Burp Suite User Forum

Login to post

Burp proxy incompatibility with 'deliver exploit to victim' labs

noop | Last updated: Mar 30, 2020 10:33AM UTC

I've tried several of the CORS, DOM-based vulnerabilities and Web Cache Poisoning labs that require you to click the 'Deliver exploit to victim' in the Exploit server but has never worked when in Firefox v74.0 while proxying requests to Burp Suite Community Edition v2020.2.1. (I'm on Mac OSX v10.14.6) I suspect the proxying through Burp is omitting something needed for this to work but cannot determine what exactly. As an example, see: https://portswigger.net/web-security/cors/lab-basic-origin-reflection-attack

noop | Last updated: Mar 30, 2020 01:39PM UTC

Based on my other post, I suspect this is because Param Miner but not entirely sure why the dynamic cache buster would break this. https://forum.portswigger.net/thread/-a-cache-hit-for-a-redirect-db00254a

Liam, PortSwigger Agent | Last updated: Mar 30, 2020 02:24PM UTC

Have you tried using Chrome? Are you experiencing this issue across various browsers?

Krause | Last updated: Jul 23, 2020 09:58PM UTC

Yes. I am using Chrome. And yes, Param Miner interferes with lab work

Liam, PortSwigger Agent | Last updated: Jul 24, 2020 08:53AM UTC

If you enable the static or dynamic cachebuster option it might affect certain labs. We'd recommend disabling this extension in this scenario.

You need to Log in to post a reply. Or register here, for free.