Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

OAuth authentication labs

Mohamed | Last updated: Jun 12, 2024 03:41PM UTC

Hello, I have an issue with exploit server in all labs in Oauth authentication when deliver exploit to victim they don't open the /exploit path i don't get any log about if victim request this path i even tried to leave the Hello, World! message and still the victim don't request the path i tried one of csrf labs to check and the exploit server works their

Ben, PortSwigger Agent | Last updated: Jun 13, 2024 07:17AM UTC

Hi Mohamed, Are you able to provide us with some specific details of the steps you have carried out on a specific lab so that we can double check this?

Emmanuel | Last updated: Jul 13, 2024 01:43AM UTC

Same here as well, I followed the community solution and I am still not able to get the access token in the logs for the "Stealing OAuth access tokens via a proxy page" Lab. It's been days and it still does not work

Emmanuel | Last updated: Jul 13, 2024 02:03AM UTC

For anyone having this problem, I will recommend putting the script tag before framing the page, this worked for me.

Adéla | Last updated: Aug 17, 2024 07:50PM UTC

Thank you Emmanuel! I had the same issue and putting <script> in the beginning of the Body (I had to delete the "Hello world") worked and the victim finally accessed the server. I am still wondering how is it possible that the Portswigger Agents are able to solve the lab without this modification.

Ben, PortSwigger Agent | Last updated: Aug 19, 2024 08:16AM UTC

Hi, Which specific lab are you referring to here?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.