Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" lab

hack3rph0en1x | Last updated: Nov 29, 2023 08:56PM UTC

I hope this message finds you well. I wanted to bring to your attention an issue I encountered while working on the "Reflected XSS protected by very strict CSP, with dangling markup attack" lab. It seems that due to a recent update to Chromium, the lab is no longer functioning as expected. The specific challenge I'm facing is related to the strict CSP (Content Security Policy) implemented in the lab environment, which is now being bypassed due to a dangling markup attack. This issue seems to be a result of the recent Chromium update, which has introduced changes to the way CSP is enforced. I have attempted to find a workaround for this issue, but so far have been unsuccessful. I believe that the lab may need to be updated to account for the changes in Chromium and ensure that the intended security measures are still effective. I wanted to reach out to see if there are any plans to address this issue, or if there are any alternative approaches I could take to complete the lab under the current circumstances. Any guidance or updates on this matter would be greatly appreciated. Thank you for your attention to this matter. I look forward to your response.

Ben, PortSwigger Agent | Last updated: Nov 30, 2023 10:42AM UTC