Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

CSFR POC

olek | Last updated: Nov 07, 2022 07:55PM UTC

hi Team I ask to a lot of question but I have problem understand it.When xss is in cookies part and I try to create CSFR POC do not include cookies. How to handle with this issue.

Ben, PortSwigger Agent | Last updated: Nov 08, 2022 02:02PM UTC

Hi Olek, Are you able to provide some further clarification of what you are trying to do?

olek | Last updated: Nov 08, 2022 02:36PM UTC

I got some some xss in cookies part.Now I need show POC .How to doing it.If I create in Burp do not include cookies part.The Xss only show up in section cookies.Ho to Build POC.

Ben, PortSwigger Agent | Last updated: Nov 09, 2022 11:42AM UTC

Hi Olek, The CSRF PoC Generator is used to generate a proof of concept cross-site request forgery attack for a given request - do you actually need to use this functionality to demonstrate your XSS vulnerability?

olek | Last updated: Nov 09, 2022 04:56PM UTC

Generally demonstrate Valid XSS .They yell about POC.Is easy show this build CSRF Poc generate by Burp .But what is Vulnerable part is in cookies Get / HTTP2 Url=my website Cookies:part id etc.here is xss in this part . If I create CSRF burp not include cookies only URL How to prove it .Show only screenshot is not sufficient.Put from BURP request to server also in not sufficient. The my questions how to prove this is XSS. Ones I submit xss on porn website and they said my this is not Valid xss .

olek | Last updated: Nov 15, 2022 11:48AM UTC

Team how to create POC.or may xss in cookies part is not Vulnerability.Why Burp Not include cookies in POC CSRF

Ben, PortSwigger Agent | Last updated: Nov 17, 2022 08:08AM UTC

Hi OLEK, The 'generate CSRF PoC' functionality is designed to generate a proof of concept cross-site request forgery attack for a given request. It sounds like you want to develop a proof of concept to demonstrate some kind of cross site scripting vulnerability. As we have mentioned in your various other forum posts, our support service is for users who are having technical issues with our Burp products. We are not able to provide assistance with testing specific sites or anything of that nature.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.