Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

ClickJacking labs remain as not solved

Antonio | Last updated: Feb 01, 2022 12:08AM UTC

Hi PortSwigger Team, Even after completing more times "Basic clickjacking with CSRF token protection" and "Clickjacking with form input data prefilled from a URL parameter" labs, they are showing as not solved. I just started doing labs and I followed the steps outlined in the solution, but the labs remain as unsolved. Please help me. Thanks and best regards.

Michelle, PortSwigger Agent | Last updated: Feb 01, 2022 02:26PM UTC

Thanks for your message. We don't have any issues currently reported for these labs and have been able to solve them. When you clicked 'Store' and then used 'View Exploit' for the lab 'Basic clickjacking with CSRF token protection' did the elements line up correctly? If you'd like to share some details and screenshots of the steps you took, feel free to email them over to support@portswigger.net.

Baka | Last updated: Jul 10, 2023 09:32AM UTC

Ya everything done correctly, I even deleted my account for 20 minutes from clickjacked website for checking if my code is working or not, But still it is not getting solved.

Michelle, PortSwigger Agent | Last updated: Jul 10, 2023 12:06PM UTC

Hi Can you confirm which lab you're working on, please? We've just tested out the lab 'Basic clickjacking with CSRF token protection' and were able to solve it. If you can also share some details on the steps you're taking, we can take a closer look.

Baka | Last updated: Jul 11, 2023 05:31AM UTC

It's the same lab you solved. I am doing same as the solution told, even my account got deleted for 20 min when I checked my exploit. As you told you have solved it, Let me try again and get back to you. Thank you

Yousef | Last updated: Jul 24, 2023 09:42AM UTC

I have the same problem in this lab too

Michelle, PortSwigger Agent | Last updated: Jul 24, 2023 10:40AM UTC

Hi Can you confirm the steps you are taking to complete the lab? If you follow along with the Community Solution video, does that help?

Yousef | Last updated: Jul 24, 2023 01:28PM UTC

I followed the same steps as in the video and unfortunately it didn't work. until now I have solved 3 clickjacking labs=> 1.Lab: Basic clickjacking with CSRF token protection I solved it correctly and it does not appear to be resolved. 2.Lab: Clickjacking with form input data prefilled from a URL parameter I solved it and it already shows that it has been resolved. 3.Lab: Clickjacking with a frame buster script I solved it correctly and it does not appear to be resolved.

Michelle, PortSwigger Agent | Last updated: Jul 24, 2023 01:47PM UTC

Hi Can you send a screen recording of the steps you are taking to solve the lab 'Basic clickjacking with CSRF token protection' to support@portswigger.net so we can take a closer look? When you solved the lab, what behavior did you see, were you testing out the attack on yourself and did you then click on 'Deliver to victim'?

Yousef | Last updated: Jul 24, 2023 02:43PM UTC

I sent a screen record Thanks for your effort, I hope I'm not bothering you

Michelle, PortSwigger Agent | Last updated: Jul 25, 2023 07:25AM UTC

Thanks for your emails. It's good to hear you've been able to solve the 'Basic clickjacking with CSRF token protection' lab :)

Liam | Last updated: Sep 15, 2023 10:03AM UTC

Same problem for me even though everything aligns perfectly. Labs remains as not solved.

Dominyque, PortSwigger Agent | Last updated: Sep 15, 2023 10:08AM UTC

Hi Liam Can you please send a screen recording as well to support@portswigger.net so we can see all the steps being taken?

Nipun | Last updated: Oct 29, 2023 06:30PM UTC

I am facing the same problem, I did proper alignment but still the lab is not getting solved.

Ben, PortSwigger Agent | Last updated: Oct 30, 2023 08:47AM UTC

Hi Nipun, Are you able to provide some details of which lab you are trying to solve, the details of the exploit that you are using and a screenshot of what this looks like when you perform the 'View exploit' functionality within the lab itself? We will then have a better idea of exactly how you are trying to solve the lab and be able to assist you further.

Mac | Last updated: Mar 16, 2024 08:56AM UTC

Same problem for me even though everything aligns perfectly. Labs remains as not solved.

Ben, PortSwigger Agent | Last updated: Mar 18, 2024 08:37AM UTC

Hi Mac, If you can let us know which lab you are attempting and the details of what your exploit is and what it looks like on the screen then that would be great. If it is easier to do this via email then please feel free to email us at support@portswigger.net.

Mac | Last updated: Mar 18, 2024 02:26PM UTC

Basic clickjacking with CSRF token protection

Mac | Last updated: Mar 18, 2024 02:28PM UTC

Even after completing more times "Basic clickjacking with CSRF token protection" and "Clickjacking with form input data prefilled from a URL parameter" labs, they are showing as not solved. I just started doing labs and I followed the steps outlined in the solution, but the labs remain as unsolved. Please help me. Thanks and best regards.

Ben, PortSwigger Agent | Last updated: Mar 19, 2024 09:15AM UTC

Hi Mac, What are you seeing when you use the 'View exploit' functionality within the exploit server for either of these two labs?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.