<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>
const csrfToken = getCookie('CSRF-TOKEN');
const headers = new Headers({
'Content-Type': 'x-www-form-urlencoded',
'x-csrf-token': csrfToken
});
function getCookie(name) {
if (!document.cookie) {
return null;
}
const xsrfCookies = document.cookie.split(';')
.map(c => c.trim())
.filter(c => c.startsWith('csrf' + '='));
if (xsrfCookies.length === 0) {
return null;
}
return decodeURIComponent(xsrfCookies[0].split('=')[1]);
}
function onSubmit() {
alert(headers);
document.getElementById("requestFormId").submit()
}
</script>
<script>history.pushState('', '', '/')</script>
<form id="requestFormId" action="https://www.google.com" method="GET" enctype="text/plain">
<input type="hidden" name="{}" value="" />
<input type="button" onclick="onSubmit()" value="Submit request" />
</form>
</body>
</html>
Add a custom header and submit on click
Be the first to comment
You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.