-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't login to ASPX CSRF secured websites #17
Comments
hmm, I guess we would need more info to debug this problem, weird that the backend does not like it |
To reproduce a problem have a look at any CSRF-protected Login-Site that is developed with APSX .NET. Have a look at the sourcecode and see, that there are more than just one hidden token field (it consists of three). |
Hey bahmutov,
I just experimented in accessing a CSRF protected ASPX Login form - unfortunately I was not able to do any successfull login.
The ASPX Login seems to have more than one hidden field so in the first steps I simply enhanced your code to gather up to three tokens from the page and add it to the form during the post.
I checked and saw they were successfully added with wireshark by inspecting the POST.
Anyhow I always get referred back to the login page.
As my understanding of ASPX is pretty almost nothing more than what I have already found out and written here I thought maybe you have an idea and perhaps this could be a nice feature for csrf-login.
The text was updated successfully, but these errors were encountered: