CSRF token bypass

# CSRF token bypass ###### tags: `meowhecker` `burp suite` `token bypass` 需要再練習 ## Target http://10.10.56.212/admin/login/ ![](https://i.imgur.com/ogmBXiM.png) ### Response ![](https://i.imgur.com/sFTppbb.png) ![](https://i.imgur.com/sa1hDTz.png) --- Intruder username ->wordlist password ->wordlist loginToken->macro session->macro ## Login token(key and without the account and password) ![](https://i.imgur.com/L7HjOD2.png) ![](https://i.imgur.com/zkLlaQM.png) ## Build a macro. Macros是在資訊安全領域中一種指令的集合。通常用於應用程式或電腦系統中，用來自動化重複的任務或操作。在資訊安全領域中，Macros通常用來檢查系統是否安全，或者自動化防禦攻擊。 Macros allow us to perform the same set of actions repeatedly. In this case, we simply want to send a GET request to `/admin/login/`. "Project Options" -> "Sessions" ![](https://i.imgur.com/x5VupXH.png) --- ![](https://i.imgur.com/6ypWsMb.png) --- ![](https://i.imgur.com/nDf74yB.png) --- ![](https://i.imgur.com/TgId1Ec.png) --- ![](https://i.imgur.com/QXDQAoY.png) --- ![](https://i.imgur.com/9OWJqs2.png) macro will now overwrite all of the parameters in our Intruder requests before we send --- ![](https://i.imgur.com/cLbPA4x.png) Now we have a macro defined that will substitute in the CSRF token and session cookie. ![](https://i.imgur.com/vK3ziY3.png) ![](https://i.imgur.com/TXOybQs.png)