This extension provides a way of managing tokens like anti-CSRF, CSurf, Session IDs.

It can be used to set parameters that require random numbers or parameters that are computed based on application responses.

It works by

• extracting tokens from responses using your RegEx
• insert them in responses after manipulating the values with javascript.

Multiple parameter choices

• header - the token is contained by a custom header
• url - the URL query contains the token
• body - the token is an usual POST parameter
• cookie - one of the cookies contains the token
• other - json, xml, xml attribute, multi-part attribute

Scoping to different tools

• Proxy
• Intruder
• Repeater
• Scanner

Special features include

• a module for testing your RegEx
• enhanced debugging messages

Please refer to the documentation for more details.