Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

SameSite Strict bypass via client-side redirect

Isaac | Last updated: Jun 29, 2024 12:46PM UTC

Hello! I'm trying to solve this lab from the CSRF topic and I'm struggling to finished. I'm stuck on the last step "sending exploit to victim" I have follow every step from the solution and try the exploit myself and I can confirm that is working as my email changes when I try, however when i send it to the victim nothing happen. I'm sure I'm not using the same email, I have tried encoded and decoded version of the payload and I have tried different browsers. My usual setup is vanilla burp browser I had also tried with my librewolf. In every scenario the problem is always the same, It works when i "view the exploit". Nothing happens when I click "deliver to victim" I dont know what else to do/try. Please help Thanks in advance, Kindly Isaac

Isaac | Last updated: Jun 29, 2024 12:47PM UTC

Going to let the exploit here just in case you would like to give a look: <script> document.location = "https://0ac300ae04cad27c8031eef500aa00cc.web-security-academy.net/post/comment/confirmation?postId=/../../my-account/change-email?email=tokyo%40queen%2Enet%26submit=1"; </script>

Isaac | Last updated: Jun 29, 2024 02:08PM UTC

So I managed to solved. Still I dont understand what was the issue, I just literally copied the same exploit from my notes and this time it work at the fist attempt. The only thing that changed is that before I was in the library. They use Fortinet, I wonder if they were blocking the request to the "victim"

slt | Last updated: Sep 02, 2024 01:03PM UTC

Same here, I tried the same solution two weeks ago, it did not work despite all the local tests saying it should! I assumed there was a temporary problem with the "bot" (the victim) as that happens sometime. As it still does not work today and I think there is a problem on the backend. Can someone from the support check and report back? Thank you in advance!:-)

Ben, PortSwigger Agent | Last updated: Sep 03, 2024 08:39AM UTC