redir. in Atuhentication Stage problem

Discussion in 'Cracking Discussions & Help Forum' started by Ghost Rider, Aug 29, 2014.

  1. Ghost Rider

    Ghost Rider Basic Member

    Messages:
    1,977
    Likes:
    221
    Ratio:
    0.1
    Site name: identity1.dishnetwork.com

    Is about Authentication Stage finding my FK but have some redir.

    I follow httpfox and i checked my debug and everything seems ok
    First redir. 303 then come 302 and now 200,and i am stuck with the 3'rd redir.i think i must parse Auth value and make another 302 redir. in the Authenticating Stage''but i don't know how



    the 3'rd url:

    https://identity1.dishnetwork.com/saml/module.php/authbypass/firstbookend.php?AuthState=_8fbe5dc19d470706622a5f14c5df52c623cf4caf29%3AlVLZTsMwEPya5AWRk7YEKULpJVVqKWpA8FYZxyVWE9uy3SN_z9qpSGlfqGRl17szY-_EpdZCPfk-LQjTVDehV1BVMqIPXG49zGtfobqynwhAws_zZU7knmLiiVI8K9HyaJGWIOXEmRNNYdWNFTIKsBOSFxCwQgfy5WLOt5S80Zqk4UOQREnSf-y5Gy4xyXa6ZGnokqMmTFHOVIpAMzS6gyGFEDjxcGlKPXtWlGeLebT-XMzXo3LHtlCBetziFYSo3-KcILiEBsGxrnItKfu2NIsPk-BEiEeqYZCvSNUA5BVJ3dwBgxmYbY0BtpOs3SLMJWTmEHOsZ2Rgbs0xryDdhwDu6ODnOZ8jRU2doZqYqPGlFFKKSA2OXMqI23R-r2QmnIzy7GMyhFHh71xPC4DOmKS1peIYVS8gf2ZZ1Lb-UK-69koCYfK-mnXd-NS9yUbgOoMxLNdcZDaeclkjnf7XAtOhxf3Gsow8kUCBB6d_AA%3D%3D&id=f5e616822e&coeff=0&history=4
    [​IMG]

    here the entire debug

    Code:
    Select All
    PHP:
    Select All
    <-----Bot StatusAuthenticating----->
    <-----
    Sent Headers----->
    POST /saml/module.php/authSynacor/login.php?AuthState=_1957c3393a9e6e14d1563524f700d4713e4f16aefb%3AlVLZasMwEPwa-6XUh5wmuGCKc0EgaUrc0r4FVVZqEVsSknL477uSQ5OmLw0I72p3ZqQdqzJG6scwZCXlhpk2DkqmK07NQahtQEQTatzU7oMAJMOiWBZU7Rmhgazkk5Ydj5VZBVJekntoCqtpnZBVgJ1UooRAND7QT58IsWX0lTU0i3tRitK03xv4G6EIzXem4lns06OhXDPBdYZBM7a6gyGDEHnJcGlLD-4sVOSLOVp_LObrUbXjW6hAPenwGgLqdzgviq6hUXRs6sIoxr8czeHjNDoRkpFuOeQrWrcAecHKtHfA4BbmWmOA7RTvtpgIBZk9xB4bWBmY2wgiakj3MYDPdPDzki-wZrbOcUNtNORaCmtNlQFHrmXkbTo_V7ITTkZF_j4Zwqjwd_5OC4CzMWlnSy0Irp9B_sIy1LV-Uf903ZUkJvRtNTt3k1P3JhuB6w3GsHx7kdl4KlSDTfZfC2yHlfcbx7LyVAEFHpz5Bg%3D%3D HTTP/1.1
    Accept
    : */*
    Referer: https://identity1.dishnetwork.com/saml/module.php/authSynacor/login.php?AuthState=_1957c3393a9e6e14d1563524f700d4713e4f16aefb%3AlVLZasMwEPwa-6XUh5wmuGCKc0EgaUrc0r4FVVZqEVsSknL477uSQ5OmLw0I72p3ZqQdqzJG6scwZCXlhpk2DkqmK07NQahtQEQTatzU7oMAJMOiWBZU7Rmhgazkk5Ydj5VZBVJekntoCqtpnZBVgJ1UooRAND7QT58IsWX0lTU0i3tRitK03xv4G6EIzXem4lns06OhXDPBdYZBM7a6gyGDEHnJcGlLD-4sVOSLOVp_LObrUbXjW6hAPenwGgLqdzgviq6hUXRs6sIoxr8czeHjNDoRkpFuOeQrWrcAecHKtHfA4BbmWmOA7RTvtpgIBZk9xB4bWBmY2wgiakj3MYDPdPDzki-wZrbOcUNtNORaCmtNlQFHrmXkbTo_V7ITTkZF_j4Zwqjwd_5OC4CzMWlnSy0Irp9B_sIy1LV-Uf903ZUkJvRtNTt3k1P3JhuB6w3GsHx7kdl4KlSDTfZfC2yHlfcbx7LyVAEFHpz5Bg%3D%3D
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
    Host: identity1.dishnetwork.com
    Pragma: no-cache
    Connection: keep-alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 106
    Cookie: s_sq=synacortveauth%3D%2526pid%253DSocial%252520Login%252520Off%2526pidt%253D1%2526oid%253D%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509LOG%252520IN%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2526oidt%253D3%2526ot%253DSUBMIT
    Post Data:
    username=samboug&password=0559278739&login_type=username%2Cpassword&source=&remember_me=yes&source_button=


