Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

problems with this lab

Philip | Last updated: Oct 27, 2021 06:51PM UTC

Hi - I've been having a number of problems with this lab. First time I followed the steps from the video. When I got to step 5, I changed the HTTP header to an arbitrary value as prompted in the solution (see below). I then pressed send in Burp repeater and I got a 400 (invalid token) response rather than 200. I followed the steps exactly as in the video and tried multiple times but kept getting the 400. Do you know why? POST /forgot-password?temp-forgot-password-token=Szd6QMUmFbDZJQ4H3aXnmUlsImrKZauZ HTTP/1.1 Host: 123abc Cookie: _lab=47%7cMC0CFGWpWiWVB%2fO6%2fGCUrhETh5Ah7%2f1BAhUAgtYXe0rMtIxYeVBJGVcatosEiegB8K3OxbYYhCjbI5y57PCkHVd7PncpIqpA2LP78Mpa7ZeIYGzQaE9RTh3H39pvTzDqhpRvWatvGeSEZlegpHZLZuB8DnmEavP8sqIPeiWd%2fOF6d5rc; session=0Dwqdnf1BaI2f65eacXEdW0OiTKxoBAp Content-Length: 139

Philip | Last updated: Oct 27, 2021 07:42PM UTC

Sorry - this is the basic password reset poisoning lab. Another problem I'm having with it is that when I try to re-do the lab, I click on Account, then click on Reset password, then I get a message saying to check email - I click the exploit server, then the email client, and there's no email in there; no reset password link. Nothing.

Liam, PortSwigger Agent | Last updated: Oct 28, 2021 07:45AM UTC

Hi Philip. The labs are passing in our testing. Are you having any issues with the other labs?

Philip | Last updated: Oct 28, 2021 10:00PM UTC

I managed to get it to work after logging out, rebooting, clearing cache and waiting some time. Not sure what the issue was. May have been a temporary glitch. I did find something similar with the email client on one other lab, though that seemed to rectify itself more quickly and I can't recall which lab. Seems OK now though.

Liam, PortSwigger Agent | Last updated: Oct 29, 2021 09:14AM UTC

Thanks for letting us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.