Burp Suite User Forum

Burp suite shows error codes instead of meaningful result.

Hongchul | Last updated: Nov 26, 2019 02:36AM UTC

Hi team, I am using burp suite v2.1.05. Regarding the result that burp suite showed about Cookie manipulation (DOM-based), I would like to ask you what it means below: Because I can't find any cookie manipulation related code from my source code. Dynamic analysis Data is read from input.value and passed to document.cookie. The source element has id tenantName and name tenantName. The following value was injected into the source: The previous value reached the sink as: mv8uyuuhlh%2527%2522`'"/mv8uyuuhlh/><mv8uyuuhlh/\>x5m89uq3t6&-fido2login=false; path=/; expires=Tue, 26 Nov 2019 18:48:25 GMT; The stack trace at the source was: at Object.FjTfo (<anonymous>:1:319569) at Object.ymznZ (<anonymous>:1:681627) at HTMLInputElement.get (<anonymous>:1:686561) at HTMLInputElement.get [as value] (<anonymous>:1:787041) at Object.val (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:68704) at Object.a.fn.val (https://https://{domain name}:{port}/{context root}/lib/js/aui/aui-widgets-1.11.1.min.js:3:31956) at passwordLogin (https://{domain name}:{port}/{context root}/:352:36) at doLogin (https://https://{domain name}:{port}/{context root}/:329:13) at HTMLInputElement.<anonymous> (https://{domain name}:{port}/{context root}/:272:13) at HTMLInputElement.dispatch (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:42571) at HTMLInputElement.v.handle (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:40572) at _0x27baa0 (<anonymous>:1:884672) at Object.pyhcP (<anonymous>:1:345450) at _0x24df34 (<anonymous>:1:895368) The stack trace at the sink was: at Object.hNlNt (<anonymous>:1:337090) at Object.tJcyh (<anonymous>:1:872853) at HTMLDocument.Object.<computed>.set (<anonymous>:1:873868) at setCookie (https://{domain name}:{port}/{context root}/fido/js/util/fidoUtil.js:862:21) at passwordLogin (https://{domain name}:{port}/{context root}/:352:9) at doLogin (https://{domain name}:{port}/{context root}/:329:13) at HTMLInputElement.<anonymous> (https://{domain name}:{port}/{context root}/:272:13) at HTMLInputElement.dispatch (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:42571) at HTMLInputElement.v.handle (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:40572) at _0x27baa0 (<anonymous>:1:884672) at Object.pyhcP (<anonymous>:1:345450) at _0x24df34 (<anonymous>:1:895368) This was triggered by a keypress event on an element with an id of username and a name of username with the following HTML: <input type="text" id="username" name="username" tabindex="1" height="50px" class="sign_input" place

Michelle, PortSwigger Agent | Last updated: Nov 26, 2019 11:23AM UTC

Hi To help us understand your issue could you email us the full issue detail from Burp Suite to support@portswigger.net.

You need to Log in to post a reply. Or register here, for free.