1. Open Intruder Tab
2. Define Attack Target
3. Select Pitchfork as Attack type. Define your payload positions.
4. Define grep rule. Open Options tab -> click Add button under Grep – Extract section. A new window opens -> click fetch response button and select your csrf token value and press ok.
5. Select Paylod types. Open Payloads Tab -> Select Recursive grep for Payload Set 1(csrf token). Choose also payload types for other sets.
6. Set payload options for every set. For set 1(csrf token) you should see grep-extract regex. Set an initial payload for first request.
7. Set number of threads to 1.
8. Start Attack