Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

No interaction from victim in Access Logs after sending request to /deliver-to-victim

Eli | Last updated: Aug 13, 2024 11:53PM UTC

Hello, I'm running into an issue in one of the CSRF labs (CSRF where Referer validation depends on header being present) where there doesn't appear to be any victim interaction after I click "Deliver to Victim" in the exploit server. When I click "Deliver exploit to victim", I get the following response: ``` HTTP/2 302 Found Location: / Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Server: Academy Exploit Server Content-Length: 0 ``` After this though, I only see my own interactions with the exploit server in the access log: ``` 192.184.176.136 2024-08-13 23:46:02 +0000 "POST / HTTP/1.1" 302 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46:02 +0000 "GET /deliver-to-victim HTTP/1.1" 302 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46:03 +0000 "GET / HTTP/1.1" 200 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46:03 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46:04 +0000 "GET /resources/css/labsDark.css.map HTTP/1.1" 404 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46:12 +0000 "POST / HTTP/1.1" 302 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" ``` In other labs with an exploit server and a deliverable exploit, I usually see a different IP address listed in the logs making a GET request to `/exploit` after submitting the `/deliver-to-victim` request. This has happened the last two times I've tried to do this lab, within a 72-hour timespan. Is there an issue with the exploit server in this specific lab? I was able to complete the exploit in the "SameSite Strict bypass via sibling domain" lab earlier today, for what it's worth. Thanks!

Eli | Last updated: Aug 14, 2024 12:22AM UTC