Sign In
Create Account
Hey i'm pretty new to all this shit and i just started learning how to create API configs but i'm stuck with this one problem...
OK so we send
Variable computed as -> Connection: Close\nContent-Type: application/x-www-form-urlencoded\nAccept: text/xml; charset=utf-8\nVersion: v1.1\nAccept-Language: en-us\nUser-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; LGLS676 Build/MXB48T)\nAccept-Encoding: gzip <-----Variables computed successfully in 16 ms-----> <-----Bot Status: Variables computed successfully -> Authenticating-----> <-----Sent Headers-----> POST /login HTTP/1.1 Accept: text/xml; charset=utf-8 User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; LGLS676 Build/MXB48T) Host: ********* Pragma: no-cache Connection: Close Content-Type: application/x-www-form-urlencoded Content-Length: 85 Version: v1.1 Accept-Language: en-us Accept-Encoding: gzip Post Data: j_username=<USER>&j_password=<PASS>&_spring_security_remember_me=true
and we receive
HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 264 Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: x-requested-with, Content-Type, Authorization, Brand, brand, ApiKey, apiKey, ApiAuthToken, apiAuthToken, webapp, version, Version, Access-Control-Allow-Credentials, ACCESS-CONTROL-ALLOW-CREDENTIALS,origin,accept,country-code,App-Platform,App-Version,app-platform,app-version Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH Access-Control-Max-Age: 3600 Cache-control: no-cache=" set-cookie" Content-Encoding: gzip Date: Fri, 26 May 2017 08:50:00 GMT Server: Set-Cookie: dod_logged_in=standardUser; Domain=.&&&&&; Expires=Sat, 26-May-2018 08:50:00 GMT; Path=/ Set-Cookie: apiAuthToken=b2Zqa2lsYWIxNEBnbWFpbC5jb206MTUyNzMyNDYwMDI1MToxZTYyNmJiNDcwYjc5Y2FhYmU5Y2M1NDc0ODI4ZGI2Yg; Expires=Sat, 26-May-2018 08:50:00 GMT; Path=/ Set-Cookie: ct=63bbf0f5-5019-4af5-bb19-ae2c571de5cc; Domain=.&&&&; Expires=Sat, 26-May-2018 08:50:00 GMT; Path=/ Set-Cookie: AWSELB=DB411935168257957E19BE5E271545EEB87500BA0BF90F2EE684BBB29071DBF9C1F4003064AD47668170DCE680A982A8980384E2DED53DAB4E219FF8C4893862105EA161DA;PATH=/;MAX-AGE=60 Vary: Accept-Encoding Vary: Origin X-Cache: Miss from cloudfront Via: 1.1 ce270f4a88edde7438864bc44406e83a.cloudfront.net (CloudFront) X-Amz-Cf-Id: W0AjdV6Q46jgP9rAFwvx9lCQ2C3vz7RJ4w_kv0F5Byc4JC6RgSoNbA==
but it sends an empty source...
This only happens if the combo is actually valid otherwise it sends the regular source
but what's weird is after it retries from empty source it sends everything again but with i guess encrypted username & pass
POST /login HTTP/1.1 Accept: text/xml; charset=utf-8 User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; LGLS676 Build/MXB48T) Host: ****** Pragma: no-cache Connection: Close Content-Type: application/x-www-form-urlencoded Content-Length: 73 Version: v1.1 Accept-Language: en-us Accept-Encoding: gzip Post Data: j_username=e0PWsyVF&j_password=hV1Ebbsp&_spring_security_remember_me=true
and receives the fail keys from the source..
anyone know what's wrong?? everything seems fine from what i received from the packet cap
didn't even need body just a header key it receives and we use that for another secret url to capture data 