Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Chrome's Dom Invader buggy on sites protected by recaptcha

slicingmelon | Last updated: Oct 11, 2022 01:20PM UTC

Hello, I am trying to use Dom Invader in order to find DOM XSS vulnerabilities on a website that is protected by google recaptcha. As soon as I enable DOM invader, I am getting logged out and when I try to log in it won't work, it has something to do with google's recaptcha. Without DOM Invader, it works fine. Is there anything I could do in this regard? Thank you!

Liam, PortSwigger Agent | Last updated: Oct 12, 2022 06:25AM UTC

Thanks for your message. Is the application publicly accessible? If so, could you provide us with access?

slicingmelon | Last updated: Oct 12, 2022 10:47AM UTC

Hello Liam, unfortunately, it is not publicly accessible. I can tell you that the error is "Could not connect to the reCAPTCHA service. Please check your internet connection and reload to get a reCAPTCHA challenge." Regards

Liam, PortSwigger Agent | Last updated: Oct 12, 2022 01:27PM UTC

If you turn Postmessage interception to OFF in the DOM Invader settings, do you see an improvement?

slicingmelon | Last updated: Oct 24, 2022 02:00PM UTC

Hello Liam, sorry for the late reply. Yep, with DOM Invader OFF, it works, still being on the chromium browser. As soon as I turn DOM Invader ON, I can't use the webapp any more. // UPDATE Now I've noticed that only the Login is broken, aka I can't log in while having DOM Invader ON, it still, seems to be an issue related to recaptcha. So for now I turn off DOM Invader during login, then I turn it back on.

Liam, PortSwigger Agent | Last updated: Oct 25, 2022 10:12AM UTC