Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Slow lab response times

Jesse | Last updated: Nov 27, 2023 09:00AM UTC

The lab 'Lab: Reflected XSS with event handlers and href attributes blocked' (https://portswigger.net/web-security/cross-site-scripting/contexts/lab-event-handlers-and-href-attributes-blocked) seems to be responding very slow and is pretty much unworkable at the moment. I've done several other XSS labs today which were fine, it seems it's just this lab that's acting up. Below are the slowest of the response received (col 4) / response completed (col 5) times of the intruder run: 37 del 200 85012 85054 false false 33 custom tags 85008 85049 false false 41 dir 200 79993 80036 false false 38 details 200 75008 75049 false false 34 data 200 75006 75049 false false 48 fieldset 70007 70049 false false 42 div 200 69962 69962 false false 44 dt 200 69959 70001 false false 7 animatemotion 65049 65090 false false 29 col 200 65016 65016 false false 35 datalist 65013 65055 false false 39 dfn 200 65008 65008 false false 52 footer 200 65007 65051 false false 56 h1 200 65006 65006 false false 13 audio 200 65003 65045 false false 25 caption 200 65003 65044 false false 17 bdo 200 64961 65004 false false 21 body 200 64956 65000 false false

Jesse | Last updated: Nov 27, 2023 09:03AM UTC

Since that formatting did not really work out, here's the top values from just the received/completed columns. (Currently intruder is still going after about 5-10 minutes now) Received - Completed 85012 85054 85008 85049 79993 80036 75008 75049 75006 75049 70007 70049 70003 70045 69962 69962 69959 70001 65049 65090 65016 65016 65013 65055 65008 65008 65007 65051 65007 65007 65006 65006 65004 65048 65004 65048 65004 65004 65003 65045 65003 65044 65002 65002 65000 65000 64969 65011 64968 64968 64964 65006 64962 65003 64961 65004 64956 65000 59965 59965 59963 60004

Ben, PortSwigger Agent | Last updated: Nov 27, 2023 05:31PM UTC

Hi Jesse, Just to clarify, what Intruder attack are you running within this lab? Are you using the Burp Professional or Burp Community edition to carry out the Intruder attack?

Jesse | Last updated: Nov 28, 2023 12:49PM UTC

Burp Professional with a Sniper Intruder attack using the XSS cheatsheet tags as payload.

Ben, PortSwigger Agent | Last updated: Nov 29, 2023 08:43AM UTC

Hi Jesse, Out of interest, what resource pool settings are you using when you carry out this attack? If you create a custom resource pool with the maximum concurrent requests set to 1, do you see an improvement in the speed?

Jesse | Last updated: Dec 07, 2023 01:37PM UTC

It's been a while so I don't know for sure but I think I just used the default resource pool. Will check using the max concurrent requests on 1 and get back to you.

whiteTea | Last updated: Mar 20, 2024 05:57PM UTC

Hello Team, I also have the experience with some labs that the response time takes a long time. Of course, I am grateful that these offers exist so that you can practise. Unfortunately, sometimes the response times are so long that a simple GET call takes i.e. 1 minute. I'm talking about a normal call to the homepage of the built lab. I have also tried different browsers, but same result. I am currently noticing this with the smuggling lab "HTTP/2 request smuggling via CRLF injection". Do you have an explanation for me so that I can better classify the behaviour or a tip on what I could possibly do?

whiteTea | Last updated: Mar 20, 2024 08:08PM UTC

Edit: The slow response times are also the same for other lab topics. Just tried SSTI - server site template injection. The times are too long to pentest properly. Some OS Command Injection Labs also had longer response times (but not all), but at least I was able to pentest the OS command labs quickly. Please help

Ben, PortSwigger Agent | Last updated: Mar 21, 2024 08:59AM UTC

Hi, Out of interest, is this still an issue as of right now today?

whiteTea | Last updated: Mar 21, 2024 12:05PM UTC

Seems it's working. Do you have a guess as to what it could be? So if something like this happens again in the future, can I do something myself? Or were the labs perhaps overloaded yesterday?

Ben, PortSwigger Agent | Last updated: Mar 22, 2024 08:51AM UTC

Hi, Unfortunately, we had a general performance issue with the lab environments on the 20th March which would have led to you experiencing some delayed response and general issues. So this was an issue on our side and there would not have been anything that you could have done to circumvent these issues.

Trần | Last updated: Apr 25, 2024 05:57PM UTC

Hi, The response time for the CSRF and XSS lab exercises is very slow. I'm using Burp Free, but those lab exercises are much slower than usual. I'd like to ask for suggestions on how to fix this. Thank you!

Ben, PortSwigger Agent | Last updated: Apr 26, 2024 07:11AM UTC

Hi, Is it only these labs that you are having issues with? Is this when you are proxying your traffic through Burp or simply accessing the sites via a normal, unproxied browser? We are not aware of any general performance issues at this time so it would be good to get some more information from you about the above.

Aakash | Last updated: May 16, 2024 06:22PM UTC

Blind sql injection labs are very slow

Ben, PortSwigger Agent | Last updated: May 17, 2024 08:09AM UTC

Hi Aakash, We are aware of some issues with the lab environment that have resulted in degraded performance - we have now put in place some measures to improve this. Are you able to confirm whether you are still seeing these issues as of right now?

whiteTea | Last updated: Jun 01, 2024 04:57PM UTC

Same problem here with different labs, different topics. Just to load the homepage or put some products in the cart needs 10-20 second (or timeout). =/

Cristian | Last updated: Jun 01, 2024 06:23PM UTC

Same problem here at "Lab: Blind SQL injection with conditional responses". I thought it was because i was using bs free and i made a python script to do bruteforce part, but the response time is huge. It never ends and stops working when some time passes. Best regards,

Ben, PortSwigger Agent | Last updated: Jun 03, 2024 08:04AM UTC