← Back to Scraping Central
Practice target. A fake marketplace built for scraping practice, no real businesses, people, or prices. View the matching lesson at Scraping Central / Learn.

Catalog108 / challenges / static/forms/csrf

CSRF-Protected Form Challenge

beginner Matching curriculum →

What this challenge teaches

Teaches: GET the form, extract the hidden _csrf token, POST it back with the form data. POST without the token returns 403.

Expected output: GET the form → parse the _csrf input value → POST {name, _csrf} → expect a success message.

Submit your scraper's JSON output to /challenges/static/forms/csrf/grade (grader endpoint is part of a later phase; URL is reserved now).

Hint: scrape this page, extract input[name="_csrf"]'s value, then POST it back with name. The token rotates after every successful submit (and after most failures), re-fetch the form for a fresh token.