Can't it detect and grab the token automatically after giving it an example? As you know tokens aren't static because if they were that would make them totally useless and kill the purpose that they were made for !

[minanagehsalalma]

No description provided.

[1uffyD9]

No, it can't detect CSRF tokens automatically, at the moment.
But when you provide the CSRF token name(s), it'll automatically grab the unique value relevant to that token(s) send it with the next request is made. This process will continue for each word in the rest of the word list. This script was made when I'm playing CTFs. I have a few ideas to modify the tool. I'll update the tool soon. Thanks for your feedback. :)

[minanagehsalalma]

Thanks for the clarification.

Also you should get it support multiple tokens not just one.

And maybe perform some process on the password like md5 hashing it..

Or merging it to the token then hashing it to sha256 .... as some login pages do these.

[minanagehsalalma]

An argument to what to do with the token and passwords before sending.

[1uffyD9]

Thank you very much for your suggestions! Really this feedback motivated me a lot. I'll update the tool soon. :)

[minanagehsalalma]

You are welcome mate...

Really this feedback motivated me a lot

It's my pleasure :).