Week 2 - CSRF Token Bypass
CSRF Token Bypass Using BurpSuite
Continuing the Web App Hacking Tips & Tricks series, this week’s tip focuses on bypassing CSRF tokens.
Have you ever found a web endpoint that’s vulnerable to SQL injection, but uses a CSRF token that makes SQLMap automation difficult?
Boy, have we got a show for you!
It turns out you can set a macro in BurpSuite to retrieve a valid CSRF token, and instantly add it to the request being intercepted through the proxy. To do so, follow the below steps:
Press OK and you’re done!
Now to put your Macro to work, use the following SQLMap syntax to proxy traffic through Burp:
sqlmap -u --proxy=”http://localhost:8080”
That’s it!! Now CSRF tokens will no longer prevent you from dumping a DB.
Last updated