Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab - Authentication bypass via encryption oracle

John | Last updated: Dec 30, 2020 11:18PM UTC

Hi, the labs instruction is to select the first byte of a decoded cookie. Then to secondary click (the selected byte) and select the "Delete Bytes" option. The issue is I follow the instruction but the option of "Delete Bytes" is just not on the secondary menu....anyone got any ideas of how to get that option? I've checked that my Burp Suite Pro is up to date....fraction away from completing the lab and to get held up by a menu option that does not exist.....is------- let you fill in the blanks!!! Thanks in advance for any help/advice

John | Last updated: Dec 31, 2020 05:39PM UTC

Just had to suck it up and count byte deletions. It's a tricky lab in the first place, but when you don't get the choice of entering a value for bytes to delete, you really have to be careful counting the individual bytes deleted. Any miscount/miscalculation you may have to restarted the lab. One good thing is though....I had to do this lab a few times. Those attempts have actually reinforced how to use Burp Suite decoder and repeater. So it really enforces the product learning!!! Quite relieved I've solved that one!!

Ads | Last updated: Dec 04, 2021 01:15AM UTC

Hi there, thanks so much for your post, I have the same problem!! super irritating. Out of interest, how many times did you "Delete Selected Byes"? I did it 8 times (thinking 8 x 4 AKA a nibble = 32), but still get the error Am I missing something? Thanks!!

Mohammed | Last updated: Apr 14, 2022 10:07AM UTC

Hi bro, I had the same issue. I used the older version of Burp that had the delete bytes option.

Ben, PortSwigger Agent | Last updated: Apr 14, 2022 10:16AM UTC

Hi all, Just to confirm, altering the solution text for this particular lab, to describe the new way to delete hex bytes within the Decoder in the later versions of Burp, has been recorded and is on our content teams list of things to carry out. As noted by others in this forum thread, you would need to select the requisite number of hex bytes before then right clicking and selecting the 'Delete selected bytes' option in the context menu.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.