    <-----Received Headers----->
    HTTP/1.1 303 See Other
    Server: nginx
    Date: Fri, 29 Aug 2014 09:42:54 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 2091
    Connection: keep-alive

    Set-Cookie: flowtracker=4cd688c60e0234130f42f969d1fad0ba; expires=Mon, 26-Aug-2024 09:42:54 GMT; path=/; domain=identity1.dishnetwork.com; httponly


    Set-Cookie: dishnetworkIdPSessionID=17b0dd6834765b1651f5b9c34fb019e7; path=/; secure; httponly


    Set-Cookie: flowtracker=7f6e3e856a9f174a79529d35490266c5; expires=Mon, 26-Aug-2024 09:42:54 GMT; path=/; domain=identity1.dishnetwork.com; httponly

    X-UA-Compatible: IE=EmulateIE9
    Location: https://identity1.dishnetwork.com/saml/saml2/idp/SSOService.php?spentityid=http%3A%2F%2Fmy.dish.com%2Fprod%2Fcsaweb&cookieTime=1409299647&forceAuthn=1&extensions=a%3A1%3A%7Bi%3A0%3BO%3A15%3A%22SAML2_XML_Chunk%22%3A3%3A%7Bs%3A26%3A%22%00SAML2_XML_Chunk%00xmlString%22%3Bs%3A190%3A%22%3Csyn%3ARelyingParty+xmlns%3Asyn%3D%22urn%3Asynacor%3ASAML%3A2.0%3Aprotocol%3Av1%22+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22%3ECSAWEB%3C%2Fsyn%3ARelyingParty%3E%22%3Bs%3A9%3A%22localName%22%3Bs%3A12%3A%22RelyingParty%22%3Bs%3A12%3A%22namespaceURI%22%3Bs%3A32%3A%22urn%3Asynacor%3ASAML%3A2.0%3Aprotocol%3Av1%22%3B%7D%7D&NameIDFormat=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Anameid-format%3Apersistent
    Pragma: no-cache
    Cache-Control: private, no-store, no-cache, must-revalidate
    P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
    Accept-Ranges: bytes
    X-Varnish: 2364126089
    Age: 0
    Via: 1.1 varnish



    <-----Bot Status: Authenticating----->
    <-----Sent Headers----->
    GET /saml/saml2/idp/SSOService.php?spentityid=http%3A%2F%2Fmy.dish.com%2Fprod%2Fcsaweb&cookieTime=1409299647&forceAuthn=1&extensions=a%3A1%3A%7Bi%3A0%3BO%3A15%3A%22SAML2_XML_Chunk%22%3A3%3A%7Bs%3A26%3A%22%00SAML2_XML_Chunk%00xmlString%22%3Bs%3A190%3A%22%3Csyn%3ARelyingParty+xmlns%3Asyn%3D%22urn%3Asynacor%3ASAML%3A2.0%3Aprotocol%3Av1%22+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22%3ECSAWEB%3C%2Fsyn%3ARelyingParty%3E%22%3Bs%3A9%3A%22localName%22%3Bs%3A12%3A%22RelyingParty%22%3Bs%3A12%3A%22namespaceURI%22%3Bs%3A32%3A%22urn%3Asynacor%3ASAML%3A2.0%3Aprotocol%3Av1%22%3B%7D%7D&NameIDFormat=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Anameid-format%3Apersistent HTTP/1.0
    Accept: */
    *
    Pragmano-cache
    User
    -AgentMozilla/5.0 (WindowsUWindows NT 5.1en-USrv:1.9.0.11Gecko/2009060215 Firefox/3.0.11
    Host
    identity1.dishnetwork.com
    Cookie
    flowtracker=7f6e3e856a9f174a79529d35490266c5dishnetworkIdPSessionID=17b0dd6834765b1651f5b9c34fb019e7s_sq=synacortveauth%3D%2526pid%253DSocial%252520Login%252520Off%2526pidt%253D1%2526oid%253D%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509LOG%252520IN%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2526oidt%253D3%2526ot%253DSUBMIT


