Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Username enumeration via account lock

Varun | Last updated: Jul 06, 2020 03:43PM UTC

Im getting session has locked out after every 400 requests(each time i tried its the same thing) so i tried to to use turbo intruder and while i am giving it a list of usernames it is printing unknown usernames and its going in to halted mode can anybody help me please

Varun | Last updated: Jul 06, 2020 03:43PM UTC

Im getting session has locked out after every 400 requests(each time i tried its the same thing) so i tried to to use turbo intruder and while i am giving it a list of usernames it is printing unknown usernames and its going in to halted mode can anybody help me please

Ben, PortSwigger Agent | Last updated: Jul 07, 2020 07:42AM UTC

Hi, Are you using Burp Community Edition when attempting this lab? If so, have you tried to split the supplied usernames into smaller lists (say groups of 25) in order to avoid some of the throttling that will occur when using Burp Intruder?

Advin | Last updated: Feb 21, 2021 09:06AM UTC

i've done the split but to 2 files of 50 usernames each. No timeout for the session. But there is another issue, all of the responses are identical...! all error messages are `Invalid username or password.` Am i doing something wrong or ...?

Ben, PortSwigger Agent | Last updated: Feb 22, 2021 12:11PM UTC