Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Query Regarding Performance Issue in XSS labs

Mohammed | Last updated: May 02, 2024 04:26PM UTC

Dear Team and members, I hope this message finds you well. I am reaching out regarding a performance issue I have encountered while using Burp Suite Professional in Lab Reflected XSS into HTML context with all tags blocked except custom ones and Lab Reflected XSS with event handlers and href attributes blocked. Despite multiple attempts and restarting all components, I am experiencing significant delays when using the Intruder tool to test for tags. Specifically, when conducting tag testing with Intruder, the response time is unusually long, with the "response received" metric indicating a value of 71917. This extended delay is persistent and occurs consistently across multiple attempts and after system reboots. Given the criticality of efficient testing workflows, I wanted to inquire whether such delays are expected in these labs or if there might be an underlying issue causing this prolonged response time. I have thoroughly reviewed my setup and ensured that all configurations are accurate. However, despite these efforts, the performance issue persists. Could you please provide insights or guidance on how to address this matter? Any assistance or recommendations you can offer to improve performance and resolve this issue would be greatly appreciated. Thank you for your attention to this matter. I look forward to your response and assistance. Best regards,

Ben, PortSwigger Agent | Last updated: May 03, 2024 01:05PM UTC

Hi Mohammed, This would be a limitation in the labs themselves. Does the following lab, which is designed to be used with Intruder, respond in a more timely fashion: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-some-svg-markup-allowed

Mohammed | Last updated: May 03, 2024 07:02PM UTC

Hello Ben, I wanted to update you on the issue we discussed earlier. The time response seems to be consistently high, reaching up to 15626. I recall completing this lab previously without encountering such delays. However, since I posted my previous message, I've noticed that any tests involving the Intruder tool, particularly in the XSS section, are taking significantly longer than usual. Best regards

Ben, PortSwigger Agent | Last updated: May 07, 2024 08:36AM UTC

Hi Mohammed, That kind of time for running this particular attack is not the behaviour that I am seeing. Is there anything in your environment that might account for the delays that you are seeing?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.