Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

1st Academy Click Jacking lesson

David | Last updated: Jun 03, 2024 07:28PM UTC

When doing the initial click jack lab the exploit sever view isn't the same as what's described. When using the https://0a3e0068041332ff820d5100003a00a8.web-security-academy.net/my-account. the exploit view is showing the login screen even though i've logged in on the regular site. I'm stuck at a login screen in the exploit view. Attempting to login proclaims CSRF protection do I need to do those labs first?

Ben, PortSwigger Agent | Last updated: Jun 04, 2024 06:45AM UTC

Hi David, Are you using the embedded browser when you attempt this particular lab? If so, if you use a normal version of Chrome does this then work for you and allow you to use both the 'View exploit' and 'Deliver exploit to victim' functionality successfully?

David | Last updated: Jun 04, 2024 07:54PM UTC

I've tried chrome, fire fox, and the Burpsuite chromium based browser Same "issue" exists in the other CSRF protected click jacking lab (5th). I login per the solution documentation then access the exploit server. update the URL on the exploit server to my lab url/account as is suggested in written solution/video walkthroughs but my view of the exploit is stuck on the login prompt as if I never logged in.

Ben, PortSwigger Agent | Last updated: Jun 05, 2024 06:34AM UTC

Hi David, Are you able to provide us with some details of what your exploit looks like and a screenshot of what you see when you attempt to view the exploit? There are currently some issues with the Clickjacking labs when using the embedded browser but using a standard version of Chrome should allow you to still solve these labs so it would be useful to get some more information from you about exactly what you are doing and seeing.

Ben, PortSwigger Agent | Last updated: Jun 05, 2024 06:35AM UTC