Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Basic clickjacking with CSRF token protection can't be solved

Mikaelvel | Last updated: Jun 17, 2023 05:58AM UTC

https://portswigger.net/web-security/clickjacking/lab-basic-csrf-protected I have tried with firefox and chrome.I am doing exactly what the solution says and I have also watched the community solutions.But none of them work because I am seeing the login page instead of my-account with this code: <style> iframe { position:relative; width:700; height: 500; opacity: 0.5; z-index: 2; } div { position:absolute; top:100; left:100; z-index: 1; } </style> <div>Test me</div> <iframe src="https://0aff00130496ab968015b72a004e0007.web-security-academy.net/my-account"></iframe> I suspect that the issue is that when I click on my account I see this url: https://0aff00130496ab968015b72a004e0007.web-security-academy.net/my-account?id=wiener maybe you can fix this by changing it to my-account instead of my-account=username.

Mikaelvel | Last updated: Jun 17, 2023 06:00AM UTC

I have the same problem with this lab: Clickjacking with form input data prefilled from a URL parameter

Dominyque, PortSwigger Agent | Last updated: Jun 19, 2023 02:01PM UTC

Hi I will test the lab to see if I can replicate the issues. I will get back to you once I have done this; thank you.

Dominyque, PortSwigger Agent | Last updated: Jun 20, 2023 07:02AM UTC

Hi I have tested the labs and confirmed that they work as they should. I did follow this video solution: https://www.youtube.com/watch?v=g6HJcNvTN1I The explanations were excellent and detailed.

Trabeast | Last updated: Oct 24, 2023 03:37PM UTC

no they're not working i been doing this for how many days and still not solving

Trabeast | Last updated: Oct 24, 2023 03:37PM UTC

no they're not working i been doing this for how many days and still not solving

Chim | Last updated: Oct 24, 2023 05:51PM UTC

I am having the same problem as well. It seems like if you are running the test many times, Burpsuite is storing some kind of persistent cookies and caches internally. If you restart Burpsuite and open in a new project, then it may work. My question is how to remove Burpsuite internal Browser cookies, caches, and histories.

Dominyque, PortSwigger Agent | Last updated: Oct 25, 2023 08:20AM UTC

Hi Chim Se Thank you for your question. You can remove/ clear the browser data if you navigate to Settings> Tools> Burp's browser. I have attached a screenshot to show where this setting is: https://snipboard.io/nCSj3L.jpg

Chim | Last updated: Oct 26, 2023 12:14AM UTC

I did tried that option before and it didn't work either. I also found a new bug for version 10.1.2. I have my Browser data saving in ~/Documents/... When I tried to remove the browser's data, it wipe out the whole Document directory. It actually removed the whole directory, not just the files inside it. I lost so many saved documents!

Dominyque, PortSwigger Agent | Last updated: Oct 26, 2023 08:22AM UTC

Hi Chim Se This is not a bug; it is intended functionality. We recommend that you only have browser data in the directory set for it. Pressing 'clear all' will clear everything in that folder.

Muhammad | Last updated: Sep 19, 2024 09:02AM UTC

I tried and have same issue

Dominyque, PortSwigger Agent | Last updated: Sep 19, 2024 09:21AM UTC

Hi Muhammad, Can you please confirm- is it the clickjacking lab that you are having issues with? If yes, can you please add the exploit script you used?

Arshia | Last updated: Oct 14, 2024 04:15PM UTC

I have the same problem. Everything is as the it should be but solve is not working.

Dominyque, PortSwigger Agent | Last updated: Oct 15, 2024 01:51PM UTC