Burp Suite User Forum

Create new post

Lab: Username enumeration via response timing

Adam | Last updated: Sep 12, 2023 05:46PM UTC

hello, I use the X-Forwarded-For header, I change the values and all the time I get the information "You have made too many incorrect login attempts. Please try again in 30 minute(s)". I don't know why it doesn't work

Ben, PortSwigger Agent | Last updated: Sep 13, 2023 10:14AM UTC

Hi Adam, Are you able to provide us with some specific details of the steps that you are carrying out so that we can see this exactly? Providing some screenshots of the steps would be useful so if it is easier to do this via email then please feel free to send us an email at support@portswigger.net and we can take a look from there.

Adam | Last updated: Sep 14, 2023 02:02PM UTC

Successfully completed the lab. I am using in my office where X-Forwarded-For header is blocked in the firewall or someting. Thinking that, now I used my personal PC and it worked. Thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.