Burp Suite User Forum

Login to post

Web Security Academy

Toufiq | Last updated: May 13, 2020 10:37AM UTC

I am learning how to perform blind SQL injection in Web Security Academy Labs, in some of them i need to retrieve administrator's password which is "20" character long and doing it manually(using intruder) is not fine. I takes approx half hour to complete one such lab in Burp Suite Community Edition command there are three of them. So can you please reduce the password character to 5 or 6. I kindly request you to look into this matter. PS: Your Web Security Academy is amazing and I got to learn many things up till now and Thank you for your time.

Ben, PortSwigger Agent | Last updated: May 13, 2020 12:35PM UTC

Hi, Thank you for the great feedback! Unfortunately, when we added the Authentication Web Academy topic we had to make a central change to the length of passwords being used. This affected the length of passwords being used in the other labs as well (including the SQL injection labs that you have mentioned).

Jaak | Last updated: Jun 17, 2022 09:27PM UTC

Although the labs are there so that you get used to working with burp, you could also write a script that sends the requests. If you have completed one lab with burp community edition, you pretty much know how to use burp. Assuming you can program a little, you could write a script that performs blind sql injections and gets you the flag step by step for the remaining labs. Also a great way to learn i think.

You need to Log in to post a reply. Or register here, for free.