sorry for the poll, I must have clicked on the wrong option when posting the thread. So i simply put something there in order to post it.  Any way I can remove it?

Thanks for the thorough response.  I guess I can assume the bottom line for the exam preparation is to focus to own the target within the given constraint(things like using metasploit once , ips in place and absence of access to certain tools, etc).  

By the way, I am just wondering, if there is a value to sit for the exam to see those constraints used in exam? I am not aim to pass it the first time but hopefully pass it sometime this year or next year.  For me I need to get this certificate to get my pentest career started(as per my last interviewer).

HI,

I understand that the oscp is designed to make us do the pentest without automated tool.  But is interception proxy (free version burp) or paros allow to be used in the challenges exam?  Or are we expected to manually test web application vulnerability via browser?  


Also, another question for the exam, do we get a similar set up like in the lap (where we get access to an xp machine) or more like actual blackbox pentest that we start with an ip address?