CSRF TOKEN GENERATOR

[pwneddesal]

HI, there is a way to generate CSRF TOKEN for every user or grab a csrf token form another request then use it to the URL endpoint that you want to test for idor since every user has a different CSRF token

[Quitten]

Currently, this feature is not supported, the implementation should be a URL defined under the configuration tab, which will have regex to fetch value from the response.
This URL needs to be fetched before each request and be added into a placeholder that will be injected to requests.
I dont have enough time to write it now, you or anyone else reading this will be able to develop it :)

[er4z0r]

I have a somewhat related issue: each user has a per-session CSRF Token that is submitted in POST request. Did I understand the configuration correctly, that you cannot specify BOTH a cookie header AND a POST Parameter you wish to send in the low-priv request?

That is: I can not configure Autorize to set SESSIONID=xxxxx and also replace the _token parameter in the request with that for my low priv user?