acheong08
commented
4 years ago I have the same issue on my macOS but it works fine on my VirtualBox Parrot Security OS. Are you using macOS or Kali Linux?
Closed DropsThose closed 4 years ago
acheong08
commented
4 years ago I have the same issue on my macOS but it works fine on my VirtualBox Parrot Security OS. Are you using macOS or Kali Linux?
acheong08
commented
4 years ago ParrotSecurityOS:
DropsThose
commented
4 years ago I'm on Kali 2020.2.
momobit
commented
4 years ago same issue on my kali 2020.2
lmh122
commented
4 years ago I have the same problem
neorampage
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
DropsThose
commented
4 years ago That fixed it. Appreciate the help.
fbracon
commented
4 years ago 
ranajunaid1999
commented
4 years ago i have the same problem
kindly suggest a solution.
neorampage
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
you need to do that in /usr/.............../harvester.py
omprakashpuniya5132
commented
4 years ago Yes it worked.
rinxhen17
commented
4 years ago This didnt work for me
rinxhen17
commented
4 years ago 
Need help
neorampage
commented
4 years ago
well, you have the same problem so this can work for you, can you show your file harvester.py
rinxhen17
commented
4 years ago 
Even if i changes those things it aint working
neorampage
commented
4 years ago
oh! i see the problem, the correct file path is /usr/share/......./harvester.py but you edited in /home/......./harvester.py
rinxhen17
commented
4 years ago But i dont have webattack folder on user/src
On Sat, May 16, 2020 at 8:35 PM neorampage notifications@github.com wrote:
[image: image] https://user-images.githubusercontent.com/62866594/82132976-1296c680-97b4-11ea-908a-e44fd8b17bf8.jpg [image: image] https://user-images.githubusercontent.com/62866594/82132981-1de9f200-97b4-11ea-8a48-f131c513fabc.jpg Even if i changes those things it aint working
oh! i see the problem, the correct file path is /usr/share/......./harvester.py but you edited in /home/......./harvester.py
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/trustedsec/social-engineer-toolkit/issues/721#issuecomment-629724959, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJITBJIXSLD76WPTXGPLRR4WMRANCNFSM4MKNB56A .
neorampage
commented
4 years ago But i dont have webattack folder on user/src … On Sat, May 16, 2020 at 8:35 PM neorampage @.***> wrote: [image: image] https://user-images.githubusercontent.com/62866594/82132976-1296c680-97b4-11ea-908a-e44fd8b17bf8.jpg [image: image] https://user-images.githubusercontent.com/62866594/82132981-1de9f200-97b4-11ea-8a48-f131c513fabc.jpg Even if i changes those things it aint working oh! i see the problem, the correct file path is /usr/share/......./harvester.py but you edited in /home/......./harvester.py — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#721 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJITBJIXSLD76WPTXGPLRR4WMRANCNFSM4MKNB56A .
ls /usr/share/setoolkit/ ?????
rinxhen17
commented
4 years ago Oh i see i got it thankyou. I will try it
On Sat, May 16, 2020 at 8:38 PM Rinxhen Pasang rinxhen.pasang10@gmail.com wrote:
But i dont have webattack folder on user/src
On Sat, May 16, 2020 at 8:35 PM neorampage notifications@github.com wrote:
[image: image] https://user-images.githubusercontent.com/62866594/82132976-1296c680-97b4-11ea-908a-e44fd8b17bf8.jpg [image: image] https://user-images.githubusercontent.com/62866594/82132981-1de9f200-97b4-11ea-8a48-f131c513fabc.jpg Even if i changes those things it aint working
oh! i see the problem, the correct file path is /usr/share/......./harvester.py but you edited in /home/......./harvester.py
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/trustedsec/social-engineer-toolkit/issues/721#issuecomment-629724959, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJITBJIXSLD76WPTXGPLRR4WMRANCNFSM4MKNB56A .
rinxhen17
commented
4 years ago Sorry to bother you again . I got new error.
On Sat, May 16, 2020 at 8:41 PM neorampage notifications@github.com wrote:
But i dont have webattack folder on user/src … <#m-3078964578600670655> On Sat, May 16, 2020 at 8:35 PM neorampage @.***> wrote: [image: image] https://user-images.githubusercontent.com/62866594/82132976-1296c680-97b4-11ea-908a-e44fd8b17bf8.jpg [image: image] https://user-images.githubusercontent.com/62866594/82132981-1de9f200-97b4-11ea-8a48-f131c513fabc.jpg Even if i changes those things it aint working oh! i see the problem, the correct file path is /usr/share/......./harvester.py but you edited in /home/......./harvester.py — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#721 (comment) https://github.com/trustedsec/social-engineer-toolkit/issues/721#issuecomment-629724959>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJITBJIXSLD76WPTXGPLRR4WMRANCNFSM4MKNB56A .
ls /usr/share/setoolkit/ ?????
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/trustedsec/social-engineer-toolkit/issues/721#issuecomment-629725509, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJIRO5QLWJF3BJO5AGF3RR4XDJANCNFSM4MKNB56A .
neorampage
commented
4 years ago Sorry to bother you again . I got new error. … On Sat, May 16, 2020 at 8:41 PM neorampage @.> wrote: But i dont have webattack folder on user/src … <#m-3078964578600670655> On Sat, May 16, 2020 at 8:35 PM neorampage @.> wrote: [image: image] https://user-images.githubusercontent.com/62866594/82132976-1296c680-97b4-11ea-908a-e44fd8b17bf8.jpg [image: image] https://user-images.githubusercontent.com/62866594/82132981-1de9f200-97b4-11ea-8a48-f131c513fabc.jpg Even if i changes those things it aint working oh! i see the problem, the correct file path is /usr/share/......./harvester.py but you edited in /home/......./harvester.py — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#721 (comment) <#721 (comment)>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJITBJIXSLD76WPTXGPLRR4WMRANCNFSM4MKNB56A . ls /usr/share/setoolkit/ ????? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#721 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJIRO5QLWJF3BJO5AGF3RR4XDJANCNFSM4MKNB56A .
show it
chaoswlz
commented
4 years ago I got local variable 'html' referenced before assignment after change my harvester.py.
rinxhen17
commented
4 years ago You need to add from html import escape aa html_escape And change cgi.escape to html_escape
On Fri, May 22, 2020 at 12:00 AM chaoswlz notifications@github.com wrote:
I got local variable 'html' referenced before assignment after change my harvester.py.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/trustedsec/social-engineer-toolkit/issues/721#issuecomment-632465675, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJIU4BRWZYLFKCURN363RSX2GVANCNFSM4MKNB56A .
chaoswlz
commented
4 years ago that works
rinxhen17
commented
4 years ago Does that show the password too?
On Fri, May 22, 2020 at 12:28 AM chaoswlz notifications@github.com wrote:
that works
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/trustedsec/social-engineer-toolkit/issues/721#issuecomment-632472800, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJIQIQXTCITVEOQWSVZ3RSX5PTANCNFSM4MKNB56A .
tumelo-mapheto
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
Thank, fix worked.
RedClient231
commented
4 years ago on Vm Machine I am Using Kali Linux. Problem with the same attribution error. Module CGI. Please i need to Fix with Full details. Anyone Kali linux users available?
NEROGLAZKONOV275
commented
4 years ago Same problem , kali 2020 , virtual machine , I’m beginner so I have no idea where you actually edit the code .
Nak-gt
commented
4 years ago [*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: session[username_or_email]=asdasd
Exception happened during processing of request from ('127.0.0.1', 37132)
Traceback (most recent call last):
File "/usr/lib/python3.8/socketserver.py", line 650, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.8/socketserver.py", line 360, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.8/socketserver.py", line 720, in init
self.handle()
File "/usr/lib/python3.8/http/server.py", line 427, in handle
self.handle_one_request()
File "/usr/lib/python3.8/http/server.py", line 415, in handle_one_request
method()
File "/usr/share/set/src/webattack/harvester/harvester.py", line 334, in do_POST
filewrite.write(cgi.escape("PARAM: " + line + "\n"))
AttributeError: module 'cgi' has no attribute 'escape'
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: session[username_or_email]=asdasd
Exception happened during processing of request from ('127.0.0.1', 37134)
Traceback (most recent call last):
File "/usr/lib/python3.8/socketserver.py", line 650, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.8/socketserver.py", line 360, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.8/socketserver.py", line 720, in init
self.handle()
File "/usr/lib/python3.8/http/server.py", line 427, in handle
self.handle_one_request()
File "/usr/lib/python3.8/http/server.py", line 415, in handle_one_request
method()
File "/usr/share/set/src/webattack/harvester/harvester.py", line 334, in do_POST
filewrite.write(cgi.escape("PARAM: " + line + "\n"))
AttributeError: module 'cgi' has no attribute 'escape'
how to fix it
Nak-gt
commented
4 years ago how to fix it
Nak-gt
commented
4 years ago from html import escape aa html_escape
And change cgi.escape to html_escape It use it but when i try to save it. it shows this
rinxhen17
commented
4 years ago Its because this file can only be accessed by root user. Give it access using chmod
On Tue, Jun 16, 2020 at 8:15 PM Nak-gt notifications@github.com wrote:
from html import escape aa html_escape And change cgi.escape to html_escape It use it but when i try to save it. it shows this [image: Screenshot 2020-06-17 06:12:40] https://user-images.githubusercontent.com/67030649/84840616-e47dfe00-b061-11ea-90a7-8a817632c330.png
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/trustedsec/social-engineer-toolkit/issues/721#issuecomment-645074399, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJIXQTMFH44KXR6JMYE3RXADJ7ANCNFSM4MKNB56A .
