CSRF Tokens

Many sites use CSRF tokens to prevent cross-site request forgery. In this case you need to extract those tokens and send them along with subsequent requests.

For further information on content extraction take a look at our reference.

Extract CSRF Token

In your test case definition you can use StormForgers ability to extract the token from a response body like:

  "authorization": {
    "csrfToken": "noXuMgKei5pPP4wdv5Kq"

with the following option:

session.get("/users/register", {
  tag: "fetch_token",
  extraction: {
    jsonpath: {
      "csrfToken": "authorization.csrfToken"

You can then use the csrfToken as a dynamic data source within the same session:

session.post("/users/register", {
  tag: "registration",
  payload: {
    token: session.getVar("csrfToken"),
    username: "Foo",
    password: "bar"
Get started icon

Get Started

New to StormForger?
With these guides you’ll be up and running in no time!

FAQ icon


Already took a look at our FAQs?

Support icon


Are you stuck? Talk to us! We're humans.

We are using cookies to give you the best online experience. If you continue to use this site, you agree to our use of cookies. By declining we will disable all but strictly required cookies. Please see our privacy policy for more details.

Accept Decline