Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp proxy incompatibility with 'deliver exploit to victim' labs

noop | Last updated: Mar 30, 2020 10:33AM UTC

I've tried several of the CORS, DOM-based vulnerabilities and Web Cache Poisoning labs that require you to click the 'Deliver exploit to victim' in the Exploit server but has never worked when in Firefox v74.0 while proxying requests to Burp Suite Community Edition v2020.2.1. (I'm on Mac OSX v10.14.6) I suspect the proxying through Burp is omitting something needed for this to work but cannot determine what exactly. As an example, see: https://portswigger.net/web-security/cors/lab-basic-origin-reflection-attack

noop | Last updated: Mar 30, 2020 01:39PM UTC

Based on my other post, I suspect this is because Param Miner but not entirely sure why the dynamic cache buster would break this. https://forum.portswigger.net/thread/-a-cache-hit-for-a-redirect-db00254a

Liam, PortSwigger Agent | Last updated: Mar 30, 2020 02:24PM UTC

Have you tried using Chrome? Are you experiencing this issue across various browsers?

Krause | Last updated: Jul 23, 2020 09:58PM UTC

Yes. I am using Chrome. And yes, Param Miner interferes with lab work

Liam, PortSwigger Agent | Last updated: Jul 24, 2020 08:53AM UTC