Burp Suite User Forum

Create new post

Client-side desync Lab

Angel | Last updated: May 26, 2023 02:54PM UTC

I'm having issues with the client-side desync lab, just want to make sure if I'm doing something wrong. I have a working payload that works on my Chrome browser, but I just haven't managed to capture the victim request by clicking on the "Deliver to victim" button. I've tried changing several things and even copying exactly the payload shown in the solution (replacing the relevant params with my info of course) and still nothing, yet it still works on my browser and I can capture my own request. I've also noticed that when looking at the access log in the exploit server, no requests seem to be coming from any IP other than my own (as it commonly is the case for other labs that require user interaction). Not sure if that is related in anyway. What am I doing wrong?

Ben, PortSwigger Agent | Last updated: May 30, 2023 11:31AM UTC

Hi Angel, Are you able to provide us with any detail with regards to your exploit and the steps that you are taking to try to solve the lab? If it is easier to do this with screenshots then please feel free to send us an email at support@portswigger.net and include the details there.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.