I am a beginner so I don't know if I'll be able to describe the problem correctly. I am trying to solve an API challenge which requires me to bypass Rails CSRF protection? I need to provide correct cookies and headers but I'm unsure which approach to go for. I have tried using curl -h and --cookies, I also have tried editing the cookies and header with burp (idk if I was supposed to do that in the first place). If you can understand what I mean, could you help me out please?
Asked
Active
Viewed 171 times
0
-
What did you tried so far ? – RobyB Feb 01 '22 at 10:53
-
I tried disabling cookies, providing header and cookie myself from the previous working page via both curl and burp, tried traversal as well @RobyB – Abhishek Lal Feb 01 '22 at 11:04
-
If you're creating an API thats meant to be consumed for example server to server you need to disable the CSRF protection in your controller (or remove the middleware). See https://stackoverflow.com/questions/35181340/rails-cant-verify-csrf-token-authenticity-when-making-a-post-request/35184796#35184796 – max Feb 02 '22 at 03:36
-
@max am I supposed to put this in a file? I'm sorry just am confused – Abhishek Lal Feb 02 '22 at 05:14
-
Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Feb 15 '22 at 09:41