To capture the csrf token value in headers you need to do one thing prior to enhance the script.
- Go to Recording Options
- HTTP properties
- Advanced
- Headers and add 'csrf-token' or select 'Record header not in list'.Then record the script or regenerate the script.
Please note that the header name in web_add_header is without the colon (:) or space. The right boundary in web_reg_save_param function should be \r\n
web_add_header("csrf-token","{CsrfToken}"");
In header server response the token value looks like this
x-csrf-token: 0FTwrefb89ijdhdhky0lkdkdkkrelw0rIw==
The final function should be as follows
web_reg_save_param("XCsrfToken","LB=x-csrf-token: ","RB=\r\n","Search=Headers",LAST);
web_add_header("csrf-token","{CsrfToken}"");
In header server response the token value looks like this
x-csrf-token: 0FTwrefb89ijdhdhky0lkdkdkkrelw0rIw==
The final function should be as follows
web_reg_save_param("XCsrfToken","LB=x-csrf-token: ","RB=\r\n","Search=Headers",LAST);
No comments:
Post a Comment