search

DeviceFarmer / stf

Control and manage Android devices from your browser.
https://devicefarmer.github.io
Other
3.51k stars 492 forks source link

Bypass the login page #781

Closed KingRat0011 closed 4 months ago

KingRat0011 commented 6 months ago

Hi all, In the past you used to be able to bypass the login page by doing something like this below using jwt http://xxx.xxx.xxx.xxx:7100/?jwt="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3R1c2VyQGdtYWlsLmNvbSIsIm5hbWUiOiJ0ZXN0dXNlciJ9.x23c5QjxkzS6fg5m1NjJeZXw3QpFBgP5UUUIDArJr3M"#!/control/RFCW20AV6NZ

The jwt translates to image

I followed the docker install with systemctl and self signed nginx certificates, but if I try this https://xxx.xxx.xxx.xxx/?jwt="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3R1c2VyQGdtYWlsLmNvbSIsIm5hbWUiOiJ0ZXN0dXNlciJ9.x23c5QjxkzS6fg5m1NjJeZXw3QpFBgP5UUUIDArJr3M"#!/control/RFCW20AV6NZ

I just get the login page image

image

image

image

I guess my question is, is jwt still valid, is there another way of doing this, I tried the nginx config with 

location /auth/ {
      proxy_pass
http://stf_auth/auth/;
      proxy_set_header Authorization "Basic eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3R1c2VyQGdtYWlsLmNvbSIsIm5hbWUiOiJ0ZXN0dXNlciJ9.x23c5QjxkzS6fg5m1NjJeZXw3QpFBgP5UUUIDArJr3M";
      proxy_pass_header Authorization;
    }

As well, but that did not seem to work

Any ideas please?