The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Question about lab Reflected XSS protected by very strict CSP, with dangling markup attack

Artur | Last updated: Oct 27, 2024 05:25PM UTC

While executing the lab, found that even using the solution you provided, the lab could not execute successfully, specifically, the csrf token is not passed through collaborator or exploit-server

Ben, PortSwigger Agent | Last updated: Oct 28, 2024 08:52AM UTC

Hi Artur, Due to a Chrome update the current written solution no longer works for this lab. We are in the process of updating this so that the written solution is valid but, in the interim time, you should be able to follow the solution on the page below, which was provided by one of our users: https://skullhat.github.io/posts/reflected-xss-protected-by-very-strict-csp-with-dangling-markup-attack/

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.