Divyansh003
commented
4 years ago Hi..I am a new learner. I am also getting the same attribute error. Can anyone please guide me step by step on how can i reslove this issue? I will be very thankful to you.
stefanman125
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
you need to do that in /usr/.............../harvester.py
It worked, thanks!
jeetxon
commented
4 years ago how to edit harvester.py file it says permission denied
jeetxon
commented
4 years ago Its because this file can only be accessed by root user. Give it access using chmod … On Tue, Jun 16, 2020 at 8:15 PM Nak-gt @.***> wrote: from html import escape aa html_escape And change cgi.escape to html_escape It use it but when i try to save it. it shows this [image: Screenshot 2020-06-17 06:12:40] https://user-images.githubusercontent.com/67030649/84840616-e47dfe00-b061-11ea-90a7-8a817632c330.png — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#721 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO7UJIXQTMFH44KXR6JMYE3RXADJ7ANCNFSM4MKNB56A .
how to edit harvester.py file plz tell me step by step
jeetxon
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
how do I add because
permission denied
502-DropDread
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
This worked for me, but it doesn't show me the password, what could it be? please help
neorampage
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
This worked for me, but it doesn't show me the password, what could it be? please help
Screanshot?
502-DropDread
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
This worked for me, but it doesn't show me the password, what could it be? please help
Screanshot?
I get the text entered in the user, but not the password
502-DropDread
commented
4 years ago sorry if it seems too heavy to read all this, but this is the text that I find when doing the test
` 10.0.2.15 - - [13/Jul/2020 14:49:46] "GET / HTTP/1.1" 200 -
10.0.2.15 - - [13/Jul/2020 14:49:49] "GET /intern/common/referer_frame.php HTTP/1.1" 404 -
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: -----------------------------65848238410183289321473689393
Content-Disposition: form-data; name="ts"
1594673391367
-----------------------------65848238410183289321473689393
Content-Disposition: form-data; name="q"
[{"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","app_id":"256281040558","posts":[["logger:LoginEventsLoggerConfig",{"event":"browser_autocomplete","prefill_source":"browser_dropdown","prefill_type":"contact_point"},1594673391364,0,99]],"trigger":"logger:LoginEventsLoggerConfig"}]
-----------------------------65848238410183289321473689393--
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: -----------------------------162066027313439892851116638267
Content-Disposition: form-data; name="ts"
1594673391554
-----------------------------162066027313439892851116638267
Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":"yhzwZltbImdrMl9leHBvc3VyZSIseyJpZGVudGlmaWVyIjoiMTA3MzUwMCIsImhhc2giOiJBVDdIdTVUWVNSdF9Kd3pXIn0sMTU5NDY3MzM4ODk0MCwwLDUwXSxbInJlcXVpcmVfY29uZF8RYBxfbG9nZ2luZ0JoAPBWQWEzWVczZ1o5Q3NwWnF2R1pSTHNUUXU5NUNBWHZXUmhZcXZrdC1rTldoNjJwdzN2dl85ZVJnRlVLZTdLTHFGZHYyNXdHOHF1dWh0eUpwNTZ6QmRQWS1nOp4AHDIsMCwxMDRdyp8A8GMxbGc5MmJfNTNfak5GaWFMaGNNQXRLRlZ3cUstdUVCUzF4N1BwbldnVWY2ZVRDV0pzTmY3STkzNWh6MnJLeDJ0dkpYVUY4N0RwWFppdmVqTTVrM1h5Sll2a0RyUmRyIn0sMTU5NUYFqAQxMwGocp4BFDk0Njg5NDKdATB1U05IeUFhREhYcGhzOv8AFDMsMCw0OYJWABQ2NzY5MjAuVgA0NGwxMWI0bXpoeUthZnY2VgAENTSqVgAAMTJWADB4eFU4dXRNN21VS2ZZNlYABDY2olYACDgzNy5WADQ1Z0xRci15eWhRcDJhNjZWAAQ3NZZWABgxMzk5MjE4LlcANDZNX0NBSThkM3BPcFNYHVcMOTAzNyFZADXS9gLwRDA3LU54dDhKVGVJcjJmcWg0cUxheVp4cXp1OUViRkpxeXZZSUZYbTV6Y3RyUktzZURQazJoZEVKaVU5dkFZMFZzTEtuazqOACGRBDg4IecAcrqEA/BQMmxuYzBxS0NPN1hUaFRKbEpyQlNlS0RNbGhCQmtnVGxub2lMTmk3eDJvVWk1d3EyVldPUnRCakVzQzBaazZiTWRnMC1jNzBXb0pNYUNYaGFROpoAADVlgNIpAfBSMV9QSTJhQ2xJam82dmlYNm11aWxzeURTRk1UYzliQkFRRGJxN0ppZmJCa2NjdWUtS2FoZk9ZN3ROamhodmpTMS1oOTN5Q2NnOF8zSkQ2MXFEVSJ5dCHEADcFnAgxXSx6EgUQNzI5NjMyHgM0NXpTNk5EWlBlNllQWTg68wAAOZ5yAgw4MTc2MnICNDdGNVhEVEZpZlg1YUprNlcABDgwtWhyIQQFrTJ1AzA3cTJ2NW44V0tiY2xwLngEBDkwCVaKIQQYMTI4MTUwNS4fAzQ0dUpKME1xZ0xqVFF6d9atABgxMjkxMDIzLlcANDU4ZGU4cWJLMkZzTWRaOlcAIbJpdnIEARgxMjk0MTgyLlcANDdEalplUHJVajZrNXc5OlcAADiWWwEUMTQwMTA2MgkCNDRfYUJTRXB0dGNJOEtk3lcADDg1MDUyXAEwNWtVR2ZJdGN1RjZMUd5XABA1ODQ3OTIpBTQ2TDRIRUdINzZ3WmFHT9auABA2Nzc3NjZbATBURFZGSXlkWUJUakFDMlYABDQweQ3CmgTwSkJCMVUwdW5ESm9oVXcxYlBEUVFDVy10SzNkZGxrdjhrekhHRTlaYXVhdDI1YjUtMTVGdkNETHpRVlZ2Tmx6Q0pRcHNrUTd4Wm1hd0qVAAQ5NWH4vpUA8FYxN3dmQTdxemluQXpVS29KQmhyZVBCNk1wQTl5VnBHRGEweGpmUWptTTQxeXQ3aW41OXBhOWk4STJYaURfTndlODBOQXBuRkVZM0M4LVNoMUE0OHFuUiIumAQpNAQxMAWgIGNsaWNrX3JlZhJHCShlciIsWyIySWRLIiKDCSQ5MDQ1NiwiYWN0GRRsODk5MjUsMCwiZW1haWwiLCJjb250ZXh0bWVudUIOAEQtIiwiciIsIi8iLHsiZnQiOnsNdkB0eXBlIjoicmlnaHQifSwiZwEcDH19LDANAhgibHhiNHNjATsobG9naW4ucGhwIl0ymQABhQQxNqX+drEDEDA5OTg5NggENF9RbVk0c2ZvRFJUdXUiMiIBBDk0dbG+wQHwXjB5X0tUOXhVRTRMRjNfWDE0X0lUQWZVd2paUWRRdVdrUW1ob080ZzNybGc2aEJ0WTFoVF9FRU00cUJmX3ZsZUJSVUlzZlNoeDZIRWVHdnI0SmlyUi1fdFJDU0pQTDQiRqcAGtUJRHNjcmlwdF9wYXRoX2NoYW5nZSFvFHNvdXJjZQUWGCI6bnVsbCwRExB0b2tlbhEUCGRlcwk7CCI6Ij1sACwJGQ0rGCJhZDk3NjQSxwmAaW1wcmVzc2lvbl9pZCI6IjA4Rm5RUG1yUGg0aldWYzV0QQYIYXVzIeB4bG9hZCIsInNpZF9yYXciOiI2YTRvNXc6dXV4eXJsOjXlFHJlZmVychIjDBF6GGVmX3BhZ2UypwB4dXJpIjoiaHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL1kqLisBHDUxMSwwLDI1RfRMd2ViX2RldmljZV9wZXJmX2luZm9B/yExoGNwdV9jb3JlcyI6MSwiZ3B1X3ZlbmRvciI6IlZNd2FyZSwgSW5jLiIsBRwQcmVuZGUJs3xsbHZtcGlwZSAoTExWTSAxMC4wLjAsIDI1NiBiaXRzKS6PABwxMDgyLDAsOYaOCxQxNDI3MzA2xAcwRWdteERZemZnLTJGNzJXAAQzNQHmisAGEDcwODI1Ng4DMGZXd19JUFFkSW5oSG8yVgAINTE2InEIOGNhdGVnb3JpemVkX29kcyEybDI5NjYiOnsibXMudGltZV9zcGVudC5xYS53d3cBGB0VIQkoLmpzX2luaXRpYWwBRhgiOlsxXX19PawoMTUxNywwLDcyXV0=","user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"categorized_ods","send_method":"ajax","compression":"snappy_base64","snappy_ms":33},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[34]}}},1594673391520,0,51]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[33]}}},1594673391520,0,47]],"user":"0","app_id":"256281040558","compression":""}]
-----------------------------162066027313439892851116638267--
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: -----------------------------17100139412599297751483920862
Content-Disposition: form-data; name="ts"
1594673391737
-----------------------------17100139412599297751483920862
Content-Disposition: form-data; name="q"
[{"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","app_id":"256281040558","posts":[["logger:LoginEventsLoggerConfig",{"event":"browser_autocomplete","prefill_source":"browser_onload","prefill_type":"contact_point"},1594673391735,0,97]],"trigger":"logger:LoginEventsLoggerConfig"}]
-----------------------------17100139412599297751483920862--
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: -----------------------------392910638984098151733831907
Content-Disposition: form-data; name="ts"
1594673393078
