Can anyone show a working example of authorization on a site using requests, cookies and csrf validation?
Site on Laravel
1st action - HTTP Request (GET)
Options: Response → Include Response Headers and Status +
2nd action - HTML Extract
Extraction Values:
CSS Selector: meta[name=“token”], Return Value: Attribute, Attribute: content
3rd action - HTTP Request (POST)
Send Headers: Header Parameters
Name: Cookie, Value: {{ $node[“HTTP Request”].json[“headers”][“set-cookie”] }}
Send Body: Body Parameters
Name: _token, Value: {{$node[“HTML Extract”].json[“data”]}}
Name: username, Value: admin
Name: password, Value: password
Options: Redirects
Follow Redirects +
OUTPUT
The site is loading as if a Get request has been completed
Is it possible to send a cookie POST request header without the extra data received from the GET request? (expires=xx, xx-Nov-2022 11:11:11 GMT; Max Age=7200; path=/)
Or does it not matter?
Filling in manually still doesn’t work.
Authorization works like this in Postman.
Only works if you use automatically added cookie headers. If you delete cookies in Postman and add your own exactly the same header, then it does not work.