Exploiting cross-site scripting to steal cookies
I don't use Burp Collaborator but a service hosted on Heroku.
Thanks for any help
Thank you for your message.
The labs are designed to be solved using the tools within Burp Suite. I have just tested the lab and was able to successfully complete it using the Burp Collaborator.
I would suggest using the Burp Collaborator and see if you have any further issues completing the lab.
Thanks for your answer.
Is Burp Collaborator included in Burp Community version ?
Unfortunately, Burp Collaborator is only available in the Professional edition.
Having looked at the lab again, it does state:
“Instead of using Burp Collaborator, you could adapt the attack to make the victim post their cookie within a blog comment by exploiting the XSS to perform CSRF, although this would mean that the cookie value is exposed publicly, and also discloses evidence that the attack was performed.”
So perhaps you could investigate and use this method instead of Burp Collaborator if you are looking to solve the lab.
Please let us know if you need any further assistance.