Thursday, October 10, 2019

Capture correlation value from response headers | CsrfToken Value Correlation

To capture the csrf token value in headers you need to do one thing prior to enhance the script.
  1. Go to Recording Options
  2. HTTP properties
  3. Advanced
  4. Headers and add 'csrf-token' or select 'Record header not in list'.Then record the script or regenerate the script.
Please note that the header name in web_add_header is without the colon (:) or space. The right boundary in web_reg_save_param function should be \r\n 

web_add_header("csrf-token","{CsrfToken}"");


In header server response the token value looks like this
x-csrf-token: 0FTwrefb89ijdhdhky0lkdkdkkrelw0rIw==

The final function should be as follows


web_reg_save_param("XCsrfToken","LB=x-csrf-token: ","RB=\r\n","Search=Headers",LAST);

No comments: