Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp suite shows error codes instead of meaningful result.

Hongchul | Last updated: Nov 26, 2019 02:36AM UTC

Hi team, I am using burp suite v2.1.05. Regarding the result that burp suite showed about Cookie manipulation (DOM-based), I would like to ask you what it means below: Because I can't find any cookie manipulation related code from my source code. Dynamic analysis Data is read from input.value and passed to document.cookie. The source element has id tenantName and name tenantName. The following value was injected into the source: The previous value reached the sink as: mv8uyuuhlh%2527%2522`'"/mv8uyuuhlh/><mv8uyuuhlh/\>x5m89uq3t6&-fido2login=false; path=/; expires=Tue, 26 Nov 2019 18:48:25 GMT; The stack trace at the source was: at Object.FjTfo (<anonymous>:1:319569) at Object.ymznZ (<anonymous>:1:681627) at HTMLInputElement.get (<anonymous>:1:686561) at HTMLInputElement.get [as value] (<anonymous>:1:787041) at Object.val (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:68704) at Object.a.fn.val (https://https://{domain name}:{port}/{context root}/lib/js/aui/aui-widgets-1.11.1.min.js:3:31956) at passwordLogin (https://{domain name}:{port}/{context root}/:352:36) at doLogin (https://https://{domain name}:{port}/{context root}/:329:13) at HTMLInputElement.<anonymous> (https://{domain name}:{port}/{context root}/:272:13) at HTMLInputElement.dispatch (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:42571) at HTMLInputElement.v.handle (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:40572) at _0x27baa0 (<anonymous>:1:884672) at Object.pyhcP (<anonymous>:1:345450) at _0x24df34 (<anonymous>:1:895368) The stack trace at the sink was: at Object.hNlNt (<anonymous>:1:337090) at Object.tJcyh (<anonymous>:1:872853) at HTMLDocument.Object.<computed>.set (<anonymous>:1:873868) at setCookie (https://{domain name}:{port}/{context root}/fido/js/util/fidoUtil.js:862:21) at passwordLogin (https://{domain name}:{port}/{context root}/:352:9) at doLogin (https://{domain name}:{port}/{context root}/:329:13) at HTMLInputElement.<anonymous> (https://{domain name}:{port}/{context root}/:272:13) at HTMLInputElement.dispatch (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:42571) at HTMLInputElement.v.handle (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:40572) at _0x27baa0 (<anonymous>:1:884672) at Object.pyhcP (<anonymous>:1:345450) at _0x24df34 (<anonymous>:1:895368) This was triggered by a keypress event on an element with an id of username and a name of username with the following HTML: <input type="text" id="username" name="username" tabindex="1" height="50px" class="sign_input" place

Michelle, PortSwigger Agent | Last updated: Nov 26, 2019 11:23AM UTC