Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

Put your recon skills to the test

Try solving a random lab with the title and description hidden. As you'll be unaware of the type of vulnerability that you need to find and exploit, this is great for practicing recon and analysis.

In some of the labs, you have access to your own account with the credentials wiener:peter. If you can enumerate usernames, you may also be able to brute-force the login using the following username and password wordlists.



Learning about the impact of vulnerabilities, and how to exploit them of course, is a huge part of understanding web security. However, if you don't know how to look for and discover the vulnerabilities, you'll have nowhere to apply all those exploitation skills you've developed.

When using the mystery lab challenge above, you'll have to try and work out how to solve each challenge with no context, exactly as you would when performing recon in a real-world testing environment.


You will need to complete five practitioner-level mystery lab challenges as part of preparing for the Burp Suite Certified Practitioner exam. Visit your account dashboard to check your progress.