rolled back the http-form parameters parsing.

help for bfg's rain is in bfg's help now
2025-07-05 12:36:09 -07:00 · 2019-11-19 16:49:54 +01:00 · 2019-11-19 16:49:54 +01:00 · ccd3a99765
commit ccd3a99765
parent b34655617f
2 changed files with 19 additions and 9 deletions
--- a/hydra-http-form.c
+++ b/hydra-http-form.c
@ -1250,12 +1250,23 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
    webport = PORT_HTTP_SSL;

  sprintf(bufferurl, "%.6096s", miscptr);
-  ptr = bufferurl;
-  url = strtok(ptr, ":");
-  variables = strtok(NULL, ":");
-  cond = strtok(NULL, ":");
-  optional1 = strtok(NULL, "\n");
-  if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set to blank
+  url = bufferurl;
+  ptr = url;
+  while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
+    ptr++;
+  if (*ptr != 0)
+    *ptr++ = 0;
+  variables = ptr;
+  while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
+    ptr++;
+  if (*ptr != 0)
+    *ptr++ = 0;
+  cond = ptr;
+  while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
+    ptr++;
+  if (*ptr != 0)
+    *ptr++ = 0;
+  optional1 = ptr;

  if (strstr(url, "\\:") != NULL) {
    if ((ptr = malloc(strlen(url))) != NULL) {
--- a/hydra.c
+++ b/hydra.c
@ -493,7 +493,6 @@ void help(int32_t ext) {
 #ifdef HAVE_MATH_H
                    "  -x MIN:MAX:CHARSET  password bruteforce generation, type \"-x -h\" to get help\n"
                    "  -y        disable use of symbols in bruteforce, see above\n"
-                    "  -r        rainy mode for password generation (-x)\n"
 #endif
                    "  -e nsr    try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"
                    "  -u        loop around users, not passwords (effective! implied with -x)\n");
@ -555,8 +554,8 @@ void help_bfg() {
         "             valid CHARSET values are: 'a' for lowercase letters,\n"
         "             'A' for uppercase letters, '1' for numbers, and for all others,\n"
         "             just add their real representation.\n"
-         "  -y         disable the use of the above letters as placeholders\n\n"
-         "  -r         use 'rain' to explode the linearity of the generation.
+         "  -y         disable the use of the above letters as placeholders\n"
+         "  -r         use a formula to explode the linearity of the generation, without loss.\n\n"
         "Examples:\n"
         "   -x 3:5:a  generate passwords from length 3 to 5 with all lowercase letters\n"
         "   -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n"