Burp Suite User Forum

Login to post

OAuth authentication

awewe | Last updated: May 10, 2021 07:13AM UTC

Authentication bypass via OAuth implicit flow: this lab when i want to log into social network page the this page redrict to this kind of page: SessionNotFound: invalid_request at Provider.getInteraction (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/oidc-provider/lib/provider.js:50:11) at Provider.interactionDetails (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/oidc-provider/lib/provider.js:228:27) at /home/carlos/oauth/index.js:160:34 at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5) at next (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:137:13) at setNoCache (/home/carlos/oauth/index.js:121:5) at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5) at next (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5)

Ben, PortSwigger Agent | Last updated: May 10, 2021 09:52AM UTC

Hi, Can we just clarify some details with you? Firstly, does this only happen in this particular lab or are you seeing it in the other OAuth labs? Secondly, which browser are you using when you encounter this issue?

awewe | Last updated: May 10, 2021 05:37PM UTC

1.Firstly, does this only happen in this particular lab or are you seeing it in the other OAuth labs? In all lab. 2.which browser are you using when you encounter this issue? In Firefox.

Ben, PortSwigger Agent | Last updated: May 11, 2021 07:55AM UTC

Hi, Thank you for the additional information. Do you have any extensions installed and running in Burp when you attempt these labs? If so, are you able to disable them and then try this particular lab again? In addition to the above, do you have the ability to use a different browser (Chrome for instance)? If so, do you get see the same behaviour when using the other browser?

Malcolm | Last updated: Jun 11, 2021 03:23AM UTC

I am encountering the same issue in both Firefox and Chrome. I have also disabled Burp extensions.

Malcolm | Last updated: Jun 11, 2021 03:24AM UTC

First I got "Invalid username/email or password." when trying to log in. Then, the SessionNotFound error came after a couple of tries.

Ben, PortSwigger Agent | Last updated: Jun 11, 2021 08:40AM UTC

Hi Malcolm, Are you able to send us an email at support@portswigger.net and include some screenshots of the issues that you are experiencing so that we can see exactly what is happening? This should help us in trying to assist you further.

You need to Log in to post a reply. Or register here, for free.