.jsp extension gets ignored by CSRF token detector

arvinddoraiswamy / mywebappscripts

A collection of all the lists, scripts and techniques I use while doing web application penetration tests.

MIT License

168 stars 80 forks source link

.jsp extension gets ignored by CSRF token detector #15

Open arvinddoraiswamy opened 10 years ago

arvinddoraiswamy commented 10 years ago

Since .js files do not need a CSRF token I had added them to the excluded extensions array. But that caused .jsp to get ignored too. Need to improve regex.

Also make excluding extensions case insensitive.