Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Several labs not completing even though exact steps were followed

Matthew | Last updated: May 19, 2021 11:57AM UTC

I have been following the recommended learning path. I am now at a point within the XSS section (and onwards) where none of the labs are completing/solving, despite following the exact steps listed under the solution tab or within the community solution videos. The labs that are causing issue are any of the ones involving storing an XSS script tag within a message body in the exploit server, storing the message, and "delivering" the exploit to the victim. Nothing happens, even though I follow the steps exactly as described or shown. I've decided to move on from the XSS labs and have started with the CSRF labs, but I'm running into the same issue (I just attempted the CSRF vulnerability with no defenses lab). Is anyone else having similar issues?

Uthman, PortSwigger Agent | Last updated: May 20, 2021 09:14AM UTC

Hi Matthew, Can you share links to a few of the labs you are facing issues with?

Matthew | Last updated: May 26, 2021 01:05PM UTC

Sorry for the late response. Here are several of the labs that will not "solve" for me: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-html-context-with-most-tags-and-attributes-blocked https://portswigger.net/web-security/cross-site-scripting/contexts/lab-html-context-with-all-standard-tags-blocked https://portswigger.net/web-security/cross-site-scripting/contexts/angularjs-sandbox/lab-angular-sandbox-escape-and-csp https://portswigger.net/web-security/csrf/lab-no-defenses It's pretty much all of the labs that require you to "store and deliver" the exploit on the exploit server.

Uthman, PortSwigger Agent | Last updated: May 26, 2021 01:19PM UTC

Thanks, Matthew. I have just tested all the solutions and the labs are being marked as solved. Are you replacing your lab ID with the ID of your lab? Or the ID of your exploit server? If you still think a bug exists, please send an email to support@portswigger.net with screen recordings of your attempts to complete the labs.

Saksham | Last updated: Jul 27, 2024 07:28AM UTC

i am unable to solve the llm lab even after doing all the exact same steps

Saksham | Last updated: Jul 27, 2024 07:29AM UTC

link to lab- https://portswigger.net/web-security/learning-paths/llm-attacks/llm-attacks-indirect-prompt-injection/llm-attacks/lab-indirect-prompt-injection#

Ben, PortSwigger Agent | Last updated: Jul 29, 2024 07:28AM UTC

Hi, I have just run through this particular lab and was able to solve it using the solution provided so it does appear to be working as expected. Are you able to provide us with some specific details of the steps that you are carrying out so that we can see exactly what you are doing?

d3rb1n | Last updated: Sep 04, 2024 01:16AM UTC

I can confirm this problem still exists with this lab: https://portswigger.net/web-security/learning-paths/llm-attacks/llm-attacks-indirect-prompt-injection/llm-attacks/lab-indirect-prompt-injection# The key to solving it is "waiting for carlos to log in and ask the LLM a question", but according to the logs, carlos never logs in - ever. In case it wasn't in the logs, I'd still let the exploit sit for :10 minutes and still nothing. Do we need to do something to trigger carlos to login?

d3rb1n | Last updated: Sep 04, 2024 01:17AM UTC

Nevermind. There isn't anything in the logs, but if you wait ~:15 minutes the lab gets silently marked as Completed.

Ben, PortSwigger Agent | Last updated: Sep 04, 2024 06:39AM UTC

Hi, We are currently experiencing some issues with the Web Academy environment that might be impacting the timing of certain attacks and how the 'victim' user visits the site. We are currently investigating this.

Ali | Last updated: Sep 24, 2024 09:36PM UTC

Hello, I just want to confirm that I am experiencing the same issues on some XSS labs where I have been able to exploit the labs however do not get the completed banner This room as an example: https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded

Ben, PortSwigger Agent | Last updated: Sep 25, 2024 04:44PM UTC