-----------------------------392910638984098151733831907
Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594671900879,"act",1594671900875,2,"login","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},684,367,0,0,"tng441","/login.php"],1594671900878,0,151]],"user":"0","webSessionId":"2toe9a:uwakqs:tng441","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673392992,"act",1594673392988,1,"email","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},564,268,0,0,"lxb4sc","/login.php"],1594673392991,0,151]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[4]}}},1594673393063,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[6]}}},1594673393068,0,46]],"user":"0","app_id":"256281040558","compression":""}]
-----------------------------392910638984098151733831907--
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: -----------------------------186824930678138621516920702
Content-Disposition: form-data; name="ts"
1594673398500
-----------------------------186824930678138621516920702
Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["time_spent_bit_array",{"tos_id":"lxb4sc","start_time":1594673390,"tos_array":[239,0],"tos_len":9,"tos_seq":0,"tos_cum":7,"sid_raw":"6a4o5w:uuxyrl:lxb4sc"},1594673398477,0,132]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"time_spent_bit_array","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673398480,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673398481,0,46]],"user":"0","app_id":"256281040558","compression":""}]
-----------------------------186824930678138621516920702--
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: -----------------------------81804739318699862351313610361
Content-Disposition: form-data; name="ts"
1594673403614
-----------------------------81804739318699862351313610361
Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673403576,"act",1594673403572,2,"pass","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},621,317,0,0,"lxb4sc","/login.php"],1594673403574,0,150]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673403608,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673403609,0,46]],"user":"0","app_id":"256281040558","compression":""}]
-----------------------------81804739318699862351313610361--
POSSIBLE PASSWORD FIELD FOUND: -----------------------------81804739318699862351313610361
Content-Disposition: form-data; name="ts"
1594673403614
-----------------------------81804739318699862351313610361
Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673403576,"act",1594673403572,2,"pass","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},621,317,0,0,"lxb4sc","/login.php"],1594673403574,0,150]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673403608,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673403609,0,46]],"user":"0","app_id":"256281040558","compression":""}]
-----------------------------81804739318699862351313610361--
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: user=0
PARAM: a=1
PARAM: dyn=7xe6Fo4OQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXx60kO4o3Bw5VCwjE3awbG783pwlU7i0n2US1kyE1oU884y0Mo28xe0SU2swdq0Ho2ew
PARAM: csr=
PARAM: req=7
PARAM: beoa=0
PARAM: pc=PHASED:DEFAULT
PARAM: dpr=1
PARAM: ccg=MODERATE
PARAM: rev=1002360775
PARAM: s=6a4o5w:uuxyrl:lxb4sc
PARAM: hsi=6849062689416449023-0
PARAM: comet_req=0
PARAM: lsd=AVqB73WD
PARAM: jazoest=2591
POSSIBLE PASSWORD FIELD FOUND: spin_r=1002360775
POSSIBLE PASSWORD FIELD FOUND: __spin_b=trunk
POSSIBLE PASSWORD FIELD FOUND: spin_t=1594671674
[] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[] WE GOT A HIT! Printing the output:
PARAM: jazoest=2591
PARAM: lsd=AVqB73WD
PARAM: display=
PARAM: enable_profile_selector=
PARAM: isprivate=
PARAM: legacy_return=0
PARAM: profile_selector_ids=
PARAM: return_session=
POSSIBLE USERNAME FIELD FOUND: skip_api_login=
PARAM: signed_next=
PARAM: trynum=1
PARAM: timezone=330
PARAM: lgndim=eyJ3IjoxMzY2LCJoIjo2NjMsImF3IjoxMzY2LCJhaCI6NjMyLCJjIjoyNH0=
PARAM: lgnrnd=132114_2YWu
PARAM: lgnjs=1594673390
POSSIBLE USERNAME FIELD FOUND: email=trySET-uk.com
PARAM: prefill_contact_point=try+SET.com
PARAM: prefill_source=browser_onload
PARAM: prefill_type=contact_point
PARAM: first_prefill_source=browser_dropdown
PARAM: first_prefill_type=contact_point
PARAM: had_cp_prefilled=true
POSSIBLE PASSWORD FIELD FOUND: had_password_prefilled=false
PARAM: ab_test_data=AAAAAAAPAAA/AAAAPAAAAAAAAAAAAPAPAAAAAAAAZ/fAGAGAAAECAE
PARAM: ep=#PWD_BROWSER:5:1594673416:AS9QAGRx377brcPVPSon2Kdx5A8cKP30No0JF8soO3ZiNGx4naYWIfMwfibI/YrOL3O9SHiqQS+EcAF1R2BvJUKNNxyO2uYx8i4oF6J69/tI/ItCd1tiUxirJmDte8p+JGssGT8/gzvIYsKZa5s/
POSSIBLE PASSWORD FIELD FOUND: encpass=#PWD_BROWSER:5:1594673416:AS9QAGRx377brcPVPSon2Kdx5A8cKP30No0JF8soO3ZiNGx4naYWIfMwfibI/YrOL3O9SHiqQS+EcAF1R2BvJUKNNxyO2uYx8i4oF6J69/tI/ItCd1tiUxirJmDte8p+JGssGT8/gzvIYsKZa5s/
[] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: -----------------------------13966898841476094930754589952
Content-Disposition: form-data; name="ts"
1594673416668
-----------------------------13966898841476094930754589952
Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673415953,"act",1594673415941,3,"login","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},646,361,0,0,"lxb4sc","/login.php"],1594673415953,0,151]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673416630,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673416630,0,46]],"user":"0","app_id":"256281040558","compression":""}]
-----------------------------13966898841476094930754589952--
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: -----------------------------1962363261633658327879440781
Content-Disposition: form-data; name="ts"
1594673416863
-----------------------------1962363261633658327879440781
Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":"9QSQW1siY2F0ZWdvcml6ZWRfb2RzIix7IjI5NzkiOnsiYmFuemFpIgEK4Gx1ZV90b3RhbF9tZXNzYWdlc19yZWNlaXZlZCI6WzQ5XX19fSwxNTk0NjczNDE2Nzg2LDAsNTddLOphACBzZW50IjpbNTBCXQAUNywwLDUzAV1MdGltZV9zcGVudF9iaXRfYXJyYXkBw1x0b3NfaWQiOiJseGI0c2MiLCJzdGFydF8BMAQiOg2pDDM5OSwFKgk3KDpbMTA4MTgxLDBdCRcYbGVuIjoxOAkNFHNlcSI6MQkMgGN1bSI6MTYsInNpZF9yYXciOiI2YTRvNXc6dXV4eXJsOg12BH0sDWosNDE2Nzk5LDAsMTM3AbdEc2NyaXB0X3BhdGhfY2hhbmdlAbUUc291cmNlBRYwIjoiL2xvZ2luLnBocAG+CRsIdG9rAZQ4ImFkOTc2NDIwIiwiZGVzCUkUIjpudWxsDRENKQkSNGNhdXNlIjoidW5sb2FkAU52twAALBGKGGVmX3BhZ2URWg2FdHVyaSI6Imh0dHBzOi8vd3d3LmZhY2Vib29rLmNvbR23Lv8AKDgwNCwwLDIxMV1d","user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","send_method":"beacon","compression":"snappy_base64","snappy_ms":21},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[4]}}},1594673416806,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[6]}}},1594673416807,0,46]],"user":"0","app_id":"256281040558","compression":""}]
-----------------------------1962363261633658327879440781--
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. `
neorampage
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
This worked for me, but it doesn't show me the password, what could it be? please help
Screanshot?
