Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web Security Academy || Finding and learning to make scripts like the labs

Stephan | Last updated: Jan 18, 2022 11:53AM UTC

Hi All, During the learning path I notice that alot of good theory is explained about how and what a vulnerability is and how to recognize it. However, I find the practice of this very poorly explained. Just like the Videos it's a 1 on 1 follow video that doesn't explain how they get anywhere or how they did the recon to get there. With the following example in the following lab exercises. a script is placed in the solution here. I will always get stuck on this because my programming background is a bit less, but I would still like to know more about how you made the script here. 1) https://portswigger.net/web-security/oauth/lab-oauth-stealing-oauth-access-tokens-via-a-proxy-page 2) https://portswigger.net/web-security/oauth/lab-oauth-stealing-oauth-access-tokens-via-an-open-redirect The methodology is always very clear to me, but I would like a better explanation about how you create the script or where we can look to make a script. In addition, I still need help with the script even though I have already completed it. P.S is there a discord server where people communicate?

Michelle, PortSwigger Agent | Last updated: Jan 20, 2022 01:38PM UTC

Thanks for getting in touch. Some of the more complex labs, for example, the Expert level labs generally require knowledge that goes beyond the scope of an individual topic/lab. In some cases, you'll find that resources and labs elsewhere in the Academy will provide you with additional knowledge, for example in this case you may find these resources a useful read https://portswigger.net/web-security/dom-based/controlling-the-web-message-source, so it can often be useful to revisit sections at all stages on your journey through the Academy. We also try to find balance as exploiting some vulnerabilities inherently requires a certain amount of HTML/JavaScript knowledge and to go into the detail of that would drag the learning materials off-topic and so detract from the main subject matter. I hope this helps to explain how we have presented things and we hope you are still enjoying the labs. We don't have a discord server but you may find other users in the community reply to your forum posts.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.