Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

OAuth lab: can't solve Stealing OAuth access tokens via a proxy page lab because of SameSite=lax;

Mirnosir | Last updated: Jun 04, 2024 03:25PM UTC

Hi everybody, I'm really sorry to write this but I fried my brains out by trying to solve this lab. I am using an inframe to load the request that has post/comment/comment-form as callback endpoint, from where I can extract the access_token. But the issue is that the OAuth provider set the cookies samesite to lax. As I am aware samesite=lax; doesn't let the iframes to take the user cookies. And for the same reason I get invalid request. (session is not valid) I have watched the walk through videos on this lab, and where I can see the server returns cookies with samesite=none; so the iframe request works properly. Has something changed or is there a mistake, or should I bypass this samesite=lax, I don't get it and I am stuck. Please help me. I am using Burps built-in browser.

Ben, PortSwigger Agent | Last updated: Jun 05, 2024 06:59AM UTC

Hi, Are you able to provide us with some details of what your exploit looks like? When using the embedded browser the 'view exploit' functionality will no longer work quite as expected but delivering your exploit to the victim should still work (I have just run through this lab and been able to solve it using the written solution).

Mirnosir | Last updated: Jun 05, 2024 09:53PM UTC

Hi, Ben Thank you for a reply. I was a little disappointed when it worked for a victim and happy at the same time ;) Thank you once more helping me to resolve this!

Mirnosir | Last updated: Jun 05, 2024 09:54PM UTC