I get the text entered in the user, but not the password
sorry if it seems too heavy to read all this, but this is the text that I find when doing the test
10.0.2.15 - - [13/Jul/2020 14:49:46] "GET / HTTP/1.1" 200 - 10.0.2.15 - - [13/Jul/2020 14:49:49] "GET /intern/common/referer_frame.php HTTP/1.1" 404 - [*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------65848238410183289321473689393 Content-Disposition: form-data; name="ts"
1594673391367 -----------------------------65848238410183289321473689393 Content-Disposition: form-data; name="q"
[{"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","app_id":"256281040558","posts":[["logger:LoginEventsLoggerConfig",{"event":"browser_autocomplete","prefill_source":"browser_dropdown","prefill_type":"contact_point"},1594673391364,0,99]],"trigger":"logger:LoginEventsLoggerConfig"}] -----------------------------65848238410183289321473689393-- [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------162066027313439892851116638267 Content-Disposition: form-data; name="ts"
1594673391554 -----------------------------162066027313439892851116638267 Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":"yhzwZltbImdrMl9leHBvc3VyZSIseyJpZGVudGlmaWVyIjoiMTA3MzUwMCIsImhhc2giOiJBVDdIdTVUWVNSdF9Kd3pXIn0sMTU5NDY3MzM4ODk0MCwwLDUwXSxbInJlcXVpcmVfY29uZF8RYBxfbG9nZ2luZ0JoAPBWQWEzWVczZ1o5Q3NwWnF2R1pSTHNUUXU5NUNBWHZXUmhZcXZrdC1rTldoNjJwdzN2dl85ZVJnRlVLZTdLTHFGZHYyNXdHOHF1dWh0eUpwNTZ6QmRQWS1nOp4AHDIsMCwxMDRdyp8A8GMxbGc5MmJfNTNfak5GaWFMaGNNQXRLRlZ3cUstdUVCUzF4N1BwbldnVWY2ZVRDV0pzTmY3STkzNWh6MnJLeDJ0dkpYVUY4N0RwWFppdmVqTTVrM1h5Sll2a0RyUmRyIn0sMTU5NUYFqAQxMwGocp4BFDk0Njg5NDKdATB1U05IeUFhREhYcGhzOv8AFDMsMCw0OYJWABQ2NzY5MjAuVgA0NGwxMWI0bXpoeUthZnY2VgAENTSqVgAAMTJWADB4eFU4dXRNN21VS2ZZNlYABDY2olYACDgzNy5WADQ1Z0xRci15eWhRcDJhNjZWAAQ3NZZWABgxMzk5MjE4LlcANDZNX0NBSThkM3BPcFNYHVcMOTAzNyFZADXS9gLwRDA3LU54dDhKVGVJcjJmcWg0cUxheVp4cXp1OUViRkpxeXZZSUZYbTV6Y3RyUktzZURQazJoZEVKaVU5dkFZMFZzTEtuazqOACGRBDg4IecAcrqEA/BQMmxuYzBxS0NPN1hUaFRKbEpyQlNlS0RNbGhCQmtnVGxub2lMTmk3eDJvVWk1d3EyVldPUnRCakVzQzBaazZiTWRnMC1jNzBXb0pNYUNYaGFROpoAADVlgNIpAfBSMV9QSTJhQ2xJam82dmlYNm11aWxzeURTRk1UYzliQkFRRGJxN0ppZmJCa2NjdWUtS2FoZk9ZN3ROamhodmpTMS1oOTN5Q2NnOF8zSkQ2MXFEVSJ5dCHEADcFnAgxXSx6EgUQNzI5NjMyHgM0NXpTNk5EWlBlNllQWTg68wAAOZ5yAgw4MTc2MnICNDdGNVhEVEZpZlg1YUprNlcABDgwtWhyIQQFrTJ1AzA3cTJ2NW44V0tiY2xwLngEBDkwCVaKIQQYMTI4MTUwNS4fAzQ0dUpKME1xZ0xqVFF6d9atABgxMjkxMDIzLlcANDU4ZGU4cWJLMkZzTWRaOlcAIbJpdnIEARgxMjk0MTgyLlcANDdEalplUHJVajZrNXc5OlcAADiWWwEUMTQwMTA2MgkCNDRfYUJTRXB0dGNJOEtk3lcADDg1MDUyXAEwNWtVR2ZJdGN1RjZMUd5XABA1ODQ3OTIpBTQ2TDRIRUdINzZ3WmFHT9auABA2Nzc3NjZbATBURFZGSXlkWUJUakFDMlYABDQweQ3CmgTwSkJCMVUwdW5ESm9oVXcxYlBEUVFDVy10SzNkZGxrdjhrekhHRTlaYXVhdDI1YjUtMTVGdkNETHpRVlZ2Tmx6Q0pRcHNrUTd4Wm1hd0qVAAQ5NWH4vpUA8FYxN3dmQTdxemluQXpVS29KQmhyZVBCNk1wQTl5VnBHRGEweGpmUWptTTQxeXQ3aW41OXBhOWk4STJYaURfTndlODBOQXBuRkVZM0M4LVNoMUE0OHFuUiIumAQpNAQxMAWgIGNsaWNrX3JlZhJHCShlciIsWyIySWRLIiKDCSQ5MDQ1NiwiYWN0GRRsODk5MjUsMCwiZW1haWwiLCJjb250ZXh0bWVudUIOAEQtIiwiciIsIi8iLHsiZnQiOnsNdkB0eXBlIjoicmlnaHQifSwiZwEcDH19LDANAhgibHhiNHNjATsobG9naW4ucGhwIl0ymQABhQQxNqX+drEDEDA5OTg5NggENF9RbVk0c2ZvRFJUdXUiMiIBBDk0dbG+wQHwXjB5X0tUOXhVRTRMRjNfWDE0X0lUQWZVd2paUWRRdVdrUW1ob080ZzNybGc2aEJ0WTFoVF9FRU00cUJmX3ZsZUJSVUlzZlNoeDZIRWVHdnI0SmlyUi1fdFJDU0pQTDQiRqcAGtUJRHNjcmlwdF9wYXRoX2NoYW5nZSFvFHNvdXJjZQUWGCI6bnVsbCwRExB0b2tlbhEUCGRlcwk7CCI6Ij1sACwJGQ0rGCJhZDk3NjQSxwmAaW1wcmVzc2lvbl9pZCI6IjA4Rm5RUG1yUGg0aldWYzV0QQYIYXVzIeB4bG9hZCIsInNpZF9yYXciOiI2YTRvNXc6dXV4eXJsOjXlFHJlZmVychIjDBF6GGVmX3BhZ2UypwB4dXJpIjoiaHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL1kqLisBHDUxMSwwLDI1RfRMd2ViX2RldmljZV9wZXJmX2luZm9B/yExoGNwdV9jb3JlcyI6MSwiZ3B1X3ZlbmRvciI6IlZNd2FyZSwgSW5jLiIsBRwQcmVuZGUJs3xsbHZtcGlwZSAoTExWTSAxMC4wLjAsIDI1NiBiaXRzKS6PABwxMDgyLDAsOYaOCxQxNDI3MzA2xAcwRWdteERZemZnLTJGNzJXAAQzNQHmisAGEDcwODI1Ng4DMGZXd19JUFFkSW5oSG8yVgAINTE2InEIOGNhdGVnb3JpemVkX29kcyEybDI5NjYiOnsibXMudGltZV9zcGVudC5xYS53d3cBGB0VIQkoLmpzX2luaXRpYWwBRhgiOlsxXX19PawoMTUxNywwLDcyXV0=","user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"categorized_ods","send_method":"ajax","compression":"snappy_base64","snappy_ms":33},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[34]}}},1594673391520,0,51]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[33]}}},1594673391520,0,47]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------162066027313439892851116638267-- [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------17100139412599297751483920862 Content-Disposition: form-data; name="ts"
1594673391737 -----------------------------17100139412599297751483920862 Content-Disposition: form-data; name="q"
[{"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","app_id":"256281040558","posts":[["logger:LoginEventsLoggerConfig",{"event":"browser_autocomplete","prefill_source":"browser_onload","prefill_type":"contact_point"},1594673391735,0,97]],"trigger":"logger:LoginEventsLoggerConfig"}] -----------------------------17100139412599297751483920862-- [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------392910638984098151733831907 Content-Disposition: form-data; name="ts"
1594673393078 -----------------------------392910638984098151733831907 Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594671900879,"act",1594671900875,2,"login","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},684,367,0,0,"tng441","/login.php"],1594671900878,0,151]],"user":"0","webSessionId":"2toe9a:uwakqs:tng441","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673392992,"act",1594673392988,1,"email","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},564,268,0,0,"lxb4sc","/login.php"],1594673392991,0,151]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[4]}}},1594673393063,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[6]}}},1594673393068,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------392910638984098151733831907-- [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------186824930678138621516920702 Content-Disposition: form-data; name="ts"
1594673398500 -----------------------------186824930678138621516920702 Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["time_spent_bit_array",{"tos_id":"lxb4sc","start_time":1594673390,"tos_array":[239,0],"tos_len":9,"tos_seq":0,"tos_cum":7,"sid_raw":"6a4o5w:uuxyrl:lxb4sc"},1594673398477,0,132]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"time_spent_bit_array","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673398480,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673398481,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------186824930678138621516920702-- [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="ts"
1594673403614 -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673403576,"act",1594673403572,2,"pass","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},621,317,0,0,"lxb4sc","/login.php"],1594673403574,0,150]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673403608,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673403609,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------81804739318699862351313610361-- POSSIBLE PASSWORD FIELD FOUND: -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="ts"
