I was wondering what the best approach (using mitmproxy/mitmdump) would be for interacting with a site that uses Anti-CSRF tokens. Basically, I need to do the following:
- GET a login page, parse the body looking for a token, and extract its value (using a regex or markers)
- Submit the page again along with a username and password, this time with an updated header of the value from (1)
- Repeat until login succeeds
I have done this previously using Burp macros + Intruder, however I am keen to use mitmproxy for future testing.
Any advice on how to approach this would be really appreciated.