Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How find a DOM Open Redirect performed after 3 seconds with Burp Scanner

Nemeses5174 | Last updated: Dec 22, 2023 06:28PM UTC

Hi, I solved the Academy laboratory "SameSite Strict bypass via client-side redirect" (https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-strict-bypass-via-client-side-redirect) and I'm wondering if there is a way to automatically find this kind of DOM Open Redirect issue that is present in the lab above. I mean, the laboratory contains an Open Redirect in the page "https://LAB-RANDOM-ID.web-security-academy.net/post/comment/confirmation?postId=EVIL-POST-ID", there the EVIL-POST-ID value is used by the JS function "redirectOnConfirmation('/post')" that performs a redirection to "post/EVIL-POST-ID" after 3 seconds. I found the bug manually, but I'm searching for a way to find this kind of bug automatically using the Burp Scanner. Burp Scanner doesn't seem to be able to do it (I mean waiting 3 seconds and see the redirection performing and notify the DOM Open Redirection issue). Someone have an idea? Thank you very much and have a nice day.

Liam, PortSwigger Agent | Last updated: Dec 26, 2023 09:59AM UTC

Nemeses5174 | Last updated: Dec 26, 2023 06:36PM UTC

Thanks Liam, I will try to write a BCheck check.

Liam, PortSwigger Agent | Last updated: Dec 27, 2023 06:22AM UTC

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.