Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Do I need Burp Professional license to take Portswigger Academy course?

Samuel | Last updated: Jun 21, 2022 05:07AM UTC

Hi, I have a doubt. Does Burp Suite get better performance to solve Portswigger Academy labs ? I've been taking the Portswigger Academy (using burp suite community license), but some of the labs take too long to complete. For instance, the SQL Injection part, I've been trying Cluster Bomb attacks and the brute force tests take too long. I'm not sure if in order to get the most from the Portswigger academy course, I should already have a Burp Suite Professional license. Thanks again.

Ben, PortSwigger Agent | Last updated: Jun 21, 2022 07:27AM UTC

Hi Samuel, All but a small handful of labs are solvable using the free Burp Community edition (there are a small number of labs that require the use of the Burp Collaborator, which is only available within Burp Professional). For some of the labs that require the use of Intruder you may have to split your attack up into smaller subsets in order to get round the request throttling that occurs within Intruder in Burp Community. What are the specific names of the lab(s) you are having issues with?

Samuel | Last updated: Jun 22, 2022 05:13PM UTC

Hi Ben, thanks for your response. Specifically, the SQL injection labs (Blind SQL, Enumerating Database). I was replicating some of the methodologies explained by Rana Khalil using cluster bomb, but it take years for me to finish the brute force tests.

Ben, PortSwigger Agent | Last updated: Jun 23, 2022 10:45AM UTC

Hi Samuel, You probably have two options - Breaking up your attacks into smaller subsets is really going to be the only way to improve things for you if you want to use native Intruder. Alternatively, you could look to use the Turbo Intruder extension which does not contain any request throttling. If we take the 'Blind SQL injection with conditional responses' as an example (sounds like this might be the type of lab you are having issues with) - rather than running a attack that cycles through a-z and 0-9 for each of the 20 characters in the password, you could split the attack up so that you perform an attack on the first 3 characters of the password, then a second attack that does the same for characters 4,5 and 6 etc. This approach is not quite as automated as using an unthrottled Intruder in Burp Professional but it should still be manageable if you want to stick with Intruder.

Gonçalo | Last updated: Apr 21, 2023 12:56PM UTC

These labs can be solved with Burp Community edition (installing and learning how to use Intruder Turbo as soon as you feel stuff if taking to long will help you in the upcomming labs): Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data Lab: SQL injection vulnerability allowing login bypass Lab: SQL injection with filter bypass via XML encoding Lab: SQL injection UNION attack, determining the number of columns returned by the query Lab: SQL injection UNION attack, finding a column containing text Lab: SQL injection UNION attack, retrieving data from other tables Lab: SQL injection UNION attack, retrieving multiple values in a single column Lab: SQL injection attack, querying the database type and version on Oracle Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft Lab: SQL injection attack, listing the database contents on non-Oracle databases Lab: SQL injection attack, listing the database contents on Oracle Lab: Blind SQL injection with conditional responses Lab: Blind SQL injection with conditional errors Lab: Blind SQL injection with time delays As far as I know for now, these labs cannot be solved with Burp Community edition: Lab: Blind SQL injection with time delays and information retrieval Lab: Blind SQL injection with out-of-band data exfiltration

Franklin | Last updated: Nov 09, 2023 05:35AM UTC

Hi there! Found this thread because I have also bumped up against the SQLi labs requiring Collaborator (and therefore Burp Premium). I'm also pretty frustrated about this and would appreciate a complete list of labs that can be completed with Burp Community. Just wanted to give a quick correction to the above list: I was in fact able to complete the "Blind SQL injection with time delays and information retrieval" lab without Burp Premium. I did have to use a Python script of my own design to finish the lab, but it was manageable. I'm afraid the latter lab, though (out-of-band data exfiltration) will be completely impossible without Burp Premium due to the firewall blocking traffic to domains other than the Burp Collaborator domains. Unless there is another unintended vulnerability in that lab, haha.

Dominyque, PortSwigger Agent | Last updated: Nov 09, 2023 01:03PM UTC

Hi Franklin We understand your frustration with this. I have added your interest to an ongoing feature request to have the labs that require Professional features to be labeled as such.

You need to Log in to post a reply. Or register here, for free.