Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

problems with this lab

Philip | Last updated: Oct 27, 2021 06:51PM UTC

Hi - I've been having a number of problems with this lab. First time I followed the steps from the video. When I got to step 5, I changed the HTTP header to an arbitrary value as prompted in the solution (see below). I then pressed send in Burp repeater and I got a 400 (invalid token) response rather than 200. I followed the steps exactly as in the video and tried multiple times but kept getting the 400. Do you know why? POST /forgot-password?temp-forgot-password-token=Szd6QMUmFbDZJQ4H3aXnmUlsImrKZauZ HTTP/1.1 Host: 123abc Cookie: _lab=47%7cMC0CFGWpWiWVB%2fO6%2fGCUrhETh5Ah7%2f1BAhUAgtYXe0rMtIxYeVBJGVcatosEiegB8K3OxbYYhCjbI5y57PCkHVd7PncpIqpA2LP78Mpa7ZeIYGzQaE9RTh3H39pvTzDqhpRvWatvGeSEZlegpHZLZuB8DnmEavP8sqIPeiWd%2fOF6d5rc; session=0Dwqdnf1BaI2f65eacXEdW0OiTKxoBAp Content-Length: 139

Philip | Last updated: Oct 27, 2021 07:42PM UTC

Sorry - this is the basic password reset poisoning lab. Another problem I'm having with it is that when I try to re-do the lab, I click on Account, then click on Reset password, then I get a message saying to check email - I click the exploit server, then the email client, and there's no email in there; no reset password link. Nothing.

Liam, PortSwigger Agent | Last updated: Oct 28, 2021 07:45AM UTC

Hi Philip. The labs are passing in our testing. Are you having any issues with the other labs?

Philip | Last updated: Oct 28, 2021 10:00PM UTC

I managed to get it to work after logging out, rebooting, clearing cache and waiting some time. Not sure what the issue was. May have been a temporary glitch. I did find something similar with the email client on one other lab, though that seemed to rectify itself more quickly and I can't recall which lab. Seems OK now though.

Liam, PortSwigger Agent | Last updated: Oct 29, 2021 09:14AM UTC

Thanks for letting us know.

Tyla | Last updated: Jul 04, 2024 04:00AM UTC

having an issue with this lab, when checking the temp token in exploit log i get the token but it also has 404 and not 302 , when i append token to reset password link it takes me back to my own log in and not carlos ?

Tyla | Last updated: Jul 04, 2024 04:06AM UTC

10.0.4.158 2024-07-04 04:04:12 +0000 "GET /forgot-password?temp-forgot-password-token=ulq7s8bznrjhwsyv1a0wlybwi8s3koe8 HTTP/1.1" 404 "user-agent: Mozilla/5.0 (Victim) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"

Michelle, PortSwigger Agent | Last updated: Jul 04, 2024 12:54PM UTC