1594673403614 -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673403576,"act",1594673403572,2,"pass","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},621,317,0,0,"lxb4sc","/login.php"],1594673403574,0,150]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673403608,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673403609,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------81804739318699862351313610361-- [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: user=0 PARAM: a=1 PARAM: dyn=7xe6Fo4OQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXx60kO4o3Bw5VCwjE3awbG783pwlU7i0n2US1kyE1oU884y0Mo28xe0SU2swdq0Ho2ew PARAM: csr= PARAM: req=7 PARAM: beoa=0 PARAM: pc=PHASED:DEFAULT PARAM: dpr=1 PARAM: ccg=MODERATE PARAM: rev=1002360775 PARAM: s=6a4o5w:uuxyrl:lxb4sc PARAM: hsi=6849062689416449023-0 PARAM: comet_req=0 PARAM: lsd=AVqB73WD PARAM: jazoest=2591 POSSIBLE PASSWORD FIELD FOUND: spin_r=1002360775 POSSIBLE PASSWORD FIELD FOUND: __spin_b=trunk POSSIBLE PASSWORD FIELD FOUND: spint=1594671674 [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[_] WE GOT A HIT! Printing the output: PARAM: jazoest=2591 PARAM: lsd=AVqB73WD PARAM: display= PARAM: enable_profile_selector= PARAM: isprivate= PARAM: legacy_return=0 PARAM: profile_selector_ids= PARAM: return_session= POSSIBLE USERNAME FIELD FOUND: skip_api_login= PARAM: signed_next= PARAM: trynum=1 PARAM: timezone=330 PARAM: lgndim=eyJ3IjoxMzY2LCJoIjo2NjMsImF3IjoxMzY2LCJhaCI6NjMyLCJjIjoyNH0= PARAM: lgnrnd=132114_2YWu PARAM: lgnjs=1594673390 POSSIBLE USERNAME FIELD FOUND: email=trySET-uk.com PARAM: prefill_contact_point=try+SET.com PARAM: prefill_source=browser_onload PARAM: prefill_type=contact_point PARAM: first_prefill_source=browser_dropdown PARAM: first_prefill_type=contact_point PARAM: had_cp_prefilled=true POSSIBLE PASSWORD FIELD FOUND: had_password_prefilled=false PARAM: ab_test_data=AAAAAAAPAAA/AAAAPAAAAAAAAAAAAPAPAAAAAAAAZ/fAGAGAAAECAE PARAM: ep=#PWD_BROWSER:5:1594673416:AS9QAGRx377brcPVPSon2Kdx5A8cKP30No0JF8soO3ZiNGx4naYWIfMwfibI/YrOL3O9SHiqQS+EcAF1R2BvJUKNNxyO2uYx8i4oF6J69/tI/ItCd1tiUxirJmDte8p+JGssGT8/gzvIYsKZa5s/ POSSIBLE PASSWORD FIELD FOUND: encpass=#PWDBROWSER:5:1594673416:AS9QAGRx377brcPVPSon2Kdx5A8cKP30No0JF8soO3ZiNGx4naYWIfMwfibI/YrOL3O9SHiqQS+EcAF1R2BvJUKNNxyO2uYx8i4oF6J69/tI/ItCd1tiUxirJmDte8p+JGssGT8/gzvIYsKZa5s/ [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------13966898841476094930754589952 Content-Disposition: form-data; name="ts"
1594673416668 -----------------------------13966898841476094930754589952 Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673415953,"act",1594673415941,3,"login","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},646,361,0,0,"lxb4sc","/login.php"],1594673415953,0,151]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673416630,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673416630,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------13966898841476094930754589952-- [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------1962363261633658327879440781 Content-Disposition: form-data; name="ts"
1594673416863 -----------------------------1962363261633658327879440781 Content-Disposition: form-data; name="q"
[{"app_id":"256281040558","posts":"9QSQW1siY2F0ZWdvcml6ZWRfb2RzIix7IjI5NzkiOnsiYmFuemFpIgEK4Gx1ZV90b3RhbF9tZXNzYWdlc19yZWNlaXZlZCI6WzQ5XX19fSwxNTk0NjczNDE2Nzg2LDAsNTddLOphACBzZW50IjpbNTBCXQAUNywwLDUzAV1MdGltZV9zcGVudF9iaXRfYXJyYXkBw1x0b3NfaWQiOiJseGI0c2MiLCJzdGFydF8BMAQiOg2pDDM5OSwFKgk3KDpbMTA4MTgxLDBdCRcYbGVuIjoxOAkNFHNlcSI6MQkMgGN1bSI6MTYsInNpZF9yYXciOiI2YTRvNXc6dXV4eXJsOg12BH0sDWosNDE2Nzk5LDAsMTM3AbdEc2NyaXB0X3BhdGhfY2hhbmdlAbUUc291cmNlBRYwIjoiL2xvZ2luLnBocAG+CRsIdG9rAZQ4ImFkOTc2NDIwIiwiZGVzCUkUIjpudWxsDRENKQkSNGNhdXNlIjoidW5sb2FkAU52twAALBGKGGVmX3BhZ2URWg2FdHVyaSI6Imh0dHBzOi8vd3d3LmZhY2Vib29rLmNvbR23Lv8AKDgwNCwwLDIxMV1d","user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","send_method":"beacon","compression":"snappy_base64","snappy_ms":21},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[4]}}},1594673416806,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[6]}}},1594673416807,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------1962363261633658327879440781-- [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. Whats website are you cloning?
502-DropDread
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
This worked for me, but it doesn't show me the password, what could it be? please help
Screanshot?
I get the text entered in the user, but not the password
sorry if it seems too heavy to read all this, but this is the text that I find when doing the test 10.0.2.15 - - [13/Jul/2020 14:49:46] "GET / HTTP/1.1" 200 - 10.0.2.15 - - [13/Jul/2020 14:49:49] "GET /intern/common/referer_frame.php HTTP/1.1" 404 - [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------65848238410183289321473689393 Content-Disposition: form-data; name="ts" 1594673391367 -----------------------------65848238410183289321473689393 Content-Disposition: form-data; name="q" [{"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","app_id":"256281040558","posts":[["logger:LoginEventsLoggerConfig",{"event":"browser_autocomplete","prefill_source":"browser_dropdown","prefill_type":"contact_point"},1594673391364,0,99]],"trigger":"logger:LoginEventsLoggerConfig"}] -----------------------------65848238410183289321473689393-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------162066027313439892851116638267 Content-Disposition: form-data; name="ts" 1594673391554 -----------------------------162066027313439892851116638267 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":"yhzwZltbImdrMl9leHBvc3VyZSIseyJpZGVudGlmaWVyIjoiMTA3MzUwMCIsImhhc2giOiJBVDdIdTVUWVNSdF9Kd3pXIn0sMTU5NDY3MzM4ODk0MCwwLDUwXSxbInJlcXVpcmVfY29uZF8RYBxfbG9nZ2luZ0JoAPBWQWEzWVczZ1o5Q3NwWnF2R1pSTHNUUXU5NUNBWHZXUmhZcXZrdC1rTldoNjJwdzN2dl85ZVJnRlVLZTdLTHFGZHYyNXdHOHF1dWh0eUpwNTZ6QmRQWS1nOp4AHDIsMCwxMDRdyp8A8GMxbGc5MmJfNTNfak5GaWFMaGNNQXRLRlZ3cUstdUVCUzF4N1BwbldnVWY2ZVRDV0pzTmY3STkzNWh6MnJLeDJ0dkpYVUY4N0RwWFppdmVqTTVrM1h5Sll2a0RyUmRyIn0sMTU5NUYFqAQxMwGocp4BFDk0Njg5NDKdATB1U05IeUFhREhYcGhzOv8AFDMsMCw0OYJWABQ2NzY5MjAuVgA0NGwxMWI0bXpoeUthZnY2VgAENTSqVgAAMTJWADB4eFU4dXRNN21VS2ZZNlYABDY2olYACDgzNy5WADQ1Z0xRci15eWhRcDJhNjZWAAQ3NZZWABgxMzk5MjE4LlcANDZNX0NBSThkM3BPcFNYHVcMOTAzNyFZADXS9gLwRDA3LU54dDhKVGVJcjJmcWg0cUxheVp4cXp1OUViRkpxeXZZSUZYbTV6Y3RyUktzZURQazJoZEVKaVU5dkFZMFZzTEtuazqOACGRBDg4IecAcrqEA/BQMmxuYzBxS0NPN1hUaFRKbEpyQlNlS0RNbGhCQmtnVGxub2lMTmk3eDJvVWk1d3EyVldPUnRCakVzQzBaazZiTWRnMC1jNzBXb0pNYUNYaGFROpoAADVlgNIpAfBSMV9QSTJhQ2xJam82dmlYNm11aWxzeURTRk1UYzliQkFRRGJxN0ppZmJCa2NjdWUtS2FoZk9ZN3ROamhodmpTMS1oOTN5Q2NnOF8zSkQ2MXFEVSJ5dCHEADcFnAgxXSx6EgUQNzI5NjMyHgM0NXpTNk5EWlBlNllQWTg68wAAOZ5yAgw4MTc2MnICNDdGNVhEVEZpZlg1YUprNlcABDgwtWhyIQQFrTJ1AzA3cTJ2NW44V0tiY2xwLngEBDkwCVaKIQQYMTI4MTUwNS4fAzQ0dUpKME1xZ0xqVFF6d9atABgxMjkxMDIzLlcANDU4ZGU4cWJLMkZzTWRaOlcAIbJpdnIEARgxMjk0MTgyLlcANDdEalplUHJVajZrNXc5OlcAADiWWwEUMTQwMTA2MgkCNDRfYUJTRXB0dGNJOEtk3lcADDg1MDUyXAEwNWtVR2ZJdGN1RjZMUd5XABA1ODQ3OTIpBTQ2TDRIRUdINzZ3WmFHT9auABA2Nzc3NjZbATBURFZGSXlkWUJUakFDMlYABDQweQ3CmgTwSkJCMVUwdW5ESm9oVXcxYlBEUVFDVy10SzNkZGxrdjhrekhHRTlaYXVhdDI1YjUtMTVGdkNETHpRVlZ2Tmx6Q0pRcHNrUTd4Wm1hd0qVAAQ5NWH4vpUA8FYxN3dmQTdxemluQXpVS29KQmhyZVBCNk1wQTl5VnBHRGEweGpmUWptTTQxeXQ3aW41OXBhOWk4STJYaURfTndlODBOQXBuRkVZM0M4LVNoMUE0OHFuUiIumAQpNAQxMAWgIGNsaWNrX3JlZhJHCShlciIsWyIySWRLIiKDCSQ5MDQ1NiwiYWN0GRRsODk5MjUsMCwiZW1haWwiLCJjb250ZXh0bWVudUIOAEQtIiwiciIsIi8iLHsiZnQiOnsNdkB0eXBlIjoicmlnaHQifSwiZwEcDH19LDANAhgibHhiNHNjATsobG9naW4ucGhwIl0ymQABhQQxNqX+drEDEDA5OTg5NggENF9RbVk0c2ZvRFJUdXUiMiIBBDk0dbG+wQHwXjB5X0tUOXhVRTRMRjNfWDE0X0lUQWZVd2paUWRRdVdrUW1ob080ZzNybGc2aEJ0WTFoVF9FRU00cUJmX3ZsZUJSVUlzZlNoeDZIRWVHdnI0SmlyUi1fdFJDU0pQTDQiRqcAGtUJRHNjcmlwdF9wYXRoX2NoYW5nZSFvFHNvdXJjZQUWGCI6bnVsbCwRExB0b2tlbhEUCGRlcwk7CCI6Ij1sACwJGQ0rGCJhZDk3NjQSxwmAaW1wcmVzc2lvbl9pZCI6IjA4Rm5RUG1yUGg0aldWYzV0QQYIYXVzIeB4bG9hZCIsInNpZF9yYXciOiI2YTRvNXc6dXV4eXJsOjXlFHJlZmVychIjDBF6GGVmX3BhZ2UypwB4dXJpIjoiaHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL1kqLisBHDUxMSwwLDI1RfRMd2ViX2RldmljZV9wZXJmX2luZm9B/yExoGNwdV9jb3JlcyI6MSwiZ3B1X3ZlbmRvciI6IlZNd2FyZSwgSW5jLiIsBRwQcmVuZGUJs3xsbHZtcGlwZSAoTExWTSAxMC4wLjAsIDI1NiBiaXRzKS6PABwxMDgyLDAsOYaOCxQxNDI3MzA2xAcwRWdteERZemZnLTJGNzJXAAQzNQHmisAGEDcwODI1Ng4DMGZXd19JUFFkSW5oSG8yVgAINTE2InEIOGNhdGVnb3JpemVkX29kcyEybDI5NjYiOnsibXMudGltZV9zcGVudC5xYS53d3cBGB0VIQkoLmpzX2luaXRpYWwBRhgiOlsxXX19PawoMTUxNywwLDcyXV0=","user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"categorized_ods","send_method":"ajax","compression":"snappy_base64","snappy_ms":33},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[34]}}},1594673391520,0,51]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[33]}}},1594673391520,0,47]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------162066027313439892851116638267-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------17100139412599297751483920862 