Whats wrong?

Discussion in 'Cracking Discussions & Help Forum' started by Villezzai, Sep 2, 2015.

  1. Villezzai

    Villezzai Advanced Member

    Messages:
    823
    Likes:
    1,050
    Ratio:
    0.97
  2. MR.ViPeR

    MR.ViPeR Well-Known Member Retired Staff

    Messages:
    3,778
    Likes:
    2,201
    Ratio:
    2.87
    You Should Add X-Auth To Header That You Send For The Login Request In Sentry MBA
     
  3. Villezzai

    Villezzai Advanced Member

    Messages:
    823
    Likes:
    1,050
    Ratio:
    0.97
    Where do i add it?
     
  4. MR.ViPeR

    MR.ViPeR Well-Known Member Retired Staff

    Messages:
    3,778
    Likes:
    2,201
    Ratio:
    2.87
    [​IMG]
     
  5. Villezzai

    Villezzai Advanced Member

    Messages:
    823
    Likes:
    1,050
    Ratio:
    0.97
  6. LethalLuck

    LethalLuck Basic Member

    Messages:
    804
    Likes:
    774
    Ratio:
    0.39
    You can add x:Auth in either the green header box or as it as a variable and assign is to post header
     
    Sublime likes this.
  7. MR.ViPeR

    MR.ViPeR Well-Known Member Retired Staff

    Messages:
    3,778
    Likes:
    2,201
    Ratio:
    2.87
  8. Villezzai

    Villezzai Advanced Member

    Messages:
    823
    Likes:
    1,050
    Ratio:
    0.97
  9. MR.ViPeR

    MR.ViPeR Well-Known Member Retired Staff

    Messages:
    3,778
    Likes:
    2,201
    Ratio:
    2.87
    Then Use The Same User-Agent That Hide.me App Used And Add Accept-Encoding: gzip To Your Headers
     
  10. Villezzai

    Villezzai Advanced Member

    Messages:
    823
    Likes:
    1,050
    Ratio:
    0.97
    Still... lol

    <-----Bot Status: Authenticating----->
    <-----Sent Headers----->
    POST /login HTTP/1.1
    Accept: */*
    User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; GT-I9305 Build/KTU84P) - HIDE.ME.ANDROID-1.0.0
    Host: api.hide.me
    Pragma: no-cache
    Connection: keep-alive
    X-Auth: 19ae1216446e003946ccc56a217cfceaa6a2d5fc
    Accept-Encoding: gzip
    Content-Type: application/json; charset=utf-8
    Content-Length: 37
    Post Data:
    {"username":"test","password":"test"}


    <-----Received Headers----->
    HTTP/1.1 503 Service Unavailable
    Server: nginx
    Date: Wed, 02 Sep 2015 12:43:48 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache



    <-----Received Source----->
    []



    ----------------------------------------------------------------------------------
    <-----Bot Status: 503 - Service Unavailable----->
     
  11. LethalLuck

    LethalLuck Basic Member

    Messages:
    804
    Likes:
    774
    Ratio:
    0.39
    Try setting it as a var and send the data as JSON


    Variable:
    X
    Login Page
    Constant: X-Auth: ShitI'mNotTyping/Copying

    Assign X to Post Page Header

    POST(json)
    username=<USER>&password=<PASS>
     
  12. MR.ViPeR

    MR.ViPeR Well-Known Member Retired Staff

    Messages:
    3,778
    Likes:
    2,201
    Ratio:
    2.87
    lol, X-Auth Is a Hashed Username ! xD U Should Compute That As Well By Variables
     
    Sublime likes this.
  13. Villezzai

    Villezzai Advanced Member

    Messages:
    823
    Likes:
    1,050
    Ratio:
    0.97
    Like this? http://prntscr.com/8bqm2n

    STILL same error.

    <-----Received Source----->
    Fake Socket Stage


    <-----Start Variables Computation----->

    Computing Variable -> header

    Variable computed as -> X-Auth: 19ae1216446e003946ccc56a217cfceaa6a2d5fc

    <-----Variables computed successfully in 0 ms----->


    <-----Bot Status: Variables computed successfully -> Authenticating----->
    <-----CONNECT Request----->
    CONNECT api.hide.me:443 HTTP/1.0
    User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; GT-I9305 Build/KTU84P) - HIDE.ME.ANDROID-1.0.0
    Host: api.hide.me
    Proxy-Connection: Keep-Alive
    Content-Length: 0


    <-----CONNECT Response----->
    HTTP/1.0 200 Connection Established
    FiddlerGateway: Direct
    StartTime: 15:58:48.381
    Connection: close




    <-----Bot Status: Variables computed successfully -> Authenticating----->
    <-----Sent Headers----->
    POST /login HTTP/1.1
    Accept: */*
    User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; GT-I9305 Build/KTU84P) - HIDE.ME.ANDROID-1.0.0
    Host: api.hide.me
    Pragma: no-cache
    Connection: keep-alive
    X-Auth: 19ae1216446e003946ccc56a217cfceaa6a2d5fc
    Accept-Encoding: gzipContent-Type: application/json; charset=utf-8
    Content-Length: 37
    Post Data:
    {"username":"test","password":"test"}


    <-----Received Headers----->
    HTTP/1.1 503 Service Unavailable
    Server: nginx
    Date: Wed, 02 Sep 2015 12:58:45 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache



    <-----Received Source----->
    []



    ----------------------------------------------------------------------------------
    <-----Bot Status: 503 - Service Unavailable----->
    ---------------------------------------------------------------------------------->
     
  14. LethalLuck

    LethalLuck Basic Member

    Messages:
    804
    Likes:
    774
    Ratio:
    0.39
    Viper is correct apply SHA-1 to your Username and set that as the X-Auth do this suing variables Example:

    Variable name: X
    Login Page
    Constant: X-Auth: (<There's a space there for a reason)
    &
    Username (On function apply SHA-1 you may need another variable but SHA-1 might be default (Use Set parameter index and end or w/e it is))
     
    Tarwin likes this.
  15. Tarwin

    Tarwin Advanced Member

    Messages:
    381
    Likes:
    314
    Ratio:
    3.09
    You fucked up the headers. Make sure there's an empty line at the end of your headers (only one!)
     
    LethalLuck likes this.
  16. Tarwin

    Tarwin Advanced Member

    Messages:
    381
    Likes:
    314
    Ratio:
    3.09
    Correct. Make sure you put the variable which chooses she shatype before the variable which hashes the username though.
     
    LethalLuck likes this.
  17. Villezzai

    Villezzai Advanced Member

    Messages:
    823
    Likes:
    1,050
    Ratio:
    0.97
    Same error, im done.

    http://prntscr.com/8bqs8v
     
  18. Sublime

    Sublime Banned

    Messages:
    2,008
    Likes:
    1,255
    Ratio:
    0.82
    You're doing it wrong. Assign correct user-agent in the green header box.

    Then use a constant variable on header post w/xauth

    Edit: or as the sha1 encryption.

    Ezpz
     
  19. Sublime

    Sublime Banned

    Messages:
    2,008
    Likes:
    1,255
    Ratio:
    0.82
    You also need to remove the old hash in your variable, just leave the X-Auth
     
  20. Sam_03

    Sam_03 Member

    Messages:
    445
    Likes:
    250
    Ratio:
    0.04

Share This Page