jankko60 Rare Posted April 30, 2017 Share Posted April 30, 2017 (edited) Http Analyzer post data : {"correlationId":3,"operationName":"login","payload":[{"email":"none@gmai.com","password":"7412","rememberMe":false,"captcha_response":"NOTREQUIRED"},{"allowAuthenticated":false,"extraLoginTicket":false}],"securityToken":"af89d6dd336153e032153126622dd994a2ac7b74-1493571910127-27a17e8206fa049323db1545","serviceName":"LoginService"} My Sentry Input Data String : correlationId=3&operationName=login&payload=%5B%7Bemail=<USER>&password=<PASS>&rememberMe=false&captcha_response=NOTREQUIRED%7D&%7BDallowAuthenticated=false&extraLoginTicket=false%7D%5D&serviceName=LoginService&securityToken=5fda2dfd363768d23a5434a42dc847b0e1b15964-1493569919803-27a17e8206fa049323db1545 Sentry Debug Otput : Post Data: {"correlationId":"3","operationName":"login","payload":"[{email","password":"karolina","rememberMe":"false","captcha_response":"NOTREQUIRED}","{DallowAuthenticated":"false","extraLoginTicket":"false}]","serviceName":"LoginService","securityToken":"5fda2dfd363768d23a5434a42dc847b0e1b15964-1493569919803-27a17e8206fa049323db1545"} sintax Error : Post Data: --> "[{email extra QUOTATION MARK after LEFT SQUARE BRACKET [{email" -> Missing QUOTATION MARK before email [{email" -> missing email value ( consequence by previus error i suppose) "NOTREQUIRED}" - > bad QUOTATION MARK outside RIGHT CURLY BRACKET - > "{DallowAuthenticated" bad QUOTATION MARK outside LEFT CURLY BRACKET false}]" -> bad QUOTATION MARK outside RIGHT SQUARE BRACKET Someone can fix me please ? Thank you Edited April 30, 2017 by jankko60 Link to comment Share on other sites More sharing options...
jankko60 Rare Posted May 15, 2017 Author Share Posted May 15, 2017 any help ? Link to comment Share on other sites More sharing options...
pacifico Rare Posted May 16, 2017 Share Posted May 16, 2017 (edited) 15 hours ago, jankko60 said: any help ? From what i see post data is: {"correlationId":3,"operationName":"login","payload":[{"email":"<USER>","password":"<PASS>","rememberMe":false,"captcha_response":"NOTREQUIRED"},{"allowAuthenticated":false,"extraLoginTicket":false}],"securityToken":"af89d6dd336153e032153126622dd994a2ac7b74-1493571910127-27a17e8206fa049323db1545","serviceName":"LoginService"} There is a securityToken, so maybe you have to parse it everytime you reload login page if it changes. Have you checked it? If securityToken changes use variables to parse it (from a cookie or probably from an hidden field in html source). Your post data will be a concatenation (& operator) of: 1 -----> {"correlationId":3,"operationName":"login","payload":[{"email":"<USER>","password":"<PASS>","rememberMe":false,"captcha_response":"NOTREQUIRED"},{"allowAuthenticated":false,"extraLoginTicket":false}],"securityToken":" 2 ----> Token value parsed by variables 3 ----> ","serviceName":"LoginService"} Send it as POST Action Post Data (usual Post Request, no need to use POST (Json) method in Sentry Authentication Stage, just use POST method) Furthermore you have to include this header in your request -----> Content-Type: application/json Next time it's better you provide the site you are trying to crack... Edited May 16, 2017 by pacifico 1 Link to comment Share on other sites More sharing options...
jankko60 Rare Posted May 16, 2017 Author Share Posted May 16, 2017 (edited) 12 hours ago, pacifico said: There is a securityToken, so maybe you have to parse it everytime you reload login page if it changes. Have you checked it? i will try....... it's not in the cookie stage , not in html body source ........ sure i'm wrong .......... but i don't find it........ Quote If securityToken changes use variables to parse it (from a cookie or probably from an hidden field in html source). Your post data will be a concatenation (& operator) of: 1 -----> {"correlationId":3,"operationName":"login","payload":[{"email":"<USER>","password":"<PASS>","rememberMe":false,"captcha_response":"NOTREQUIRED"},{"allowAuthenticated":false,"extraLoginTicket":false}],"securityToken":" 2 ----> Token value parsed by variables 3 ----> ","serviceName":"LoginService"} this is clear Quote Send it as POST Action Post Data (usual Post Request, no need to use POST (Json) method in Sentry Authentication Stage, just use POST method) Well, this point have a question marks ..... ( i'm thinking on.....) sure i will do it....... Quote Furthermore you have to include this header in your request -----> Content-Type: application/json OK Thank you so much pacifico bye Edited May 16, 2017 by jankko60 Link to comment Share on other sites More sharing options...
pacifico Rare Posted May 19, 2017 Share Posted May 19, 2017 On 16/5/2017 at 9:58 PM, jankko60 said: i will try....... it's not in the cookie stage , not in html body source ........ sure i'm wrong .......... but i don't find it........ As i said, provide the site you are trying to crack, in public or send a pm. It's up to u 1 Link to comment Share on other sites More sharing options...
jankko60 Rare Posted May 19, 2017 Author Share Posted May 19, 2017 5 hours ago, pacifico said: As i said, provide the site you are trying to crack, in public or send a pm. It's up to u PM a.s.a.p. thank you Link to comment Share on other sites More sharing options...
pacifico Rare Posted May 20, 2017 Share Posted May 20, 2017 (edited) 23 hours ago, jankko60 said: PM a.s.a.p. thank you Ok, in this case you can proceed this way: Intermediate Action Stage (this will give u the securityToken) Request Method: POST Action Url: https://id.avast.com/service/single/MetaService/securityToken Post Data: {"correlationId":1,"operationName":"securityToken","payload":[],"serviceName":"MetaService"} Include as always this header in your request Content-Type: application/json Now you can parse the securityToken by variables from the Intermediate Action Stage response, proceeding to the Authentication Stage ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ In Authentication Stage you'll make again a POST request (posta data in Json format, built as i explained u few days ago) in this way: Authentication Stage Request Method: POST Action Url: https://id.avast.com/service/single/LoginService/login?target=https%3A%2F%2Fmy.avast.com Post Data : {"correlationId":3,"operationName":"login","payload":[{"email":"<USER>","password":"<PASS>","rememberMe":false,"captcha_response":"NOTREQUIRED"},{"allowAuthenticated":false,"extraLoginTicket":false}],"securityToken":"af89d6dd336153e032153126622dd994a2ac7b74-1493571910127-27a17e8206fa049323db1545","serviceName":"LoginService"} Obviously securityToken value will be that parsed in the previous stage Include as always this header in your request Content-Type: application/json Edited May 20, 2017 by pacifico 2 Link to comment Share on other sites More sharing options...
jankko60 Rare Posted May 20, 2017 Author Share Posted May 20, 2017 (edited) Problem solved "Topic can be closed" Thank you pacifico Edited May 20, 2017 by jankko60 1 Link to comment Share on other sites More sharing options...
Recommended Posts