1.3 Challenge Exercise | Burp Suite Basics

Career Paths Penetration Tester
1

Hi,

I’m currently working on the 1.3 Challenge Exercise in the Burp Suite Basics course and am having trouble finding the flag in the secret note. Here’s what I’ve done so far:

  1. I created a public note (studentnote) and monitored the API requests using Burp Suite.
  2. I updated the note and identified the /api/v2/notes/studentnote endpoint.
  3. I can see all my stored notes, including some with _id values and one named “whoami.” However, I’m not sure how to retrieve the flag from the secret note.
  4. I tried using Burp Repeater to access notes by manipulating the _id values, but I haven’t found a response containing the flag.
2

Hey @AwakeTern6925,

I’ve updated the Challenge prompts so that they do a better job of pushing you in the right direction. Take another gander; I suspect it will resolve most/all of your confusion.

Otherwise, I’ve also responded to a similar post here, which may help you out: Burp Suite Basics Lab - #5 by raggetd

Happy hacking!

1 Like