Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: Exploiting cross-site scripting to steal cookies: the user simulation doesn't work

Mark | Last updated: May 31, 2020 04:57PM UTC

I am doing this lab using the https://webhook.site service to post users's cookie. The problem is that when I visit the blog comments page I can only see my requests and I see no other user's simulated request as the lab explanation says. So Even if I see my xss eploitation is working, I am not able to solve/finish the lab

Uthman, PortSwigger Agent | Last updated: Jun 01, 2020 07:56AM UTC

Hi, This lab requires the use of Burp Pro and the public collaborator server. If you have a work or university email address, you could apply for a trial below? - https://portswigger.net/requestfreetrial/pro

Mark | Last updated: Jun 02, 2020 05:44PM UTC

Ok, I think you should specify that that specific lab is only possible through the pro version of burp. Also the learning content is free so I think even the associated lab should be done in a way that they are doable with free/different tools

Mark | Last updated: Jun 02, 2020 05:44PM UTC

Ok, I think you should specify that that specific lab is only possible through the pro version of burp. Also the learning content is free so I think even the associated lab should be done in a way that they are doable with free/different tools

Uthman, PortSwigger Agent | Last updated: Jun 03, 2020 07:52AM UTC

Apologies, I may be confused with another lab. The lab you are referring to mentions an alternative solution: "Instead of using Burp Collaborator, you could adapt the attack to make the victim post their cookie within a blog comment by exploiting the XSS to perform CSRF". The exploiting XSS to perform CSRF lab is this one: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-perform-csrf.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.