The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab "cors/lab-internal-network-pivot-attack" broken?

mF0x | Last updated: Nov 17, 2022 12:48AM UTC

Hi, Issue with: https://portswigger.net/web-security/cors/lab-internal-network-pivot-attack The lab behaved pretty weird for me, not sure what's the issue. Solutions I tried: - My own (for 6h) - Official Solution - Community Solution I only have BurpCE so I used the exploit-server for all callbacks. First of all, I my scripts only worked when I ran everything through the initial for-loop. Even after finding the right IP, nothing worked when I hardcoded that IP. No, I didn't forget the port. I kept on fine-tuning and used the exploit-server for callbacks sort-of in "debug mode", sending back the entire exploit-chain to myself to check if there's maybe a typo or anything... but it just wouldn't work. I could get it working till the XSS part, from there it's dead end, no matter what I tried, some different XSS (not a whole lot), different types of requests (fetch-API GET & POST, location, iframe from official solution), nothing. Please help or check if there's maybe a bug with the lab. Keep up the great work, the Academy is really good in terms of depth on these specific web topics. mFox

Hannah, PortSwigger Agent | Last updated: Nov 17, 2022 11:01AM UTC