Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Offline Password Cracking Lab Question.

NotCarlos | Last updated: Feb 16, 2022 03:26PM UTC

Lab URL: https://portswigger.net/web-security/authentication/other-mechanisms/lab-offline-password-cracking Hi. I have a question that how are we able to obtain the cookie of the user carlos when he has never logged in. And Thank You so much for providing such good material for free.

Ben, PortSwigger Agent | Last updated: Feb 17, 2022 09:51AM UTC

Hi, Carlos is logged in and is busy browsing round the site. If you can exploit the stored XSS vulnerability present within this lab then you can trick him into giving you his cookie (he always falls for this kind of thing).

NotCarlos | Last updated: Feb 18, 2022 09:16AM UTC

Thank You for your reply.

NotCarlos | Last updated: Feb 18, 2022 09:16AM UTC

Thank You for your reply.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.