Hello,
I am trying to set up a config.
BLOCK:HttpRequest
LABEL:Fetch Site
url = "https://SOMESITE.com/login/"
TYPE:STANDARD
$""
"application/x-www-form-urlencoded"
ENDBLOCK
BLOCK:Parse
input = @data.SOURCE
leftDelim = "name=\"csrfmiddlewaretoken\" value=\""
rightDelim = "\""
MODE:LR
=> VAR @csrf
ENDBLOCK
BLOCK:HttpRequest
LABEL:Login
url = "https://SOMESITE.com/login/"
method = POST
customHeaders = {("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"), ("Pragma", "no-cache"), ("Accept", "*/*"), ("Accept-Language", "en-US,en;q=0.8"), ("Referer", "https://imagn.com/login/"), ("Gannett-Debug-Path", "https-gke-usatsimg backend"), ("Gannett-Debug-Path-Full", "restarts: 0 ttl: 120.000 shield: true server: cache-lcy-eglc8600091-LCY path: https-gke-usatsimg backend"), ("X-Cache", "MISS"), ("X-Cache-Hits", "0"), ("X-Request-Id", "c4413e189ac37b2d48d77dfad629ab8f"), ("X-Served-By", "cache-par-lfpg1960074-PAR"), ("X-Timer", "S1713343679.013444,VS0,VE184")}
TYPE:STANDARD
$"returnPath=None&csrfmiddlewaretoken=csrf&uname=<input.USERNAME>&pass=<input.PASSWORD>&Login=Login"
"application/x-www-form-urlencoded"
ENDBLOCK
But I am getting the following Error Response:
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.
After Pre-Login (Fetch Site) I get the following CSRF:
csrftoken: vwEVTH6TSLop3bBfHhXPYCImDzty7G7gGg4D3RfCEpQRhHaY4RaKAMoBkiw3OR2U
Then I have Parse block fpr CSRF and I am getting some other CSRF Token
csrf (String) = 9B9zrUAEriEHmlhvEJO5NvlGuqK2CLJ6klzhB4JndW69ARQe1j10pF1Vb9NxjWEK
The last one is given to POST data.
When I set it up like
BLOCK:HttpRequest
LABEL:Fetch Site
url = "https://SOMESITE.com/login/"
TYPE:STANDARD
$""
"application/x-www-form-urlencoded"
ENDBLOCK
BLOCK:Parse
input = @data.COOKIES["csrftoken"]
MODE:LR
=> VAR @csrf
ENDBLOCK
BLOCK:HttpRequest
LABEL:Login
url = "https://SOMESITE.com/login/"
method = POST
customHeaders = {("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"), ("Pragma", "no-cache"), ("Accept", "*/*"), ("Accept-Language", "en-US,en;q=0.8"), ("Referer", "https://imagn.com/login/"), ("Gannett-Debug-Path", "https-gke-usatsimg backend"), ("Gannett-Debug-Path-Full", "restarts: 0 ttl: 120.000 shield: true server: cache-lcy-eglc8600091-LCY path: https-gke-usatsimg backend"), ("X-Cache", "MISS"), ("X-Cache-Hits", "0"), ("X-Request-Id", "c4413e189ac37b2d48d77dfad629ab8f"), ("X-Served-By", "cache-par-lfpg1960074-PAR"), ("X-Timer", "S1713343679.013444,VS0,VE184")}
TYPE:STANDARD
$"returnPath=None&csrfmiddlewaretoken=csrf&uname=<input.USERNAME>&pass=<input.PASSWORD>&Login=Login"
"application/x-www-form-urlencoded"
ENDBLOCK
Then I enter the same CSRF into POST data, but on site there is still another one:
name="csrfmiddlewaretoken" value="XO6E5XrkSbhBDc4BHWt9OYppbsqQFunQYzpTjzyLJ5uQJdBbdTWSvGr4iRuBfqb0">
How to solve that issue? I am a bit confused.