Burp Suite User Forum

Create new post

CORS with Null origin challenge is broken

bus7d | Last updated: Aug 13, 2023 07:57PM UTC

Hey, It seems that this challenge is broken as the browser does overwrite the Origin header when fetching a request with JS. It does work in Burp but not in real. Another challenge seems to be broken DOM cookie manipulation. Bests,

Michelle, PortSwigger Agent | Last updated: Aug 14, 2023 11:09AM UTC

Can you please email support@portswigger.net with some screenshots or a screen recording of the steps you're taking with these two labs to help us get a better understanding of your issue?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.