Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Labs - Clickjacing attacks

H3X0S3 | Last updated: Aug 28, 2021 06:42PM UTC

Hello! When I tried to solve the "Clickjacking" academy labs, I got an error message when tried to see my exploit in the exploit server. I got only this message ""Resource not found - Academy Exploit Server" error message, so I unable to solve the labs. labs 1- Clickjacking with form input data prefilled from a URL paramete 2- Clickjacking with a frame buster script 3- Exploiting clickjacking vulnerability to trigger DOM-based XSS 4- Multistep clickjacking Thank you

Ben, PortSwigger Agent | Last updated: Aug 31, 2021 09:13AM UTC

Hi, Just to confirm, are your lab sessions still active when you try this (each lab instance will expire after a certain period of inactivity/time)? Are you able to navigate to the other areas of the lab without issue? In addition, which particular browser are you using when attempting to solve these labs?

Kryp1n | Last updated: Sep 13, 2021 07:02PM UTC

Hello, i got the same error message and tried a lot times but failed. It seemed to be sth wrong with the lab. best regards

Ben, PortSwigger Agent | Last updated: Sep 14, 2021 07:15AM UTC

Hi, Are you able to confirm the name of the lab(s) that you are experiencing issues with and also provide some details of the steps that you have carried out to attempt to solve it so that we can take a look for you?

Enes | Last updated: Oct 29, 2022 11:12PM UTC

Hi, I am using chrome and firefox browser for those labs and i got Resource not found - Academy Exploit Server ,so i cannot finish any labs. Examples CSRF, Clickjacking, Dom based, Cors lab. Could anyone help me ? By the way i looked solutions but it didnt work .

Ben, PortSwigger Agent | Last updated: Oct 31, 2022 11:10AM UTC

Hi, Just to clarify, you only see this when you attempt to launch and view the Exploit Server from each lab i.e. you can launch and access the labs perfectly fine but cannot navigate to the Exploit Server in each lab? In addition to the above, based on your message, this happens for every single lab that has an Exploit Server component in the lab categories that you have mentioned, is that correct? Are you proxying your browser traffic through Burp when you observe this behaviour?

Fabio | Last updated: Feb 27, 2023 06:27PM UTC

On the "iframe src" you need to put "https://..." worked for me: <iframe src="https://0a56......></iframe>

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.