Content-Disposition: form-data; name="ts" 1594673391737 -----------------------------17100139412599297751483920862 Content-Disposition: form-data; name="q" [{"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","app_id":"256281040558","posts":[["logger:LoginEventsLoggerConfig",{"event":"browser_autocomplete","prefill_source":"browser_onload","prefill_type":"contact_point"},1594673391735,0,97]],"trigger":"logger:LoginEventsLoggerConfig"}] -----------------------------17100139412599297751483920862-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------392910638984098151733831907 Content-Disposition: form-data; name="ts" 1594673393078 -----------------------------392910638984098151733831907 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594671900879,"act",1594671900875,2,"login","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},684,367,0,0,"tng441","/login.php"],1594671900878,0,151]],"user":"0","webSessionId":"2toe9a:uwakqs:tng441","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673392992,"act",1594673392988,1,"email","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},564,268,0,0,"lxb4sc","/login.php"],1594673392991,0,151]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[4]}}},1594673393063,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[6]}}},1594673393068,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------392910638984098151733831907-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------186824930678138621516920702 Content-Disposition: form-data; name="ts" 1594673398500 -----------------------------186824930678138621516920702 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["time_spent_bit_array",{"tos_id":"lxb4sc","start_time":1594673390,"tos_array":[239,0],"tos_len":9,"tos_seq":0,"tos_cum":7,"sid_raw":"6a4o5w:uuxyrl:lxb4sc"},1594673398477,0,132]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"time_spent_bit_array","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673398480,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673398481,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------186824930678138621516920702-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="ts" 1594673403614 -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673403576,"act",1594673403572,2,"pass","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},621,317,0,0,"lxb4sc","/login.php"],1594673403574,0,150]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673403608,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673403609,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------81804739318699862351313610361-- POSSIBLE PASSWORD FIELD FOUND: -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="ts" 1594673403614 -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673403576,"act",1594673403572,2,"pass","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},621,317,0,0,"lxb4sc","/login.php"],1594673403574,0,150]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673403608,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673403609,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------81804739318699862351313610361-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: user=0 PARAM: a=1 PARAM: dyn=7xe6Fo4OQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXx60kO4o3Bw5VCwjE3awbG783pwlU7i0n2US1kyE1oU884y0Mo28xe0SU2swdq0Ho2ew PARAM: csr= PARAM: req=7 PARAM: beoa=0 PARAM: pc=PHASED:DEFAULT PARAM: dpr=1 PARAM: ccg=MODERATE PARAM: rev=1002360775 PARAM: s=6a4o5w:uuxyrl:lxb4sc PARAM: hsi=6849062689416449023-0 PARAM: comet_req=0 PARAM: lsd=AVqB73WD PARAM: jazoest=2591 POSSIBLE PASSWORD FIELD FOUND: spin_r=1002360775 POSSIBLE PASSWORD FIELD FOUND: __spin_b=trunk POSSIBLE PASSWORD FIELD FOUND: spint=1594671674 [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: PARAM: jazoest=2591 PARAM: lsd=AVqB73WD PARAM: display= PARAM: enable_profile_selector= PARAM: isprivate= PARAM: legacy_return=0 PARAM: profile_selector_ids= PARAM: return_session= POSSIBLE USERNAME FIELD FOUND: skip_api_login= PARAM: signed_next= PARAM: trynum=1 PARAM: timezone=330 PARAM: lgndim=eyJ3IjoxMzY2LCJoIjo2NjMsImF3IjoxMzY2LCJhaCI6NjMyLCJjIjoyNH0= PARAM: lgnrnd=132114_2YWu PARAM: lgnjs=1594673390 POSSIBLE USERNAME FIELD FOUND: email=trySET-uk.com PARAM: prefill_contact_point=try+SET.com PARAM: prefill_source=browser_onload PARAM: prefill_type=contact_point PARAM: first_prefill_source=browser_dropdown PARAM: first_prefill_type=contact_point PARAM: had_cp_prefilled=true POSSIBLE PASSWORD FIELD FOUND: had_password_prefilled=false PARAM: ab_test_data=AAAAAAAPAAA/AAAAPAAAAAAAAAAAAPAPAAAAAAAAZ/fAGAGAAAECAE PARAM: ep=#PWD_BROWSER:5:1594673416:AS9QAGRx377brcPVPSon2Kdx5A8cKP30No0JF8soO3ZiNGx4naYWIfMwfibI/YrOL3O9SHiqQS+EcAF1R2BvJUKNNxyO2uYx8i4oF6J69/tI/ItCd1tiUxirJmDte8p+JGssGT8/gzvIYsKZa5s/ POSSIBLE PASSWORD FIELD FOUND: encpass=#PWDBROWSER:5:1594673416:AS9QAGRx377brcPVPSon2Kdx5A8cKP30No0JF8soO3ZiNGx4naYWIfMwfibI/YrOL3O9SHiqQS+EcAF1R2BvJUKNNxyO2uYx8i4oF6J69/tI/ItCd1tiUxirJmDte8p+JGssGT8/gzvIYsKZa5s/ [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------13966898841476094930754589952 Content-Disposition: form-data; name="ts" 1594673416668 -----------------------------13966898841476094930754589952 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673415953,"act",1594673415941,3,"login","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},646,361,0,0,"lxb4sc","/login.php"],1594673415953,0,151]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673416630,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673416630,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------13966898841476094930754589952-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------1962363261633658327879440781 Content-Disposition: form-data; name="ts" 1594673416863 -----------------------------1962363261633658327879440781 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":"9QSQW1siY2F0ZWdvcml6ZWRfb2RzIix7IjI5NzkiOnsiYmFuemFpIgEK4Gx1ZV90b3RhbF9tZXNzYWdlc19yZWNlaXZlZCI6WzQ5XX19fSwxNTk0NjczNDE2Nzg2LDAsNTddLOphACBzZW50IjpbNTBCXQAUNywwLDUzAV1MdGltZV9zcGVudF9iaXRfYXJyYXkBw1x0b3NfaWQiOiJseGI0c2MiLCJzdGFydF8BMAQiOg2pDDM5OSwFKgk3KDpbMTA4MTgxLDBdCRcYbGVuIjoxOAkNFHNlcSI6MQkMgGN1bSI6MTYsInNpZF9yYXciOiI2YTRvNXc6dXV4eXJsOg12BH0sDWosNDE2Nzk5LDAsMTM3AbdEc2NyaXB0X3BhdGhfY2hhbmdlAbUUc291cmNlBRYwIjoiL2xvZ2luLnBocAG+CRsIdG9rAZQ4ImFkOTc2NDIwIiwiZGVzCUkUIjpudWxsDRENKQkSNGNhdXNlIjoidW5sb2FkAU52twAALBGKGGVmX3BhZ2URWg2FdHVyaSI6Imh0dHBzOi8vd3d3LmZhY2Vib29rLmNvbR23Lv8AKDgwNCwwLDIxMV1d","user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","send_method":"beacon","compression":"snappy_base64","snappy_ms":21},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[4]}}},1594673416806,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[6]}}},1594673416807,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------1962363261633658327879440781-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. Whats website are you cloning?
