Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How find a DOM Open Redirect performed after 3 seconds with Burp Scanner

Nemeses5174 | Last updated: Dec 22, 2023 06:28PM UTC

Hi, I solved the Academy laboratory "SameSite Strict bypass via client-side redirect" (https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-strict-bypass-via-client-side-redirect) and I'm wondering if there is a way to automatically find this kind of DOM Open Redirect issue that is present in the lab above. I mean, the laboratory contains an Open Redirect in the page "https://LAB-RANDOM-ID.web-security-academy.net/post/comment/confirmation?postId=EVIL-POST-ID", there the EVIL-POST-ID value is used by the JS function "redirectOnConfirmation('/post')" that performs a redirection to "post/EVIL-POST-ID" after 3 seconds. I found the bug manually, but I'm searching for a way to find this kind of bug automatically using the Burp Scanner. Burp Scanner doesn't seem to be able to do it (I mean waiting 3 seconds and see the redirection performing and notify the DOM Open Redirection issue). Someone have an idea? Thank you very much and have a nice day.

Liam, PortSwigger Agent | Last updated: Dec 26, 2023 09:59AM UTC

Nemeses5174 | Last updated: Dec 26, 2023 06:36PM UTC

Thanks Liam, I will try to write a BCheck check.

Liam, PortSwigger Agent | Last updated: Dec 27, 2023 06:22AM UTC