W 600: Web Security Academy & Burp (20 pts)

What You Need


To sign up on the free Web Security Academy from Portswigger, which we'll use for projects.

Joining the Academy

Go to https://portswigger.net/web-security

Click the orange "Sign up" button.

Enter your email account and click the green Register button.

Check your email. Follow the instructions there to complete your registration.

When you first log in on the Portswigger page, you end at the "My account" page.

At the top right, click Academy.

Flag W 600.1: Word (10 pts)

You see a page showing your accomplishment on the PortSwigger Web Security Academy.

The flag is the word covered by a green rectangle in the image below.

Installing Burp

Go to https://portswigger.net/burp/communitydownload

Download Burp Suite Community Edition. Install it.

If you have problems, consult this page for more tips:


Running Burp's Browser

Launch Burp.

At the Welcome page, accept the default selection of "Temporary project" and click Next.

On the next page, accept the default selection of "Use Burp defaults" and click "Start Burp".

Burp opens on the Dashboard tab. Click the Proxy tab.

Click the "Intercept is on" button, so it changes to "Intercept is off", as shown below.

Click the "Open Browser" button.

In the Browser, go to:


as shown below.

Flag W 600.2: HTTP history (10 pts)

In Burp, on the Proxy tab, click the "HTTP history" sub-tab.

Click the GET request that loaded the flag.php page. The Response contains the flag, covered by a green rectangle in the image below.

Viewing the Labs

In the PortSwigger Web Security Academy page, in the "Learning materials" section click the "VIEW ALL" button.

You see a list of topics, as shown below.

You can do these in any order, but I recommend starting with these ones because they are easier:

The PortSwigger system will track your progress. Each completed lab is worth 10 points. For example, when I took the image below, I had completed 67 labs for a total of 670 points.

Scoring Web Security Academy Labs for Texas Working Connections

In Burp's browser, while logged in to the Web Security Academy, load this page:


In Burp, on the Proxy tab, click the "HTTP history" sub-tab.

Click the GET request shown below. Copy the session cookie, highlighted in the image below. Paste that cookie into the form below to record your points.

Enter Flag


Submitting Projects in Canvas

Take a full-desktop image of the "Track your progress" box each week and submit it in Canvas so we can track your progress.

Posted 12-31-2020
Canvas instructions modified 2-9-22
Scoring for Texas Working Connections added 7-18-23