Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Complete any of the Brute force labs without BurpSuite pro?

Lee | Last updated: Feb 09, 2023 08:54PM UTC

I thought the idea of being able to use this platform was learning it for free and helping people to learn without a cost, then optionally take the exam at the end with a cost. It turns out that I can't complete most of the rooms or any that require more than say 110 requests due to the throttling in Burp Suite. I think you really should implement regex that reflects with the current URL format of the labs so that when these URLs are being brute forced etc then you can use the tool as if you paid £400 for it. Add a token/cookie of some sort I don't know anything so that the tool recognizes you are using the training environment. I also imagine that even though the exam is only roughly £70 I will need to have the pro version of Burp Suite to complete it making the certifications extremely expensive and out of reach for a lot of people.

Ben, PortSwigger Agent | Last updated: Feb 10, 2023 10:54AM UTC

Hi Lee, You should be able to use Burp Community to solve 95% of the labs (there are some labs that absolutely require the use of Burp Professional due to a requirement to use the Burp Collaborator). In terms of the brute force labs - these should still work with the throttled Intruder but you may have to break your attacks up (so, rather than performing one large attack that will issue a large number of requests, you would need to break this up into several smaller attacks). With regards to the exam - the Burp Suite Certified Practitioner certification is, first and foremost, an exam designed to test your skills with Burp Suite Professional. It has been designed specifically to test your abilities with this software and, as such, cannot be completed with either Burp Suite Community Edition or any other web application security testing toolkit.

a-pax | Last updated: Dec 22, 2023 11:35PM UTC

I'm a real newbie at all of this but I really want to learn, So correct me if I'm wrong, but I noticed that you don't get the right response with Burp Community so you can't solve some labs at all because you can't find any abnormal response, even if you fully follow the solution instructions.

Dominyque, PortSwigger Agent | Last updated: Dec 27, 2023 10:02AM UTC