Burp Suite User Forum

Login to post

CSRF Scanner not detecting CSRF token named ContactCsrfToken

Gaurav | Last updated: Sep 21, 2023 09:43PM UTC

Note: This issue was generated by the Burp extension: CSRF Scanner. Issue detail The request does not appear to contain an anti-CSRF token. However we are using a token such as the following: ContactCsrfToken=wL7Ai7Q6U1kAVSbSjm_dcxUaTrvVY-iJ_lSMKGJRY2MmjBpuOS Is CSRF scanner only looking to match known token strings? Is the token name above not matching? I came across https://github.com/PortSwigger/csrf-scanner/blob/master/BurpExtender.java which has a default token pattern match that seems to be missing case insensitive matches.

Dominyque, PortSwigger Agent | Last updated: Sep 22, 2023 08:46AM UTC

Hi Please note that extensions are not maintained by us. If you have found an error/issue, can you please raise it as an issue on GitHub for the extension author to have a look at? Thank you.

You need to Log in to post a reply. Or register here, for free.