Burp Suite User Forum

Create new post

Manually reproduce Cross-site scripting (DOM-based) vulnerability using info from Burp report

qaquest | Last updated: Apr 23, 2015 06:21PM UTC

Hi, Ran test to look for “Cross-site request forgery” & Burp came back with issue. How can we use the info in the report to reproduce this manually so as to confirm that it's not a false positive? Thx.

PortSwigger Agent | Last updated: Apr 24, 2015 07:54AM UTC

You can manually test potential cross-site request forgery issues by right-clicking the request and choosing Engagement tools / Generate CSRF PoC. This will create an HTML page that attempts to issue the request. You can view that HTML page in a browser (while logged in to the app as a suitable user) and determine whether the browser does issue the desired request. You can manually test potential DOM-XSS issues by reviewing the code path that Burp reports, from tainted source to dangerous sink, to determine whether this path indeed appears to be a way of propagating an attack from source to sink. Then, depending on the nature of the source and sink, you'll need to construct a suitable URL (or other DOM contents) to try to generate a PoC attack. Often, this process is a bit like manually testing for reflected XSS - you need to craft a suitable attack to inject some JS into the context where the data gets used.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.