Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

OAuth authentication

Sondip | Last updated: May 10, 2021 07:13AM UTC

Authentication bypass via OAuth implicit flow: this lab when i want to log into social network page the this page redrict to this kind of page: SessionNotFound: invalid_request at Provider.getInteraction (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/oidc-provider/lib/provider.js:50:11) at Provider.interactionDetails (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/oidc-provider/lib/provider.js:228:27) at /home/carlos/oauth/index.js:160:34 at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5) at next (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:137:13) at setNoCache (/home/carlos/oauth/index.js:121:5) at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5) at next (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5)

Ben, PortSwigger Agent | Last updated: May 10, 2021 09:52AM UTC

Hi, Can we just clarify some details with you? Firstly, does this only happen in this particular lab or are you seeing it in the other OAuth labs? Secondly, which browser are you using when you encounter this issue?

Sondip | Last updated: May 10, 2021 05:37PM UTC

1.Firstly, does this only happen in this particular lab or are you seeing it in the other OAuth labs? In all lab. 2.which browser are you using when you encounter this issue? In Firefox.

Ben, PortSwigger Agent | Last updated: May 11, 2021 07:55AM UTC

Hi, Thank you for the additional information. Do you have any extensions installed and running in Burp when you attempt these labs? If so, are you able to disable them and then try this particular lab again? In addition to the above, do you have the ability to use a different browser (Chrome for instance)? If so, do you get see the same behaviour when using the other browser?

Malcolm | Last updated: Jun 11, 2021 03:23AM UTC

I am encountering the same issue in both Firefox and Chrome. I have also disabled Burp extensions.

Malcolm | Last updated: Jun 11, 2021 03:24AM UTC

First I got "Invalid username/email or password." when trying to log in. Then, the SessionNotFound error came after a couple of tries.

Ben, PortSwigger Agent | Last updated: Jun 11, 2021 08:40AM UTC