Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Xss reflected ---csrf

olek | Last updated: Sep 22, 2021 03:05PM UTC

Hi I would ask if it is possible bypass csrf token.I can executed Xss ob website but csrf token do not allow my use the links on different browser . There is any way explored this or bypass csrf token . csrf=a1cbdf2f1bc936d3b3c1f510197bd842bf53ad4e thank

Michelle, PortSwigger Agent | Last updated: Sep 23, 2021 12:02PM UTC

I'm afraid our technical support is here to provide technical advice with Burp Suite rather than with the exact steps needed to carry out an exploit. You might find some useful information on our Web Security Academy though. Have you checked out our learning materials on CSRF? https://portswigger.net/web-security/csrf

olek | Last updated: Sep 23, 2021 02:21PM UTC

Yes I read this but not help my a lot.When I use cookies I can execute xss on different browser .But I thought Burp has any extension to help my omit csrf token.??

Michelle, PortSwigger Agent | Last updated: Sep 23, 2021 03:05PM UTC

There are BApps available to help you work with CSRF tokens, although I can't guarantee they will cover exactly what you want you might want to take a look through. You can find the list of BApps and descriptions of what they do here: https://portswigger.net/bappstore I hope this helps.

olek | Last updated: Sep 23, 2021 06:32PM UTC

I used this extension .I do not see any help .But how you handle with this issue. You able execute xss reflected on website .You can show this on Browser .But if you submit this as Vulnerability .Person can not see this on different Browser .The reason is CSRF token .?

Michelle, PortSwigger Agent | Last updated: Sep 24, 2021 07:33AM UTC

I'm afraid our technical support is here to provide technical advice with Burp Suite rather than with the exact steps needed to carry out an exploit. One of the other users in the community may be happy to help out and add to this thread though.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.