The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: Username enumeration via account lock

Ween | Last updated: Mar 23, 2021 09:53AM UTC

Hi everyone, I'm using Burpsuite Community Edition and can't solve this lab. I think it is because the CE is too slow and therefor doesn't trigger the response looked for. The site already has reset itself after each round of 100 tries. I think if each username would be tested with 5 null requests, before moving on to the next username it might work. But it now just works down the list of usernames, before testing the 2nd, 3rd etc. Is there a way to work around this?

Uthman, PortSwigger Agent | Last updated: Mar 23, 2021 01:21PM UTC

Hi Ween,

Have you tried splitting out the supplied usernames into smaller lists (e.g. groups of 25) in order to avoid some of the throttling that will occur when using Burp Intruder?

Ween | Last updated: Mar 23, 2021 04:37PM UTC

Hi Uthman, No I didn't. But you're right, that would be a solution for now. Can do 5 x 20 or so. BTW, is there a way to have 5 x null on a username and than move on to the next username, etc.? I understand it would make the need to upgrade to pro less urgent ( ;-) ) but I thought it to be a good solution to work with the community edition and get good results? Just an idea.... Thanks anyway for your quick reply. Love this academy! Learn a LOT!!

Uthman, PortSwigger Agent | Last updated: Mar 24, 2021 11:36AM UTC

Thank you for your feedback!

Can you provide more detail on the 5 x null you suggested on a username?

Brian | Last updated: Nov 19, 2022 06:09PM UTC