Token & Redirecting Help

Discussion in 'Cracking Discussions & Help Forum' started by Tyrant, Nov 25, 2015.

  1. Tyrant

    Tyrant Basic Member

    Messages:
    1,331
    Likes:
    365
    Ratio:
    0.16
    Basically, for the config I'm working on, the website loads and says please wait then reloads a new page. In that process I can capture that the account works however, with sentry the page doesnt load when the user is logged in. In the source, I see two tokens and I think I need that in order to add the redirect URL and for it to work. I know where I need to put for the variables but the problem is what to choose. I tried 'constant & parsing code' but not sure that's the right thing.
     
  2. Luxor

    Luxor Member

    Messages:
    281
    Likes:
    55
    Ratio:
    0.08
    Maybe it needs authorization in the header too after the post data? I have seen many sites which don't work without that! Also disable 3xx redirects and disable follow redirects so that it doesn't redirect without the token or auth! Constant+variable should work fine imo
     
    Tyrant likes this.
  3. Tyrant

    Tyrant Basic Member

    Messages:
    1,331
    Likes:
    365
    Ratio:
    0.16
    Thanks I will try that out & will report back.
     
  4. Tyrant

    Tyrant Basic Member

    Messages:
    1,331
    Likes:
    365
    Ratio:
    0.16
    Okay that did something different but its heading in the right direction. But to make it simpler. Basically, with Directv when you login and the account works, it will load a page and then redirect you or refresh or something. Sentry doesn't obviously wait for the page to load so it just gets stuck there. That is the problem that I am having with this site. If the account works it say please wait, while we sign in you in. Then that's the last page source sentry stays in and it doesn't redirect either.
     
  5. Luxor

    Luxor Member

    Messages:
    281
    Likes:
    55
    Ratio:
    0.08
    Sentry does actually wait, but not for the page to load but it waits until it receives the page source from the server and that usually contains the difference between succes or failure keys! Maybe the site you are cracking requires some JavaScript to load you can do that by adding it in form redirect later since that supports it! If its a success the server usually sends a "location"header with 3xx code consuming the redirect URL! So then either you can just follow redirect or make a variable to parse the received header with header parse variable maybe Hparse don't remember :p (not the usual parsecode variable since it parses only page source ! hmu the site in pm, maybe I would be able to help
     
    Tyrant likes this.

Share This Page