Burp Suite User Forum

Create new post

Lab: Basic clickjacking with CSRF token protection

Suresh | Last updated: Aug 01, 2023 09:03AM UTC

This simple Lab does not complete even though I followed the right steps and does not reset to original state even after waiting for 20 mins. It wasted half my day's time. Please fix the bug(if any) related to this lab. Thanks & Regards, Suresh Jagirdar Information Security Analyst APCFSS

Ben, PortSwigger Agent | Last updated: Aug 01, 2023 11:23AM UTC

Hi Suresh, I have just run through this lab and have been able to solve it using the written solution as a guide, so it does appear to be working as expected. What does your exploit look like and have you used the 'View exploit' functionality to check whether the 'Click me' element lines up with the 'Delete account' button on the page? Every lab will expire after around 15 minutes if no further interactions are performed on it (obviously, if you are refreshing the lab or interacting with the lab before the time that it expires this then resets that timer and you will have to wait for a longer period of time). There is also a hard limit on all labs of a few hours where they will simply expire regardless of your actions.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.