search

megadose / holehe

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
GNU General Public License v3.0
7.61k stars 857 forks source link

Update adobe.py #151

Closed 0xyy66 closed 1 year ago

0xyy66 commented 1 year ago

Issue

s3

When the second POST to retrieve challenges methods is made, the returned JSON is

{"errorCode": "invalid_token", "errorMessage": "Start over the login process!"}

which causes holehe to display Rate Limit for adobe even if the email exists.

The token needed must be placed in the request header X-Ims-Authentication-State-Encrypted instead of X-Ims-Authentication-State.

The token is obtained from the first response headers.

Solution

Before the second request is made I appended the header X-IMS-Authentication-State-Encrypted to the headers defined for the first request. There's no need to specify again the ClientId header because it uses the previously defined.

If the first request doesn't return "errorCode" in the JSON response then the email exists. That's why I added the following if statement after the second request. We may not know if the user enabled the multifactor authentication but we know the email exists.

if 'errorCode' in response:
    ...
    "rateLimit": False,
    "exists": True,
    "emailrecovery": None,
    "phoneNumber": None,
    ...
else:
    ...
    "rateLimit": False,
    "exists": True,
    "emailrecovery": response['secondaryEmail'],
    "phoneNumber": response['securityPhoneNumber']
    ...

Email registered

s2

Email not registered

s1

0xyy66 commented 1 year ago

Second commit

I had to move the line 

headers['X-IMS-Authentication-State-Encrypted'] = r.headers['x-ims-authentication-state-encrypted']

under the if statement checking for "errorCode" in the first response, otherwise it caused an Exception because x-ims-authentication-state-encrypted header is not set when the email doesn't exist.