Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to work Exploit Server in PortSwigger Academy?

Thiago | Last updated: Dec 06, 2021 03:22PM UTC

I have been looking for answers about What is Exploit Server inside academy exercises? Example, a simple XSS Reflect, instead just reflect using an alert command I realize the use of wrappers like, send payload wrapped location=url, <iframe>, I do not see a pattern. Anyone has a tutorial or an anwser about these Exploit Server.

Liam, PortSwigger Agent | Last updated: Dec 07, 2021 10:20AM UTC

The Exploit Server is just something that we use in our Web Academy in order to make delivering exploits easier for the user. Some of the topics covered, for example, would require you to host exploits for victim users to access - we simulate this with the Exploit Server and dummy victim users. If the lab you are trying to solve involves the use of the Exploit Server then there will be an orange button at the top of the page to access the server once you have launched the lab. There isn't anything special about the exploit server and it's not specific to XSS.

Thiago | Last updated: Dec 07, 2021 12:41PM UTC

In a way, the exercise is tied to a kind of resolution, right? For example, I can't choose the way I "deliver" the exploit, using <iframe>, location, form submit.

DØŁLÃR | Last updated: Dec 07, 2021 12:59PM UTC

I have BurpSuite hooked with WebGoat, everything is working normal but WebGoat seems to have so many and rapid internal requests, and BurpSuite picks all these requests and makes me have to forward more than 100 requests in less than a minute, I searched everywhere and couldn’t find a solution, pls can you guys help? I just want to filter out all these internal requests and get the relevant ones, WebGoat however provided a solution to this, but their solution was for the similar software ZAP..Please help guys

Liam, PortSwigger Agent | Last updated: Dec 08, 2021 06:42AM UTC

@thiago It might be possible to solve the exercise in more than one way.

Liam, PortSwigger Agent | Last updated: Dec 08, 2021 06:43AM UTC

@DØŁLÃR You should be able to use Burp's proxy options to refine your work - https://portswigger.net/burp/documentation/desktop/tools/proxy/options.

Darshil | Last updated: Jul 22, 2022 10:29PM UTC

how to create own exploit server for real life bug bounty

Ben, PortSwigger Agent | Last updated: Jul 25, 2022 07:09AM UTC

Hi Darshil, Our support service is for here to provide technical advice with Burp Suite. Unfortunately, we cannot advise you on how to setup your own exploit server for use in the wild.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.