    <-----Received Headers----->
    HTTP/1.1 302 Found
    Server
    nginx
    Date
    Fri29 Aug 2014 09:42:55 GMT
    Content
    -Typetext/htmlcharset=UTF-8
    Content
    -Length1815
    Connection
    close
    Location
    https://identity1.dishnetwork.com/saml/module.php/authbypass/firstbookend.php?AuthState=_06f811bcb9ae2bf9e5517fe84714699547a7c560d7%3AlVJda4MwFP01-jKmUdeVDmTYLyi066gb21vJYjpDNQlJ-uG_300sa2dfVgjem3vPOck9pjRG6qcwZAXlhpkmCgqmS07NQahtQEQdalxX7hMDSIZ5vsyp2jNCA1nKZy1bHivSEqS8JPPiKay6cUJWAXZSiQIC0fhAv3wixJbRN1bTNHpAgwT1kn7P3whFaLYzJU8jnx4N5ZoJrlMMmpHV7Q8ZBOQlw6Ut9dxZcZ4t5vH6czFfj8od30IF6kmL1xDixxbnIdSFInSsq9woxr8dzeGjAToRkpFuOOQrWjUAecXKNHfA4BbmWmOA7RRvt5gIBZk9xB4bWBmY2wgiKkj3EYDPdPDzki-wZrbOcU1tNKQrhbWmyoAjXRl5m87vleyEk1GefUyGMCr8netpAXA2ZtDaUgmCqxeQv7Asblt_qFdddyWJCX1fzc7d5NS9yUbgev0xLN9eZDaeClVjk_7XAtthxf3Gsaw8VUCBB2d-AA%3D%3D&id=1f0215949a&coeff=0
    Pragmano-cache
    Cache
    -Control: private, no-storeno-cachemust-revalidate
    P3P
    CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
    Accept-Rangesbytes
    X
    -Varnish2122928165
    Age
    0
    Via
    1.1 varnish



    <-----Bot StatusAuthenticating----->
    <-----
    Sent Headers----->
    GET /saml/module.php/authbypass/firstbookend.php?AuthState=_06f811bcb9ae2bf9e5517fe84714699547a7c560d7%3AlVJda4MwFP01-jKmUdeVDmTYLyi066gb21vJYjpDNQlJ-uG_300sa2dfVgjem3vPOck9pjRG6qcwZAXlhpkmCgqmS07NQahtQEQdalxX7hMDSIZ5vsyp2jNCA1nKZy1bHivSEqS8JPPiKay6cUJWAXZSiQIC0fhAv3wixJbRN1bTNHpAgwT1kn7P3whFaLYzJU8jnx4N5ZoJrlMMmpHV7Q8ZBOQlw6Ut9dxZcZ4t5vH6czFfj8od30IF6kmL1xDixxbnIdSFInSsq9woxr8dzeGjAToRkpFuOOQrWjUAecXKNHfA4BbmWmOA7RRvt5gIBZk9xB4bWBmY2wgiKkj3EYDPdPDzki-wZrbOcU1tNKQrhbWmyoAjXRl5m87vleyEk1GefUyGMCr8netpAXA2ZtDaUgmCqxeQv7Asblt_qFdddyWJCX1fzc7d5NS9yUbgev0xLN9eZDaeClVjk_7XAtthxf3Gsaw8VUCBB2d-AA%3D%3D&id=1f0215949a&coeff=0 HTTP/1.0
    Accept
    : */*
    Pragma: no-cache
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
    Host: identity1.dishnetwork.com
    Cookie: flowtracker=7f6e3e856a9f174a79529d35490266c5; dishnetworkIdPSessionID=17b0dd6834765b1651f5b9c34fb019e7; s_sq=synacortveauth%3D%2526pid%253DSocial%252520Login%252520Off%2526pidt%253D1%2526oid%253D%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509LOG%252520IN%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2526oidt%253D3%2526ot%253DSUBMIT


    <-----Received Headers----->
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 29 Aug 2014 09:42:56 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 2232
    Connection: close
    Vary: Accept-Encoding

