How To Used Webrequest to Website that have Cross-Site Request Forgery (CSRF protection)
The way that i do now is request "GET" to get the token and then Using request "POST" to submit the form.
but it return out like this
Code:
<h1>An Error Was Encountered</h1>
<p>The action you have requested is not allowed.</p> </div>
is there any way can i post my request through the Cross-Site Request Forgery
This is my code
Code:
Dim request As HttpWebRequest = DirectCast(WebRequest.Create("url"), HttpWebRequest)
request.CookieContainer = secure_cookie
Dim response As HttpWebResponse = DirectCast(request.GetResponse(), HttpWebResponse)
Dim reader As New StreamReader(response.GetResponseStream())
Dim RawText As String = reader.ReadToEnd
csrf_secure = Regex.Match(RawText, "csrf_secure" & Chr(34) & " value=" & Chr(34) & "(.*?)" & Chr(34) & "/>").Groups(1).Value
Code = Regex.Match(RawText, "code" & Chr(34) & " value=" & Chr(34) & "(.*?)" & Chr(34) & "/>").Groups(1).Value
TextBox1.Text = csrf_secure
TextBox2.Text = Code
Code:
Dim postData As String = "csrf_secure=" & csrf_secure & "&code=" & Code & "&mes=" & TextBox3.Text & "name=" & TextBox4.Text & "email=" & TextBox5.Text & "&g-recaptcha-response="
Dim tempCookies As New CookieContainer
Dim encoding As New UTF8Encoding
Dim byteData As Byte() = System.Text.Encoding.UTF8.GetBytes(postData)
Dim postReq As HttpWebRequest = DirectCast(WebRequest.Create("url"), HttpWebRequest)
postReq.Method = "POST"
postReq.KeepAlive = True
postReq.CookieContainer = secure_cookie
postReq.ContentType = "application/x-www-form-urlencoded"
postReq.Referer = "url"
postReq.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0"
postReq.ContentLength = byteData.Length
Dim postreqstream As Stream = postReq.GetRequestStream()
postreqstream.Write(byteData, 0, byteData.Length)
postreqstream.Close()
Dim postresponse As HttpWebResponse
postresponse = DirectCast(postReq.GetResponse(), HttpWebResponse)
tempCookies.Add(postresponse.Cookies)
Dim postreqreader As New StreamReader(postresponse.GetResponseStream())
MsgBox(postreqreader.ReadToEnd())
postresponse.Close()
postreqreader.Close()