forked from DanNegrea/TokenJar
-
Notifications
You must be signed in to change notification settings - Fork 3
/
BappDescription.html
33 lines (28 loc) · 1.08 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<p>This extension provides a way of managing tokens like anti-CSRF, CSurf, Session IDs.</p>
<p>It can be used to set parameters that require random numbers or parameters that are computed based on application responses.</p>
<p>It works by</p>
<ul>
<li>extracting tokens from responses using your RegEx</li>
<li>insert them in responses after manipulating the values with javascript.</li>
</ul>
<p>Multiple parameter choices</p>
<ul>
<li><b>header</b> - the token is contained by a custom header</li>
<li><b>url</b> - the URL query contains the token </li>
<li><b>body</b> - the token is an usual POST parameter </li>
<li><b>cookie</b> - one of the cookies contains the token </li>
<li><b>other</b> - json, xml, xml attribute, multi-part attribute</li>
</ul>
<p>Scoping to different tools</p>
<ul>
<li>Proxy</li>
<li>Intruder</li>
<li>Repeater</li>
<li>Scanner</li>
</ul>
<p>Special features include</p>
<ul>
<li>a module for testing your RegEx</li>
<li>enhanced debugging messages</li>
</ul>
<p>Please refer to the <a href="https://dannegrea.github.io/TokenJar/">documentation</a> for more details.</p>