Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Mystery Challenge

German | Last updated: Jun 23, 2022 08:48PM UTC

Hi, I would like to comment on my experience with the Mystery Challenge. The lab randomization engine is not working properly. It always repeats the same labs and even reloads labs that I just completed earlier and loads them as "completed." I don't know if anyone has had the same experience as me but everything points to it being broken. All the best!

Ben, PortSwigger Agent | Last updated: Jun 24, 2022 02:46PM UTC

Hi, I am struggling to replicate the same behaviour that you are seeing - each time I select to launch a mystery lab I receive a different lab (I have carried this out on a couple of different occasions and launched ten labs each time). Are you able to confirm which values you configured for the 'Level' and 'Category' settings?

German | Last updated: Jun 25, 2022 03:32PM UTC

Hello! Thanks for answering. The category is any:any. What usually happens to me is that there are a set of labs that tend to repeat themselves, including XXE, Server Side Template Injection, CSRF, Insecure Deserialization... But for example, in two weeks that I've been doing "mystery challenge" labs, I've only had a couple or three XSS labs and none of CORS, Clickjacking, Command Injection SSRF, among others. Also, quite often when I complete a lab and reload another Mystery Challenge, I get the lab I just completed and it loads as "completed" with the orange header. All the best!

Ben, PortSwigger Agent | Last updated: Jun 27, 2022 09:55AM UTC