I am starting my learning with setoolkit, cloning www.facebook.com
neorampage
commented
4 years ago you need to add "import html" under "import cgi" and then change "cgi.escape" to "html.escape"
This worked for me, but it doesn't show me the password, what could it be? please help
Screanshot?
I get the text entered in the user, but not the password
sorry if it seems too heavy to read all this, but this is the text that I find when doing the test 10.0.2.15 - - [13/Jul/2020 14:49:46] "GET / HTTP/1.1" 200 - 10.0.2.15 - - [13/Jul/2020 14:49:49] "GET /intern/common/refererframe.php HTTP/1.1" 404 - [] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------65848238410183289321473689393 Content-Disposition: form-data; name="ts" 1594673391367 -----------------------------65848238410183289321473689393 Content-Disposition: form-data; name="q" [{"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","app_id":"256281040558","posts":[["logger:LoginEventsLoggerConfig",{"event":"browser_autocomplete","prefill_source":"browser_dropdown","prefill_type":"contactpoint"},1594673391364,0,99]],"trigger":"logger:LoginEventsLoggerConfig"}] -----------------------------65848238410183289321473689393-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------162066027313439892851116638267 Content-Disposition: form-data; name="ts" 1594673391554 -----------------------------162066027313439892851116638267 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":"yhzwZltbImdrMl9leHBvc3VyZSIseyJpZGVudGlmaWVyIjoiMTA3MzUwMCIsImhhc2giOiJBVDdIdTVUWVNSdF9Kd3pXIn0sMTU5NDY3MzM4ODk0MCwwLDUwXSxbInJlcXVpcmVfY29uZF8RYBxfbG9nZ2luZ0JoAPBWQWEzWVczZ1o5Q3NwWnF2R1pSTHNUUXU5NUNBWHZXUmhZcXZrdC1rTldoNjJwdzN2dl85ZVJnRlVLZTdLTHFGZHYyNXdHOHF1dWh0eUpwNTZ6QmRQWS1nOp4AHDIsMCwxMDRdyp8A8GMxbGc5MmJfNTNfak5GaWFMaGNNQXRLRlZ3cUstdUVCUzF4N1BwbldnVWY2ZVRDV0pzTmY3STkzNWh6MnJLeDJ0dkpYVUY4N0RwWFppdmVqTTVrM1h5Sll2a0RyUmRyIn0sMTU5NUYFqAQxMwGocp4BFDk0Njg5NDKdATB1U05IeUFhREhYcGhzOv8AFDMsMCw0OYJWABQ2NzY5MjAuVgA0NGwxMWI0bXpoeUthZnY2VgAENTSqVgAAMTJWADB4eFU4dXRNN21VS2ZZNlYABDY2olYACDgzNy5WADQ1Z0xRci15eWhRcDJhNjZWAAQ3NZZWABgxMzk5MjE4LlcANDZNX0NBSThkM3BPcFNYHVcMOTAzNyFZADXS9gLwRDA3LU54dDhKVGVJcjJmcWg0cUxheVp4cXp1OUViRkpxeXZZSUZYbTV6Y3RyUktzZURQazJoZEVKaVU5dkFZMFZzTEtuazqOACGRBDg4IecAcrqEA/BQMmxuYzBxS0NPN1hUaFRKbEpyQlNlS0RNbGhCQmtnVGxub2lMTmk3eDJvVWk1d3EyVldPUnRCakVzQzBaazZiTWRnMC1jNzBXb0pNYUNYaGFROpoAADVlgNIpAfBSMV9QSTJhQ2xJam82dmlYNm11aWxzeURTRk1UYzliQkFRRGJxN0ppZmJCa2NjdWUtS2FoZk9ZN3ROamhodmpTMS1oOTN5Q2NnOF8zSkQ2MXFEVSJ5dCHEADcFnAgxXSx6EgUQNzI5NjMyHgM0NXpTNk5EWlBlNllQWTg68wAAOZ5yAgw4MTc2MnICNDdGNVhEVEZpZlg1YUprNlcABDgwtWhyIQQFrTJ1AzA3cTJ2NW44V0tiY2xwLngEBDkwCVaKIQQYMTI4MTUwNS4fAzQ0dUpKME1xZ0xqVFF6d9atABgxMjkxMDIzLlcANDU4ZGU4cWJLMkZzTWRaOlcAIbJpdnIEARgxMjk0MTgyLlcANDdEalplUHJVajZrNXc5OlcAADiWWwEUMTQwMTA2MgkCNDRfYUJTRXB0dGNJOEtk3lcADDg1MDUyXAEwNWtVR2ZJdGN1RjZMUd5XABA1ODQ3OTIpBTQ2TDRIRUdINzZ3WmFHT9auABA2Nzc3NjZbATBURFZGSXlkWUJUakFDMlYABDQweQ3CmgTwSkJCMVUwdW5ESm9oVXcxYlBEUVFDVy10SzNkZGxrdjhrekhHRTlaYXVhdDI1YjUtMTVGdkNETHpRVlZ2Tmx6Q0pRcHNrUTd4Wm1hd0qVAAQ5NWH4vpUA8FYxN3dmQTdxemluQXpVS29KQmhyZVBCNk1wQTl5VnBHRGEweGpmUWptTTQxeXQ3aW41OXBhOWk4STJYaURfTndlODBOQXBuRkVZM0M4LVNoMUE0OHFuUiIumAQpNAQxMAWgIGNsaWNrX3JlZhJHCShlciIsWyIySWRLIiKDCSQ5MDQ1NiwiYWN0GRRsODk5MjUsMCwiZW1haWwiLCJjb250ZXh0bWVudUIOAEQtIiwiciIsIi8iLHsiZnQiOnsNdkB0eXBlIjoicmlnaHQifSwiZwEcDH19LDANAhgibHhiNHNjATsobG9naW4ucGhwIl0ymQABhQQxNqX+drEDEDA5OTg5NggENF9RbVk0c2ZvRFJUdXUiMiIBBDk0dbG+wQHwXjB5X0tUOXhVRTRMRjNfWDE0X0lUQWZVd2paUWRRdVdrUW1ob080ZzNybGc2aEJ0WTFoVF9FRU00cUJmX3ZsZUJSVUlzZlNoeDZIRWVHdnI0SmlyUi1fdFJDU0pQTDQiRqcAGtUJRHNjcmlwdF9wYXRoX2NoYW5nZSFvFHNvdXJjZQUWGCI6bnVsbCwRExB0b2tlbhEUCGRlcwk7CCI6Ij1sACwJGQ0rGCJhZDk3NjQSxwmAaW1wcmVzc2lvbl9pZCI6IjA4Rm5RUG1yUGg0aldWYzV0QQYIYXVzIeB4bG9hZCIsInNpZF9yYXciOiI2YTRvNXc6dXV4eXJsOjXlFHJlZmVychIjDBF6GGVmX3BhZ2UypwB4dXJpIjoiaHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL1kqLisBHDUxMSwwLDI1RfRMd2ViX2RldmljZV9wZXJmX2luZm9B/yExoGNwdV9jb3JlcyI6MSwiZ3B1X3ZlbmRvciI6IlZNd2FyZSwgSW5jLiIsBRwQcmVuZGUJs3xsbHZtcGlwZSAoTExWTSAxMC4wLjAsIDI1NiBiaXRzKS6PABwxMDgyLDAsOYaOCxQxNDI3MzA2xAcwRWdteERZemZnLTJGNzJXAAQzNQHmisAGEDcwODI1Ng4DMGZXd19JUFFkSW5oSG8yVgAINTE2InEIOGNhdGVnb3JpemVkX29kcyEybDI5NjYiOnsibXMudGltZV9zcGVudC5xYS53d3cBGB0VIQkoLmpzX2luaXRpYWwBRhgiOlsxXX19PawoMTUxNywwLDcyXV0=","user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"categorized_ods","send_method":"ajax","compression":"snappy_base64","snappy_ms":33},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[34]}}},1594673391520,0,51]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[33]}}},1594673391520,0,47]],"user":"0","appid":"256281040558","compression":""}] -----------------------------162066027313439892851116638267-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------17100139412599297751483920862 Content-Disposition: form-data; name="ts" 1594673391737 -----------------------------17100139412599297751483920862 Content-Disposition: form-data; name="q" [{"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","app_id":"256281040558","posts":[["logger:LoginEventsLoggerConfig",{"event":"browser_autocomplete","prefill_source":"browser_onload","prefill_type":"contactpoint"},1594673391735,0,97]],"trigger":"logger:LoginEventsLoggerConfig"}] -----------------------------17100139412599297751483920862-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------392910638984098151733831907 Content-Disposition: form-data; name="ts" 1594673393078 -----------------------------392910638984098151733831907 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594671900879,"act",1594671900875,2,"login","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},684,367,0,0,"tng441","/login.php"],1594671900878,0,151]],"user":"0","webSessionId":"2toe9a:uwakqs:tng441","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673392992,"act",1594673392988,1,"email","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},564,268,0,0,"lxb4sc","/login.php"],1594673392991,0,151]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[4]}}},1594673393063,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[6]}}},1594673393068,0,46]],"user":"0","appid":"256281040558","compression":""}] -----------------------------392910638984098151733831907-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------186824930678138621516920702 Content-Disposition: form-data; name="ts" 1594673398500 -----------------------------186824930678138621516920702 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["time_spent_bit_array",{"tos_id":"lxb4sc","start_time":1594673390,"tos_array":[239,0],"tos_len":9,"tos_seq":0,"tos_cum":7,"sid_raw":"6a4o5w:uuxyrl:lxb4sc"},1594673398477,0,132]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"time_spent_bit_array","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673398480,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673398481,0,46]],"user":"0","appid":"256281040558","compression":""}] -----------------------------186824930678138621516920702-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="ts" 