Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Labs not working

testvapt81 | Last updated: Apr 14, 2022 01:11PM UTC

The lab related to 2FA bypass and time based SQL injection aren't working. Request you to kindly look into it.

Michelle, PortSwigger Agent | Last updated: Apr 14, 2022 01:22PM UTC

Thanks for your message. The labs are launching successfully for us, are you seeing any errors when you try to launch or complete these labs? If so, can you tell us more about what you're seeing?

testvapt81 | Last updated: Apr 15, 2022 09:18AM UTC

yes, for example. If you try to work this Lab : https://portswigger.net/web-security/authentication/other-mechanisms/lab-brute-forcing-a-stay-logged-in-cookie even on using the recommended password list, it doesn't get the lab solved. Not sure, if there's some issue in the lab or password is not from the "passwordlist" or solution is not right. Could you please try this lab and see if it works for you. Thanks

testvapt81 | Last updated: Apr 15, 2022 09:31AM UTC

Also, if you see steps 10 in the solution shared: ------------------------ As the Update email button is only displayed when you access the /my-account page in an authenticated state, we can use the presence or absence of this button to determine whether we've successfully brute-forced the cookie. On the Options tab, add a grep match rule to flag any responses containing the string Update email. Start the attack. ------------------------- This is incorrect. Even if you remove the value of "stay-logged-in=", you will still get the same usual response of "your username is weiner" with update email button.

Hannah, PortSwigger Agent | Last updated: Apr 15, 2022 01:33PM UTC