mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2025-07-05 20:41:39 -07:00
fix http-...-form help
This commit is contained in:
vanhauser-thc
parent
3332b3c366
commit
882a1a3aac
2 changed files with 25 additions and 26 deletions
|
|
@ -1434,27 +1434,26 @@ void usage_http_form(const char *service) {
|
|||
"redirections in\n"
|
||||
"a row. It always gathers a new cookie from the same URL without "
|
||||
"variables\n"
|
||||
"The parameters take three \":\" separated values, plus optional "
|
||||
"The parameters requires three \":\" separated values, plus optional "
|
||||
"values.\n"
|
||||
"(Note: if you need a colon in the option string as value, escape it "
|
||||
"with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
|
||||
"\nSyntax: <url>:<form parameters>:<condition "
|
||||
"string>[:<optional>[:<optional>]\n"
|
||||
"First is the page on the server to GET or POST to (URL).\n"
|
||||
"Second is the POST/GET variables (taken from either the browser, proxy, "
|
||||
"etc.\n"
|
||||
" with url-encoded (resp. base64-encoded) usernames and passwords being "
|
||||
"replaced in the\n"
|
||||
" \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") "
|
||||
"placeholders (FORM PARAMETERS)\n"
|
||||
"Third is the string that it checks for an *invalid* login (by default)\n"
|
||||
" Invalid condition login check can be preceded by \"F=\", successful "
|
||||
"condition\n"
|
||||
"\nSyntax: <url>:<form parameters>[:<optional>[:<optional>]:<condition string>\n"
|
||||
"\nFirst is the page on the server to GET or POST to (URL), e.g. \"/login\".\n"
|
||||
"Second is the POST/GET variables (taken from either the browser, proxy, etc.)\n"
|
||||
" without the initial '?' character and the usernames and passwords being\n"
|
||||
" replaced with \"^USER^\" (\"^USER64^\" for base64 encodings) and \"^PASS^\"\n"
|
||||
" (\"^PASS64^\" for base64 encodings).\n"
|
||||
"Third are optional parameters (see below)\n"
|
||||
"Last is the string that it checks for an *invalid* login (by default).\n"
|
||||
" Invalid condition login check can be preceded by \"F=\", successful condition\n"
|
||||
" login check must be preceded by \"S=\".\n"
|
||||
" This is where most people get it wrong. You have to check the webapp "
|
||||
"what a\n"
|
||||
" failed string looks like and put it in this parameter! Add the -d switch to see\nthe sent/received data!\n"
|
||||
"\nThe following parameters are optional:\n"
|
||||
" This is where most people get it wrong! You have to check the webapp what a\n"
|
||||
" failed string looks like and put it in this parameter! Add the -d switch to see\n"
|
||||
" the sent/received data!\n"
|
||||
" Note that using invalid login condition checks can result in false positives!\n"
|
||||
"\nThe following parameters are optional and are put between the form parameters\n"
|
||||
" and the condition string; seperate them too with colons:\n"
|
||||
" 2= 302 page forward return codes identify a successful attempt\n"
|
||||
" (c|C)=/page/uri to define a different page to gather initial "
|
||||
"cookies from\n"
|
||||
|
|
@ -1469,17 +1468,16 @@ void usage_http_form(const char *service) {
|
|||
"exists, by the\n"
|
||||
" one supplied by the user, or add the header at the "
|
||||
"end\n"
|
||||
"\nNote that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n"
|
||||
" All colons that are not option separators should be escaped (see the "
|
||||
"examples above and below).\n"
|
||||
" You can specify a header without escaping the colons, but that way you "
|
||||
"will not be able to put colons\n"
|
||||
" in the header value itself, as they will be interpreted by hydra as "
|
||||
"option separators.\n"
|
||||
"\nNote that if you are going to put colons (:) in your headers you should escape\n"
|
||||
"them with a backslash (\\). All colons that are not option separators should be\n"
|
||||
"escaped (see the examples above and below).\n"
|
||||
"You can specify a header without escaping the colons, but that way you will not\n"
|
||||
"be able to put colons in the header value itself, as they will be interpreted by\n"
|
||||
"hydra as option separators.\n"
|
||||
"\nExamples:\n"
|
||||
" \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
|
||||
" \"/"
|
||||
"login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*"
|
||||
"login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=result="
|
||||
"success\"\n"
|
||||
" \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
|
||||
" \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic "
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue