what is CSRF check failed when going on a website which doesn't require login?

javascript python html request web-crawler
11,864

CSRF prevents users from using the same tokens to make a request from outside of their own session on a website. You are probably submitting some form of token that was generated in your browser session, and then making the request from another device. More on CSRF here.

CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf. For most sites, browser requests automatically include any credentials associated with the site, such as the user's session cookie, IP address, Windows domain credentials, and so forth. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish between the forged request sent by the victim and a legitimate request sent by the victim.

Essentially, it thinks your request is a malicious person that got you to make a call from their computer.

Given the error message: CSRF check failed. Please enable cookies., I feel this token is stored in a cookie. Here's how I would go about getting around this:

  1. Open the chrome developer console
  2. Open the network tab
  3. Reload the page
  4. Right click the main page's request
  5. Mouse of "Copy", and then in the side drop out select "Copy as cURL"
  6. Go to https://curl.trillworks.com and past your cURL command in to get a python requests program that will make the same request.
Share:
11,864
Mohit Joshi
Author by

Mohit Joshi

Updated on June 04, 2022

Comments

  • Mohit Joshi
    Mohit Joshi almost 2 years

    I am new to web-crawling and HTML stuff. I am trying to get the content of this site: https://services.ecourts.gov.in/ecourtindiaHC/cases/s_orderdate.php?state_cd=24&dist_cd=1&court_code=1&stateNm=Sikkim But getting some error.

    session = requests.Session()
path = 
'https://services.ecourts.gov.in/ecourtindiaHC/cases/s_orderdate.php? 
 state_cd=24&dist_cd=1&court_code=1&stateNm=Sikkim'
 r2n = session.post(path)
 r2n.content

    Error:

    <html>
  <head>
    <title>CSRF check failed</title>
    <script type="text/javascript">var csrfMagicToken = "sid:c5118ae8a9e61592d303891cc2cd269c204972a8,1563237610";var csrfMagicName = "__csrf_magic";</script><script src="csrf-magic.js" type="text/javascript"></script>
  </head>
  <body>
    CSRF check failed. Please enable cookies.<br />Debug: <script type="text/javascript">CsrfMagic.end();</script>
  </body>
</html>

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Passing Javascript Variable to Python Flask
How do I convert base64 to an html file?
AttributeError: 'NoneType' object has no attribute 'strip' with Python WebCrawler
django forms as a pop up dialogue
Passing Data to Bootstrap Modals
Executing a script in selenium python
Jinja2 : call function on click
Displaying MongoDB Documents with HTML
Flask Dynamic dependent dropdown list
How can I send Json Data from javaScript to Flask