Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Generate CSRF Poc

Honc | Last updated: Jul 06, 2020 08:46AM UTC

Hi, PortSwigger Team, Burp produces CSRF Poc, Support json request csrf poc?

Liam, PortSwigger Agent | Last updated: Jul 06, 2020 02:08PM UTC

Could you provide an example of a JSON request CSRF POC?

Honc | Last updated: Jul 07, 2020 12:57AM UTC

Hi, Liam , Thanks for your responses and assistance, ↓ Request: POST /admin1234.html HTTP/1.1 Host: xxxx.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Length: 39 Origin: http://xxxx.com Connection: close Referer: http://xxxx.com/admin_managepayaccess.html Cookie: think_language=en-US; PHPSESSID=xxxxxx; AXX_SESSION_ID=xxx {"payapiid":"618","websiteid":0,"ty":0}

Honc | Last updated: Jul 07, 2020 02:29AM UTC

Also ask poc, which can generate the PUT request type?

Liam, PortSwigger Agent | Last updated: Jul 08, 2020 08:36AM UTC

Browsers won’t issue a request in this manner cross-domain. This isn't something we are likely to facilitate. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.