Burp Suite User Forum

Login to post

Problem generating a CSRF PoC

Zonduhackerone | Last updated: Oct 15, 2019 09:15PM UTC

I understand how basic CSRF works and i have reported some csrf issue to some bug bounty programs in the past, but i have encountered this issue that i don't know what to do. I get this little message when trying to generate a CSRF PoC on a POST request without csrf token or headers: > Warning: The CSRF form uses a different encoding type than the original request, and so the application may not process the request in the way required. Further, the CSRF form uses plain text encoding, and the request body cannot be exactly reproduced because it does not contain the = character. Try modifying the original request so that the body contains the = character. Where exactly i should add the = character if the original requests looks liek this, example: {"phoneNumber":"+ 48-695-5581-39","zipCode":"12-312"} i have tried all forms of the CSRF poc generator and all of them didn't work. Hope you can help me, thanks.

Mike, PortSwigger Agent | Last updated: Oct 16, 2019 10:30AM UTC

Looking at the source code, it appears this error message is raised when the encoding type specified by the Content-Type header is unable to be determined, or if it is different to the Encoding Type specified in the user interface panel. Is what you have selected in the user interface different from what is specified in the Content-Type header of the request?

You need to Log in to post a reply. Or register here, for free.