Burp Suite User Forum

Login to post

Regarding the completion requirements of blind SQLi OAST labs

Xotheus | Last updated: Sep 10, 2022 11:33AM UTC

Hello, I've been going through the blind SQLi section and reached the OAST labs. However, I don't own the professional version of Burp Suite (yet). I believe it'd be educationally valuable if the exercise's completion criterea would change such that it detects any sort of valid DNS request being sent (e.g a "simulated" function / mock / etc..). Even if it's blocked afterwards / no actual DNS request being actually sent. When combined with server-side content inspection, the "simulated" DNS request should be adequate to prove the solution is correct. I know there might be no merit in responding to such request. But I am taking the learning path rather enthusiastically and would've been glad to be able to see all of the labs through :) Thank you, Xotheus

Xotheus | Last updated: Sep 10, 2022 11:34AM UTC

Related to https://forum.portswigger.net/thread/temporary-access-to-burp-collaborator-b3fca550

Michelle, PortSwigger Agent | Last updated: Sep 12, 2022 02:47PM UTC

Thanks for the feedback. As we mentioned before, if you have a work email address, one option would be to save up all the labs that need Burp Suite Professional and then request a trial license. You can use that then to complete the labs and get an understanding of the additional features Professional contains.

You need to Log in to post a reply. Or register here, for free.