to prevent CSRF and forms are repeated, some systems use token mechanism, specific mechanisms can be self-study, which for our individual testing caused a certain inconvenience.
Solution Ideas:
1 , will get token the action is set to macro, which automatically completes each re-acquisition token operation (most time-saving, but troublesome)
2 , the test phase allows development to token set to a fixed value (most convenient)
3 , all tests are used Proxy modules (the simplest, but most time consuming, and unable to complete advanced automated testing function)
for Ideas 1 , Baidu , and found that the answer to the homogeneity of serious, basic reference to foreign blogs:
https://labs.asteriskinfosec.com.au/fuzzing-and-sqlmap-inside-csrf-protected-locations-part-1/
Actually tried, found that the English version of the original reading, Chinese writing is too brief
the following are Burpsuite Bypass token method of:
1 , enter Options options, select Sessions
2 , add a session handing rules , in the pop-up session handing rules editor Input in Rule name, and add a Action
3 , in the click ADD pop-up menu, select run a macro (set a macro)
4 , then select Add a macro (click ADD )
5 , two pages will pop up: Macro Recorder and the Macro Editor
First Look Macro Recorder pages, how to use and Proxy in the module http History same
How to do it (with the simplest login as an example):
( 1 ) Set up the browser, close Burpsuite The Interceptor
( 2 ) to clear the previous request record , open a new browser (to prevent the effect of previous requests)
( 3 ) to access the login page, you can see in the response _CSRF parameters for the purpose of achieving
( 4 ) Ctrl Select just the Get request, click OK
6 , at this time Macro Recorder the page will close and enter Macro Editor page
You can test macros on this page (for more complex macros)
7 , click OK , back to Action Editor interface, select Replace only token Parameters
8 , back to Rule Editor interface, select Scope page, select the scope of this macro
9 , as follows we have bypassed the landing page token , that is, you can send a request repeatedly, each time you re-login to get token the steps Burpsuite help us do it automatically.
in the Intruder Well, we found out we could blast the code. ~
However, some problems are encountered in actual use:
if token not in the parameters but in the Header in, that is X-csrf-token , cannot be replaced at present, do not know can have good method.
Burpsuite Set macro Bypass CSRF token