Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

LAB Authentication bypass via OAuth implicit flow

N1pun | Last updated: Nov 11, 2021 10:39AM UTC

I am trying to access lab "Authentication bypass via OAuth implicit flow" but when i go to https://acc41f931f795360c0081ada005a0002.web-security-academy.net/ and click on my account to login its giving me error after We are now redirecting you to login with social media...giving message that SessionNotFound: invalid_request at Provider.getInteraction (/opt/node-v14.17.6-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:50:11) at Provider.interactionDetails (/opt/node-v14.17.6-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:228:27) at /home/carlos/oauth/index.js:160:34 at Layer.handle [as handle_request] (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) at next (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/route.js:137:13) at setNoCache (/home/carlos/oauth/index.js:121:5) at Layer.handle [as handle_request] (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) at next (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5)

Ben, PortSwigger Agent | Last updated: Nov 11, 2021 11:59AM UTC

Hi, Are you only receiving this error when you try and login with social media? In addition, can you confirm which browser you are using when you see this error? Do you still see this particular error if you use a different browser or does it remain constant?

linuxmaster | Last updated: Jan 04, 2022 08:56AM UTC

Yes, i use different browser it is work. But in the firefox browser don't work. How i can solved this problem ?

linuxmaster | Last updated: Jan 04, 2022 08:56AM UTC

Yes, i use different browser it is work. But in the firefox browser don't work. How i can solved this problem ?

Michelle, PortSwigger Agent | Last updated: Jan 05, 2022 09:03AM UTC

Thanks for the update. We have tested this lab here with Firefox and do not see the same error so this appears to be something specific to your settings. Do you have any browser extensions installed? If so, do you see the same behavior if you disable them? Do you see the same behavior if you use a private window (with no browser extensions enabled) in Firefox?

| Last updated: Feb 05, 2022 01:51PM UTC

hello i am using fire fox and having the same issue SessionNotFound: invalid_request at Provider.getInteraction (/opt/node-v14.17.6-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:50:11) at Provider.interactionDetails (/opt/node-v14.17.6-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:228:27) at /home/carlos/oauth/index.js:160:34 at Layer.handle [as handle_request] (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) at next (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/route.js:137:13) at setNoCache (/home/carlos/oauth/index.js:121:5) at Layer.handle [as handle_request] (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) at next (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/opt/node-v14.17.6-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5 i am using foxyproxy for intercepting

| Last updated: Feb 05, 2022 01:51PM UTC

can you fix this issue

Michelle, PortSwigger Agent | Last updated: Feb 07, 2022 11:05AM UTC

Thanks for getting in touch. We've just tested this with Firefox here and we're not seeing the same error, so this might be something specific to your Firefox installation. If you disable all Firefox extensions and use Firefox's own Settings -> Network Settings option to configure Burp as the proxy, do you see the same issue? Do you see the same issue if you use a different browser?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.