Burp Suite User Forum

Create new post

OAuth account hijacking via redirect_uri works with chrome but not using burp's chromium

tvishnumolakala | Last updated: Jun 17, 2024 03:17PM UTC

When I store the exploit and view it using Burp's chromium I see the following error in my iframe. However, that's not the case when I use my chrome browser. Due to this I'm not getting the auth code from admin to solve this lab SessionNotFound: invalid_request at Provider.getInteraction (/opt/node-v19.8.1-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:50:11) at Provider.interactionDetails (/opt/node-v19.8.1-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:228:27) at /home/carlos/oauth/index.js:160:34 at Layer.handle [as handle_request] (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) at next (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/route.js:137:13) at setNoCache (/home/carlos/oauth/index.js:121:5) at Layer.handle [as handle_request] (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) at next (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5)

Ben, PortSwigger Agent | Last updated: Jun 19, 2024 05:03AM UTC

Hi, Are you able to provide us with some specific details of the exploit that you have used?

tvishnumolakala | Last updated: Jun 20, 2024 02:08PM UTC

I'm following the exact same steps mentioned solution for this lab. https://portswigger.net/web-security/oauth/lab-oauth-account-hijacking-via-redirect-uri

Ben, PortSwigger Agent | Last updated: Jun 20, 2024 03:53PM UTC

Hi, Due to some current issues with the embedded browser I believe that to use the 'View exploit' functionality you would need to use a standard version of Chrome (delivering the exploit to the victim should still work in the same way with the embedded browser, however).

tvishnumolakala | Last updated: Jun 24, 2024 02:59PM UTC

I'm having the same issue with "Stealing OAuth access tokens via an open redirect" Lab. It works when I "View Exploit" but I'm not receiving anything when I "Deliver the Exploit"

Ben, PortSwigger Agent | Last updated: Jun 25, 2024 07:56AM UTC

Hi, Can you confirm which browser you are using?

tvishnumolakala | Last updated: Jun 25, 2024 01:45PM UTC

The chromium browser that comes built in with burp professional.

Ben, PortSwigger Agent | Last updated: Jun 25, 2024 05:03PM UTC

Hi, If you use a normal version of Chrome, does this allow you to successfully deliver your exploit and obtain the bearer token?

tvishnumolakala | Last updated: Jun 25, 2024 05:57PM UTC

If I use the "View Exploit" feature from the normal version of Chrome, it works. However, if I send the exploit from the same browser version, I don't receive the token. When I use the "View Exploit" feature in the Chromium provided by Burp with the same exact payload, I see the initially attached exception stack trace. I suspect that the admin user is encountering the same exception, which may be why the token isn't being sent back to my logs.

Ben, PortSwigger Agent | Last updated: Jun 26, 2024 06:52AM UTC

Hi, I did run through this lab using a normal version of Chrome and both of the functionalities worked for me. Do you have details of what version of Chrome you have tried and what your payload looks like?

tvishnumolakala | Last updated: Jul 01, 2024 02:46PM UTC

I'm using Chromium Version 126.0.6478.57 (Official Build) (arm64). I managed to solve my lab issue by taking the following steps: 1. Navigate to "Privacy and security --> Tracking Protection". 2. Add "https://[*.][exploit-server.net]" to the "Sites allowed to use third-party cookies". After making these adjustments in my Chromium browser, I no longer encountered the previous exception, allowing me to successfully complete the lab.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.