You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HI, there is a way to generate CSRF TOKEN for every user or grab a csrf token form another request then use it to the URL endpoint that you want to test for idor since every user has a different CSRF token
The text was updated successfully, but these errors were encountered:
Currently, this feature is not supported, the implementation should be a URL defined under the configuration tab, which will have regex to fetch value from the response.
This URL needs to be fetched before each request and be added into a placeholder that will be injected to requests.
I dont have enough time to write it now, you or anyone else reading this will be able to develop it :)
I have a somewhat related issue: each user has a per-session CSRF Token that is submitted in POST request. Did I understand the configuration correctly, that you cannot specify BOTH a cookie header AND a POST Parameter you wish to send in the low-priv request?
That is: I can not configure Autorize to set SESSIONID=xxxxx and also replace the _token parameter in the request with that for my low priv user?
HI, there is a way to generate CSRF TOKEN for every user or grab a csrf token form another request then use it to the URL endpoint that you want to test for idor since every user has a different CSRF token
The text was updated successfully, but these errors were encountered: