I am a new in OWASP ZAP, so I need your help.
I have vulnerability site - DVWA. I am trying to work on token (CSRF) in bruteforce.
When page load I have HTML form with login, password and user-token. Third field are filled by dynamic token (CSRF).
I need to use bruteforce with CSRF token.
1) Receive user_token from loaded page 2) Send form through Fuzzer
As I understand, I need to create script for receiving user_token from loaded page and then run Attak -> Fuzz on authorization link, then select user_token value and add playload script that will fill it on each request.
But I can't find any information in Internet how to create this script, please help me.