    Set-Cookie: ppp=1; expires=Fri, 29-Aug-2014 09:43:11 GMT; path=/; httponly

    Cache-Control: public, max-age=2592000
    P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
    Accept-Ranges: bytes
    X-Varnish: 2122928233
    Age: 0
    Via: 1.1 varnish



    <-----Received Source----->
    <!DOCTYPE html>
    <html lang="en">
        <head>
            <meta charset="utf-8" />
            <title>Redirecting...</title>
            <script type="text/javascript">
                if(typeof String.prototype.trim !== 'function') {
                    String.prototype.trim = function() {
                        return this.replace(/^\s+|\s+$/g, '');
                    };
                }

                function getCookie(cname) {
                    var name = cname + "=";
                    var ca = document.cookie.split(';');
                    for(var i=0; i<ca.length; i++) {
                        var c = ca[i].trim();
                        if (c.indexOf(name)==0) return decodeURIComponent(c.substring(name.length,c.length));
                    }
                    return "";
                }
                function getHistoryDiff(id) {
                    var cookie_val = getCookie('bbp');
                    if (cookie_val) {
                        id_parts = cookie_val.split(",")
                        for (var i in id_parts) {
                            var id_part_arr = id_parts[i].split(":");
                            if (id_part_arr[0] == id) {
                                return parseInt(id_part_arr[1]);
                            }
                        }
                    }
                    return "";
                }
                function process() {
                    var history_diff = getHistoryDiff("1f0215949a");
                    if (history_diff !== "") {
                        // We've returned and are going forward
                        var diff = (history_diff + 0 + 2);
                        if (history_diff != 0 && diff != 0) {
                            window.history.go(diff);
                        }
                    } else {
                        // We are here the first time
                        document.getElementById("history_val").value = window.history.length
                        document.getElementById("history_form").submit();
                    }
                }
            </script>
        </head>
        <body onload="process()">
            
    <form method="get" id="history_form">
                <input type="hidden" name="AuthState" value="_06f811bcb9ae2bf9e5517fe84714699547a7c560d7:lVJda4MwFP01-jKmUdeVDmTYLyi066gb21vJYjpDNQlJ-uG_300sa2dfVgjem3vPOck9pjRG6qcwZAXlhpkmCgqmS07NQahtQEQdalxX7hMDSIZ5vsyp2jNCA1nKZy1bHivSEqS8JPPiKay6cUJWAXZSiQIC0fhAv3wixJbRN1bTNHpAgwT1kn7P3whFaLYzJU8jnx4N5ZoJrlMMmpHV7Q8ZBOQlw6Ut9dxZcZ4t5vH6czFfj8od30IF6kmL1xDixxbnIdSFInSsq9woxr8dzeGjAToRkpFuOOQrWjUAecXKNHfA4BbmWmOA7RRvt5gIBZk9xB4bWBmY2wgiKkj3EYDPdPDzki-wZrbOcU1tNKQrhbWmyoAjXRl5m87vleyEk1GefUyGMCr8netpAXA2ZtDaUgmCqxeQv7Asblt_qFdddyWJCX1fzc7d5NS9yUbgev0xLN9eZDaeClVjk_7XAtthxf3Gsaw8VUCBB2d-AA==" />
                <input type="hidden" name="id" value="1f0215949a" />
                <input type="hidden" name="coeff" value="0" />
                <input type="hidden" name="history" id="history_val" value="" />
            </form>

        </body>
    </html>




    ----------------------------------------------------------------------------------
    <-----Bot Status: No keys found upon 200 - OK -> Check answer - Source Length: 2232----->
     
  2. ghaith123

    ghaith123 Banned

    Messages:
    296
    Likes:
    10
    Ratio:
    0.01
    EDIT: REMOVED IA WAY [SECOND WAY] SINCE YOU NEED TO SET SOME PARAMETERS.
    from your very own debug , [​IMG]
    just use a proper variable to reasign it into the post action url.


    good luck.
     
    BarryTheBlade likes this.
  3. Ghost Rider

    Ghost Rider Basic Member

    Messages:
    1,977
    Likes:
    221
    Ratio:
    0.1
    you make it? i thought that auth variable need to use for history url not for final-new post action.
    If we can solve this can u choose a site wich needs paremeters and show me how it works please
    i need to learn please please
    and by the way how was ur school
     
  4. Ghost Rider

    Ghost Rider Basic Member

    Messages:
    1,977
    Likes:
    221
    Ratio:
    0.1
    if i parse auth= value from history source and assign as post action dones't work
     

Share This Page