payloads I tried was "GET /admincontrols/metrics/admin-image?file_name=/blog/posts/../posts/31.jpg&imagesize=%22200x133%21%22" which resulted in a 403 error, while "/blog/posts/31.jpg" returned a 200 status code. I have attempted to use every payload listed in the Burp Suite Intruder (which includes 2200 payloads or 879 payloads), but all of them returned a 403 error. I have a copy of the project available if you need it. By the way, my exam is still in progress(20 minutes has passed since I finished my exam).

MiX_FiX | Last updated: Apr 02, 2023 01:54PM UTC

My exam still in progress by the way…

Michelle, PortSwigger Agent | Last updated: Apr 03, 2023 08:25AM UTC

Hi Thanks for getting in touch. We've received your email and will look into this for you. If we need any additional information, we'll let you know.

Patrick | Last updated: Apr 03, 2023 12:40PM UTC

Dear Michelle, I encountered the same thing and would like to find out if this was the way the exam was intended

Michelle, PortSwigger Agent | Last updated: Apr 03, 2023 01:10PM UTC

Hi Can you send an email to support@portswigger.net with a few more details? Have you had issues with the exam still showing as 'In progress' or did you encounter specific problems with one of the applications?

Anton | Last updated: Apr 06, 2023 03:04PM UTC

Hi, I have the same problem...

Michelle, PortSwigger Agent | Last updated: Apr 06, 2023 03:09PM UTC