Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do I use "Show response in browser"?

Paul | Last updated: Jun 02, 2020 04:54PM UTC

Hello i'm currently doing this lab, https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-broken-logic and I got the 302, indicating that I have successfully bruteforced the correct 2fa code, but when I highlight the correct 302 request, then press "Show response in browser" I get "Missing CSRF parameter". After a bit of fiddling around I looked at the solution and followed it step by step and I still get the same error "Missing CSRF parameter". https://i.imgur.com/hKg3cZy.png

Uthman, PortSwigger Agent | Last updated: Jun 03, 2020 10:35AM UTC

Hi Paul, Does the issue occur across multiple browsers? Have you set the verify parameter to Carlos? It looks like the Cookie in your screenshot is picking up wiener.

Paul | Last updated: Jun 03, 2020 02:08PM UTC

Hello and thanks for replying. I did not try across multiple browsers, I will try another browser right now as i'm writing this comment...... Amazing! It's working for me on google chrome. I was using the Brave browser before, which I guess isn't supported. Thanks a ton!

Paul | Last updated: Jun 03, 2020 02:15PM UTC

Just for people who may read this later, Chrome, FF, and Opera are supported as well. (I'll be using opera)

Wolfie | Last updated: Aug 06, 2020 07:49AM UTC

I never managed to open the 302 response, but i did manage to login through the first step as wiener. Once in the second step, i intercepted the requests, sent a random code and changed the verify to carlos as well as changing the mfa-code variable to the 302 code. Suddenly it worked! ^^ Hope it'll help someone else in the future!

Wolfie | Last updated: Aug 06, 2020 07:51AM UTC