Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

ClickJacking labs remain as not solved

Antonio | Last updated: Feb 01, 2022 12:08AM UTC

Hi PortSwigger Team, Even after completing more times "Basic clickjacking with CSRF token protection" and "Clickjacking with form input data prefilled from a URL parameter" labs, they are showing as not solved. I just started doing labs and I followed the steps outlined in the solution, but the labs remain as unsolved. Please help me. Thanks and best regards.

Michelle, PortSwigger Agent | Last updated: Feb 01, 2022 02:26PM UTC

Thanks for your message. We don't have any issues currently reported for these labs and have been able to solve them. When you clicked 'Store' and then used 'View Exploit' for the lab 'Basic clickjacking with CSRF token protection' did the elements line up correctly? If you'd like to share some details and screenshots of the steps you took, feel free to email them over to support@portswigger.net.

Baka | Last updated: Jul 10, 2023 09:32AM UTC

Ya everything done correctly, I even deleted my account for 20 minutes from clickjacked website for checking if my code is working or not, But still it is not getting solved.

Michelle, PortSwigger Agent | Last updated: Jul 10, 2023 12:06PM UTC

Hi Can you confirm which lab you're working on, please? We've just tested out the lab 'Basic clickjacking with CSRF token protection' and were able to solve it. If you can also share some details on the steps you're taking, we can take a closer look.

Baka | Last updated: Jul 11, 2023 05:31AM UTC

It's the same lab you solved. I am doing same as the solution told, even my account got deleted for 20 min when I checked my exploit. As you told you have solved it, Let me try again and get back to you. Thank you

Yousef | Last updated: Jul 24, 2023 09:42AM UTC

I have the same problem in this lab too

Michelle, PortSwigger Agent | Last updated: Jul 24, 2023 10:40AM UTC

Hi Can you confirm the steps you are taking to complete the lab? If you follow along with the Community Solution video, does that help?

Yousef | Last updated: Jul 24, 2023 01:28PM UTC

I followed the same steps as in the video and unfortunately it didn't work. until now I have solved 3 clickjacking labs=> 1.Lab: Basic clickjacking with CSRF token protection I solved it correctly and it does not appear to be resolved. 2.Lab: Clickjacking with form input data prefilled from a URL parameter I solved it and it already shows that it has been resolved. 3.Lab: Clickjacking with a frame buster script I solved it correctly and it does not appear to be resolved.

Michelle, PortSwigger Agent | Last updated: Jul 24, 2023 01:47PM UTC

Hi Can you send a screen recording of the steps you are taking to solve the lab 'Basic clickjacking with CSRF token protection' to support@portswigger.net so we can take a closer look? When you solved the lab, what behavior did you see, were you testing out the attack on yourself and did you then click on 'Deliver to victim'?

Yousef | Last updated: Jul 24, 2023 02:43PM UTC

I sent a screen record Thanks for your effort, I hope I'm not bothering you

Michelle, PortSwigger Agent | Last updated: Jul 25, 2023 07:25AM UTC

Thanks for your emails. It's good to hear you've been able to solve the 'Basic clickjacking with CSRF token protection' lab :)

Liam | Last updated: Sep 15, 2023 10:03AM UTC

Same problem for me even though everything aligns perfectly. Labs remains as not solved.

Dominyque, PortSwigger Agent | Last updated: Sep 15, 2023 10:08AM UTC

Hi Liam Can you please send a screen recording as well to support@portswigger.net so we can see all the steps being taken?

You need to Log in to post a reply. Or register here, for free.