Burp Suite User Forum

Login to post

Lab "cors/lab-internal-network-pivot-attack" broken?

mF0x | Last updated: Nov 17, 2022 12:48AM UTC

Hi, Issue with: https://portswigger.net/web-security/cors/lab-internal-network-pivot-attack The lab behaved pretty weird for me, not sure what's the issue. Solutions I tried: - My own (for 6h) - Official Solution - Community Solution I only have BurpCE so I used the exploit-server for all callbacks. First of all, I my scripts only worked when I ran everything through the initial for-loop. Even after finding the right IP, nothing worked when I hardcoded that IP. No, I didn't forget the port. I kept on fine-tuning and used the exploit-server for callbacks sort-of in "debug mode", sending back the entire exploit-chain to myself to check if there's maybe a typo or anything... but it just wouldn't work. I could get it working till the XSS part, from there it's dead end, no matter what I tried, some different XSS (not a whole lot), different types of requests (fetch-API GET & POST, location, iframe from official solution), nothing. Please help or check if there's maybe a bug with the lab. Keep up the great work, the Academy is really good in terms of depth on these specific web topics. mFox

Hannah, PortSwigger Agent | Last updated: Nov 17, 2022 11:01AM UTC

Hi mFox We can confirm that this lab is working as expected. We just tested using the Community Edition solution (no Collaborator server), and the lab was solved. Do you have any extensions installed that might be modifying your traffic? If so, you may want to disable any extensions that you currently have enabled and see if that makes a difference for you.

You need to Log in to post a reply. Or register here, for free.