Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Practice Exam

Brad | Last updated: Aug 01, 2021 05:05PM UTC

Hello, I have worked my way through a good portion of the labs. I also use Burp Suite Pro and have attempted the practice exam a few times. My question is how do I utilize pro to the fullest because I cannot find the vector to exploit for the practice exam? I have tried to use all the functionality. I.E. Find comments, active scan, brute force with username/password lists, and tons more. I feel like the paid version would at least find a possible vector and then it would be on the practitioner to tailor exploits to potential findings but it really doesn't flag on much. Any guidance would be appreciated.

Michelle, PortSwigger Agent | Last updated: Aug 02, 2021 07:39AM UTC

Hi Thanks for your message. I'm afraid we can't give too many hints on how to solve the practice exam as we want it to be as realistic as possible to give you a guide for when to take the actual exam. If you've not been through all the labs yet, it's probably worth having a look through the remaining ones and also revisiting some of the ones you've already completed. Keep trying, we're sure you'll spot the missing piece of the jigsaw soon :-)

Dave | Last updated: Aug 10, 2021 09:34PM UTC

I seem to be in the same boat as the OP. Brute-force unsuccessful, no cookies to speak of, and no injection points found. There is only so much to poke at. The sad part is I finished all of the Academy labs and am stuck at App 1. Guess who isn't taking the real exam? :D

Uthman, PortSwigger Agent | Last updated: Aug 11, 2021 01:15PM UTC

Hi Dave, The first one may be difficult but you will need to use a range of skills (attained from completing the labs). If you need to redo the labs a few more times to get some ideas, please do that! Don't give up. :D

Brad | Last updated: Aug 23, 2021 02:35AM UTC

Making my way through the practice exam without no reference to go on. How come burp pro doesnt highlight any potential vectors. I understand this is suppose to be as real as possible then what is the point of the scanner? Also, for the 3rd section, is it /home/carlos/secret or /home/carlos/secret.txt? Does this mean someing :"My name is Carlos Montoya. You killed my father. Prepare to die.t.PThe Web Application Hacker's Handbook: Discovering and Exploiting Security Flawst..orange" I am a big fan of The Princess Bride and the Hackers handbook. Still trying to figure out how the solution is submitted

Uthman, PortSwigger Agent | Last updated: Aug 23, 2021 10:05AM UTC

Hi Bradford, Please see the links below to understand how to prepare for the exam: - https://portswigger.net/web-security/certification/how-to-prepare Unfortunately, we do not provide any hints in terms of what to attack or what attack to perform since the exam is designed to be challenging. If you go through the Web Security Academy, you should get quite a few ideas on what you could try. /home/carlos/secret is where you will need to read the contents of (https://portswigger.net/web-security/certification/how-it-works#taking-the-exam)

Quynh, | Last updated: Nov 13, 2021 05:56PM UTC

Me too. Stop at app1. No clue.

Sarthak | Last updated: Dec 06, 2021 07:48AM UTC

Hello, Can we use third party automated exploitation tools like sqlmap in the burpsuite certified practitioner exam? What tools are allowed to used in the exam? Thanks

Sarthak | Last updated: Dec 06, 2021 07:48AM UTC

Hello, Can we use third party automated exploitation tools like sqlmap in the burpsuite certified practitioner exam? What tools are allowed to used in the exam? Thanks

Uthman, PortSwigger Agent | Last updated: Dec 06, 2021 10:56AM UTC

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.