Description: Here we show some Recursive Grep with BurpSuite for sites that have Synchronizer Token Pattern AKA Anti-CSRF (Cross-Site Request Forgery )
* This method is 'faster' and less traffic then macro method .. macro method logs in every time.. this method will use the previous request param to submit to its next attack.
* This method from what I can tell does not allow for any other attack but intruder :( some extensions exit for automating this but I can't find or get them to work
If you know any easy method to automate Active scans WITH tokens the non 'relogin every time ' method that would be great ! rmccurdy.com !
help me get
http://blog.spiderlabs.com/2012/09/adding-anti-csrf-support-to-burp-suite-intruder.html working !!! -rmccurdy.com
http://sleepy-tor-8086.herokuapp.com/
http://blog.nvisium.com/2014/02/using-burp-intruder-to-test-csrf.html
http://blog.securenet.de/2013/06/07/automated-scanning-with-burp-despite-anti-csrf-token/
https://www.google.com/search?q=burp+macros+xsrf
https://www.netspi.com/blog/entryid/121/fuzzing-parameters-in-csrf-resistant-applications-with-burp-proxy
https://www.notsosecure.com/blog/2014/07/02/pentesting-web-service-with-csrf-token-with-burp-pro/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.