Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do I validate Academy CSRF lab solutions?

Joonas | Last updated: Apr 29, 2020 05:43AM UTC

I have trouble solving the CSRF labs in the academy. I have so far tested the first two of them, but can't figure out why the lab thinks the solutions are incorrect. Is there something else that needs to be done to validate the solution with the lab other than storing the response on the provided exploit server? Based on my proxy history the attack seems to be working as intended as I receive the same response from the target application as I do while changing my email directly in the application. However, I'm unable to manually verify if changing the email address has any impact since I haven't yet found a place where the application would display the currently set email address. I have also tried to follow the provided Solutions step-by-step, both using the Burp Professional method of relying on CSRF PoC generator and by manually copy/pasting the provided template and replacing the values. Is there a bug in the way the lab checks the solution or am I just missing something?

Roman | Last updated: Apr 29, 2020 07:51AM UTC

Hi, I've similar problems. I solved first two CSRF labs, but my solutions for next 3, which are similar are reported incorrect. I also went provided hints step by step with my Burp community edition. I carefully checked syntax and parameters of my solutions and cannot understand, why they should be wrong - there are not so many things I could write wrong. And error message gives no further idea about what could be wrong. Is there an example solution to compare?

Michelle, PortSwigger Agent | Last updated: Apr 29, 2020 08:47AM UTC