Ultimate Guide Parse CSRF Token level 1


  • Mod

    Hi,
    This is the beginning of a guide to know how to parse a simple CSRF Token this guide will break down 3 part to each part we will end up with CSRF Token more difficult because the old one I will show you my technique I use personally and who are easy to understand.
    If you don't know what a CSRF Token is, I invite you to go to this link:
    https://en.wikipedia.org/wiki/Cross-site_request_forgery
    /////////////////////////////////////////////////////////////////////////////////////////////////////////

    1)So when you are on your login page press F12 then go to the network tabs select all and click several times on the trash can to start something clean as in the picture below.
    A.PNG

    2)You enter an email and password and click on sign in
    B.PNG
    You get a lot of GET request and little POST request in this case we sent our data which is our username and password so we will take a closer look at the POST request after to find which one and the right one to go into and look where we find our data that we sent and recover the link of the POST request the white rectangle corresponds to your url of your request
    C.jpg

    3)Copy the parameters of your request in this case the POST DATA
    D.PNG

    4)Paste this in Notepad ++ and replace your username and password by the variables
    F.PNG

    //After doing this open OB and copy paste inside your URL and Post data

    1. Now OB part
      G.PNG

    6)Now we said that there was a <token> H.PNG in the POST Data but we haven't parse it yet and we're going to do it now add a PARSE block in the case Var/Cap Name: type token

    7)After this search csrf just this word "csrf"M.PNG
    Now copied from name to /> look my log

    8)Put it here temporarily to work quietly after it will have to be removed
    JJ.PNG

    9)because it's what interests us, we will have to put in the left string : name = "_ csrf" value = " and in the right string " /> in fact we will take everything that has around what interests us except the token csrf

    10)zz.PNG
    Delete the token in automatic mode anc click start and check the Data

    11)LL.PNG

    12)We have parse the csrf token .

    The first ultimate guide for token lvl1
    In the next guide we will see awesome token difficult to parse

    Sorry for my langage it's google translate

    Why001



  • This post is deleted!


  • Aaaaaa, your theme is so old school and trash :kek:
    Bravissimo per la guida



  • Great guide

    How do I parse this http://prntscr.com/sgfsmg ?


  • Admin

    @1ci0f8kqid <COOKIES(_csrf)>


  • Banned

    nice holp you next speak nord


Log in to reply