Using stolen cookie in cURL to bypass CSRF

I have to process a web page. This web page is based on YII framework, and the login page is protected by CSRF tokens. When I pass the login credentials by POST method. I get the error 400 and The CSRF token could not be verified message.

I don’t know how to by pass this protection. I don’t understand the mechanism. When I login by the Chrome browser, I see what the POST message look like. It has 4 parameters: CSRF key, login, password, an one empty variable. How the browser gets the proper CSRF key to be sanded back?

I have a login and password for this web page, and I can login as normal user. Only the login page is protected against CSRF. Can I use the cookie (how to do that) created by browser on normal login, give this cookie to cURL and start processing URLs behind login page?

CSRF token protection using cookie

Is it a good practice to save the csrf token in a cookie or is it better to use a hidden field in a form? Also is it good to regenerate csrf token every user request like what captchas are doing? Than

Server-side checking if cookie stolen

Is there a way to check if cookie from user A was stolen by user B on the server side? for example the cookie token/data created using a simple hash function (sha1 for example) hash_of(user_agent,ip+p

Django CSRF cookie HttpOnly

Is it possible to set the django csrf cookie to be http-only? Alike to SESSION_COOKIE_HTTPONLY with session cookie, but for the csrf one?

CSRF token in a Cookie

What are the general recommendations regarding CSRF token. Is it safe to have a csrf token inside a cookie?

Django REST Framework CSRF Failed: CSRF cookie not set

I am using the django rest framework to perform API calls via IOS and I get the following error CSRF Failed: CSRF cookie not set. Here’s my django API code: class LoginView(APIView): List all sn

CSRF verification failed. when using cURL

i’m trying to get content of markafoni.com by curl. class curl { private $ch; function __construct() { $this->ch = curl_init(); curl_setopt($this->ch,CURLOPT_CAINFO,dirname(__FILE__)./cacert.pe

django csrf cookie no longer working

I don’t understand why, but Django has ceased including the csrf cookie in responses. I have the middleware enabled, have tried using RequestContext and am using render. I have even tried using the cs

How to bypass proxy using apache (without using curl)?

I want to get the content of some site across the proxy using php. Instead of using curl , i want to do proxy authentications at Apacle level. So that there is no need to change the existing code. An

Django CSRF Cookie Not Setting

I have been trying to set up CSRF protection on my POST forms on my django 1.4.3 site and have been getting the 403 CSRF cookie not set error. I believe I have followed the doc in detail, followed adv

Using cookie in curl call with PHP

I need to fetch some data from external site. To do this I need to load a site that creates some cookie and gives a simple math calculation to generate new link. This part is easy: $cr = curl_init($ur

Answers

MrMgr Answer in his comments. I’ve put it here to help other people easily identify the answer.

The CSRF key is generated for session and it is inside LOGIN page as plain text. I can copy it from the source code, of the login page, and provide to cURL script to be past as POST variable. The CSRF Key doesn’t change after every page refresh, a KEY is valid until logout. On logout the CSRF key is sanded to server for termination.

Source

CSRF tokens are in place to make this precise action difficult. You need a better way to spoof being a browser with PHP. To do that, store all cookies in what is generally called a “cookie jar.” PHP’s implementation of curl has that capability. All curl requests routed to this site should use this cookie jar from now on.

Next you need to parse the login page to grab all fields that are submitted. This includes the username, password, CSRF, and other hidden fields. Make sure you have values for each one. If it’s not supposed to be entered by you (e.g. hidden inputs), scrape the login page’s HTML and put those fields into variables you can pass along in the login POST. Also be sure to send the url of the login page you scraped as the referrer in the login POST.

Parsing html can be tedious, but libraries like SimpleHTMLDOM should make it simple if you’re familiar with CSS selectors.