Mystery lab challenge
Try solving a random lab with the title and description hidden. As you'll have no prior knowledge of the type of vulnerability that you need to find and exploit, this is great for practicing recon and analysis before taking your Burp Suite Certified Practitioner exam.
In some of the labs, you have access to your own account with the credentials
wiener:peter. If you can enumerate usernames, you may also be able to brute-force the login using the following username and password lists.
XML external entity (XXE) injection
Server-side request forgery (SSRF)
HTTP request smuggling
OS command injection
Server-side template injection
Access control vulnerabilities
Web cache poisoning
Business logic vulnerabilities
File upload vulnerabilities