This extension provides a way of managing tokens like anti-CSRF, CSurf, Session IDs.
It can be used to set parameters that require random numbers or parameters that are computed based on application responses.
It works by
- extracting tokens from responses using your RegEx
- insert them in responses after manipulating the values with javascript.
Multiple parameter choices
- header - the token is contained by a custom header
- url - the URL query contains the token
- body - the token is an usual POST parameter
- cookie - one of the cookies contains the token
- other - json, xml, xml attribute, multi-part attribute
Scoping to different tools
- Proxy
- Intruder
- Repeater
- Scanner
Special features include
- a module for testing your RegEx
- enhanced debugging messages
Please refer to the documentation for more details.