Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Offline Password Cracking Lab Question.

NotCarlos | Last updated: Feb 16, 2022 03:26PM UTC

Lab URL: https://portswigger.net/web-security/authentication/other-mechanisms/lab-offline-password-cracking Hi. I have a question that how are we able to obtain the cookie of the user carlos when he has never logged in. And Thank You so much for providing such good material for free.

Ben, PortSwigger Agent | Last updated: Feb 17, 2022 09:51AM UTC

Hi, Carlos is logged in and is busy browsing round the site. If you can exploit the stored XSS vulnerability present within this lab then you can trick him into giving you his cookie (he always falls for this kind of thing).

NotCarlos | Last updated: Feb 18, 2022 09:16AM UTC

Thank You for your reply.

NotCarlos | Last updated: Feb 18, 2022 09:16AM UTC