Research Academy Daily Swig
My account About Blog Careers Legal Contact

Burp Suite User Forum

Login to post

CSRF Generator Doesn't work

Joel | Last updated: Aug 31, 2020 09:09PM UTC

Today i attempted a CSRF attack using the generator however turns out that document.forms[0].submit() Doesn't work, it did not submit the request. So i tweaked the code a bit to the following: document.forms[0].requestSubmit() This solved the problem. So i was wondering, could you make it automatically use this in the next update instead of the old submit() as it is not always working. Best regards, Joel Aviad Ossi

Hannah, PortSwigger Agent | Last updated: Sep 01, 2020 03:08PM UTC

Hi Joel Are you using the "Engagement tools > Generate CSRF PoC" feature? Do you have a request example that this PoC is generated for?

Joel | Last updated: Sep 10, 2020 12:34AM UTC

I can't recall the target, however .submit() did not push the request for some reason while .requestSubmit() did. Hopefully its just a one time thing :)

Hannah, PortSwigger Agent | Last updated: Sep 10, 2020 09:26AM UTC

Please let us know if you come across this issue again :)

Joel | Last updated: Sep 11, 2020 12:05AM UTC

Ok i figured what application i was testing. To what e-mail can i send the technical description of this issue?

Hannah, PortSwigger Agent | Last updated: Sep 11, 2020 07:28AM UTC

You can reach our support service by email at support@portswigger.net

You need to Log in to post a reply. Or register here, for free.