The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Stealing OAuth access tokens via a proxy page

2lfa | Last updated: Jul 28, 2024 11:21AM UTC

I am trying to solve the exercise "Stealing OAuth access tokens via a proxy page". When I embed the iframe on the exploit server like this: <iframe src="https://oauth-MY-OAUTH-SERVER-ID.oauth-server.net/auth?client_id=MY-LAB-CLIENT_ID&redirect_uri=https://MY-LAB-ID.web-security-academy.net/oauth-callback/../post/comment/comment-form&response_type=token&nonce=-1552239120&scope=openid%20profile%20email"></iframe> I get this error on the iframe on the exploit server: SessionNotFound: invalid_request at Provider.getInteraction (/opt/node-v19.8.1-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:50:11) at Provider.interactionDetails (/opt/node-v19.8.1-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:228:27) at /home/carlos/oauth/index.js:160:34 at Layer.handle [as handle_request] (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) at next (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/route.js:137:13) at setNoCache (/home/carlos/oauth/index.js:121:5) at Layer.handle [as handle_request] (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) at next (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/opt/node-v19.8.1-linux-x64/lib/node_modules/express/lib/router/layer.js:95:5) I tried the exploit on Firefox 128.0, Chrome 126.0.6478.183 and Burp Professional version 126.0.6478.183 Browser, and always got the same result. Also note I am using an Apple M1 arm64 machine, not that it would impact much imo. How do I solve this?

2lfa | Last updated: Jul 28, 2024 12:02PM UTC

I found the solution here: https://forum.portswigger.net/thread/oauth-account-hijacking-via-redirect-uri-works-with-chrome-but-not-using-burp-s-chromium-b5f18f8a Solution : I'm using Chromium Version 126.0.6478.57 (Official Build) (arm64). I managed to solve my lab issue by taking the following steps: 1. Navigate to "Privacy and security --> Tracking Protection". 2. Add "https://[*.][exploit-server.net]" to the "Sites allowed to use third-party cookies". After making these adjustments in my Chromium browser, I no longer encountered the previous exception, allowing me to successfully complete the lab.

2lfa | Last updated: Jul 28, 2024 12:04PM UTC