Burp Suite User Forum

Login to post

Bruteforce with CSRF login protected

sathish | Last updated: Oct 18, 2020 10:17AM UTC

Hi, We cannot bruteforce login that protected with CSRF Tokens for each login. So, the new feature request is to bruteforce with new request every time (bruteforcing where it grabs new tokens each request)

Liam, PortSwigger Agent | Last updated: Oct 19, 2020 12:08PM UTC

Have you tried using Turbo Intruder? Attacks are configured using Python. This enables the handling of complex requirements such as signed requests and multi-step attack sequences. - https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988

sathish | Last updated: Oct 19, 2020 02:25PM UTC

Hi, okay let me see and try, Thank you.

You need to Log in to post a reply. Or register here, for free.