anti-CSRF token 'token' can't be found at response although the token is existed #2659
Description
Hi,
i've followed this solution but #2 sqlmap can not detect token in the response.
Here is my sql command:
python sqlmap.py --csrf-token="token" --csrf-url="https://localhost.localdomain/active-email.html" -v 6 --force-ssl -u "https://localhost.localdomain/active-email.html" --data="token" --cookie="[COOKIES_USER]"
Here is Request and Response:
[16:46:48] [INFO] testing connection to the target URL
[16:46:48] [TRAFFIC OUT] HTTP request [#1]:
GET /active-email.html HTTP/1.1
Host: localhost.localdomain
Cookie: COOKIE
Accept-encoding: gzip,deflate
Cache-control: no-cache
Accept: /
User-agent: sqlmap/1.1.8.6#dev (http://sqlmap.org)
Connection: close
[16:46:48] [DEBUG] declared web page charset 'utf-8'
[16:46:48] [TRAFFIC IN] HTTP response [#1] (200 OK):
Content-encoding: gzip
Transfer-encoding: chunked
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Uri: https://localhost.localdomain/active-email.html
Server: nginx
Connection: close
Pragma: no-cache
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Date: Sat, 19 Aug 2017 09:45:52 GMT
Content-type: text/html; charset=UTF-8
....
<div class="Row Even">
<label class="">Email:</label>
<div class="Text">USERNAME@gmail.com </div>
</div>
<input type="hidden" value="0819201716524562cf05f15512a5d8c9d860842d0e54a1" name="token" />
<input type="submit" class="button" value="Kích ho?t Email" id="" name="" /> </fieldset>
</form>
....