Burp labs week 4: Errors in my methodology

Posted on May 24, 2020

Not as much progress compared to the previous week, both due the fact it was a busy week at work and because I tackled some more difficult labs:



Week 4

Which brings me to my first point. Once I started working on the Server-side template injection and HTTP request smuggling modules, the time I spent on a lab increased exponentially as the complexity of the labs increased too. A better methodology would be applying the timeframes used in my last post and applying them on a step by step basis since those labs tend to involve multiple steps, but even then reading the documentation necessary for server-side template injection can take you substantial amounts of time.

I've learned a lot and I'm still learning a lot. I'm currently avoiding the SQL Injections module as, frankly, I haven't seen a case of SQL Injection in the wild in years. There's enough variance between modules and individual labs to keep it fresh, but I am starting to feel like going back to HackTheBox or some of my other side projects. I'll keep going though, at this rate I should be done in the next 2 weeks and then I'll have a more substantial writeup on the lab experience and future projects. As always, writeups are available on my github page. Tired now.