1594673403614 -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673403576,"act",1594673403572,2,"pass","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},621,317,0,0,"lxb4sc","/login.php"],1594673403574,0,150]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673403608,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673403609,0,46]],"user":"0","app_id":"256281040558","compression":""}] -----------------------------81804739318699862351313610361-- POSSIBLE PASSWORD FIELD FOUND: -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="ts" 1594673403614 -----------------------------81804739318699862351313610361 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673403576,"act",1594673403572,2,"pass","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},621,317,0,0,"lxb4sc","/login.php"],1594673403574,0,150]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673403608,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673403609,0,46]],"user":"0","appid":"256281040558","compression":""}] -----------------------------81804739318699862351313610361-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: user=0 PARAM: a=1 PARAM: dyn=7xe6Fo4OQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXx60kO4o3Bw5VCwjE3awbG783pwlU7i0n2US1kyE1oU884y0Mo28xe0SU2swdq0Ho2ew PARAM: csr= PARAM: req=7 PARAM: beoa=0 PARAM: pc=PHASED:DEFAULT PARAM: dpr=1 PARAM: ccg=MODERATE PARAM: rev=1002360775 PARAM: s=6a4o5w:uuxyrl:lxb4sc PARAM: hsi=6849062689416449023-0 PARAM: comet_req=0 PARAM: lsd=AVqB73WD PARAM: jazoest=2591 POSSIBLE PASSWORD FIELD FOUND: spin_r=1002360775 POSSIBLE PASSWORD FIELD FOUND: __spin_b=trunk POSSIBLE PASSWORD FIELD FOUND: spint=1594671674 [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: PARAM: jazoest=2591 PARAM: lsd=AVqB73WD PARAM: display= PARAM: enable_profile_selector= PARAM: isprivate= PARAM: legacy_return=0 PARAM: profile_selector_ids= PARAM: return_session= POSSIBLE USERNAME FIELD FOUND: skip_api_login= PARAM: signed_next= PARAM: trynum=1 PARAM: timezone=330 PARAM: lgndim=eyJ3IjoxMzY2LCJoIjo2NjMsImF3IjoxMzY2LCJhaCI6NjMyLCJjIjoyNH0= PARAM: lgnrnd=132114_2YWu PARAM: lgnjs=1594673390 POSSIBLE USERNAME FIELD FOUND: email=trySET-uk.com PARAM: prefill_contact_point=try+SET.com PARAM: prefill_source=browser_onload PARAM: prefill_type=contact_point PARAM: first_prefill_source=browser_dropdown PARAM: first_prefill_type=contact_point PARAM: had_cp_prefilled=true POSSIBLE PASSWORD FIELD FOUND: had_password_prefilled=false PARAM: ab_test_data=AAAAAAAPAAA/AAAAPAAAAAAAAAAAAPAPAAAAAAAAZ/fAGAGAAAECAE PARAM: ep=#PWD_BROWSER:5:1594673416:AS9QAGRx377brcPVPSon2Kdx5A8cKP30No0JF8soO3ZiNGx4naYWIfMwfibI/YrOL3O9SHiqQS+EcAF1R2BvJUKNNxyO2uYx8i4oF6J69/tI/ItCd1tiUxirJmDte8p+JGssGT8/gzvIYsKZa5s/ POSSIBLE PASSWORD FIELD FOUND: encpass=#PWDBROWSER:5:1594673416:AS9QAGRx377brcPVPSon2Kdx5A8cKP30No0JF8soO3ZiNGx4naYWIfMwfibI/YrOL3O9SHiqQS+EcAF1R2BvJUKNNxyO2uYx8i4oF6J69/tI/ItCd1tiUxirJmDte8p+JGssGT8/gzvIYsKZa5s/ [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------13966898841476094930754589952 Content-Disposition: form-data; name="ts" 1594673416668 -----------------------------13966898841476094930754589952 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":[["click_ref_logger",["2IdK",1594673415953,"act",1594673415941,3,"login","click","click","-","r","/",{"ft":{"click_type":"left"},"gt":{}},646,361,0,0,"lxb4sc","/login.php"],1594673415953,0,151]],"user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","trigger":"click_ref_logger","send_method":"ajax","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[3]}}},1594673416630,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[3]}}},1594673416630,0,46]],"user":"0","appid":"256281040558","compression":""}] -----------------------------13966898841476094930754589952-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [_] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: -----------------------------1962363261633658327879440781 Content-Disposition: form-data; name="ts" 1594673416863 -----------------------------1962363261633658327879440781 Content-Disposition: form-data; name="q" [{"app_id":"256281040558","posts":"9QSQW1siY2F0ZWdvcml6ZWRfb2RzIix7IjI5NzkiOnsiYmFuemFpIgEK4Gx1ZV90b3RhbF9tZXNzYWdlc19yZWNlaXZlZCI6WzQ5XX19fSwxNTk0NjczNDE2Nzg2LDAsNTddLOphACBzZW50IjpbNTBCXQAUNywwLDUzAV1MdGltZV9zcGVudF9iaXRfYXJyYXkBw1x0b3NfaWQiOiJseGI0c2MiLCJzdGFydF8BMAQiOg2pDDM5OSwFKgk3KDpbMTA4MTgxLDBdCRcYbGVuIjoxOAkNFHNlcSI6MQkMgGN1bSI6MTYsInNpZF9yYXciOiI2YTRvNXc6dXV4eXJsOg12BH0sDWosNDE2Nzk5LDAsMTM3AbdEc2NyaXB0X3BhdGhfY2hhbmdlAbUUc291cmNlBRYwIjoiL2xvZ2luLnBocAG+CRsIdG9rAZQ4ImFkOTc2NDIwIiwiZGVzCUkUIjpudWxsDRENKQkSNGNhdXNlIjoidW5sb2FkAU52twAALBGKGGVmX3BhZ2URWg2FdHVyaSI6Imh0dHBzOi8vd3d3LmZhY2Vib29rLmNvbR23Lv8AKDgwNCwwLDIxMV1d","user":"0","webSessionId":"6a4o5w:uuxyrl:lxb4sc","send_method":"beacon","compression":"snappy_base64","snappy_ms":21},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_received":[4]}}},1594673416806,0,50]],"user":"0","app_id":"256281040558","compression":""},{"webSessionId":"6a4o5w:uuxyrl:lxb4sc","posts":[["categorized_ods",{"2979":{"banzai":{"blue_messages_sent":[6]}}},1594673416807,0,46]],"user":"0","appid":"256281040558","compression":""}] -----------------------------1962363261633658327879440781-- [] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. Whats website are you cloning?
I am starting my learning with setoolkit, cloning www.facebook.com
the password is encrypt and try to not use social networks, start with more simples websites or usea the setoolkit templates
502-DropDread
commented
4 years ago the password is encrypt and try to not use social networks, start with more simples websites or usea the setoolkit templates
oh seriously ... I had no idea about that, I was guided by tutorials. Thank you very much for your help regards
Than10thousand
commented
4 years ago the password is encrypt and try to not use social networks, start with more simples websites or usea the setoolkit templates
*oh seriously ... I had no idea about that, I was guided by tutorials. Thank you very much for your help regards
I have the same issue.but I was doing this fine before I updating my Kali Linux.On Kali 2.0 SANA version it worked much fine...but in latest kali 2020.2b is the one i have this issue...anyone can help?
consulsueco
commented
4 years ago That worked for me. Thanks. If you are a new at linux or don't know how to edit files with higher level of permission, check this link to learn it. https://success.trendmicro.com/solution/1113864-editing-configuration-files-of-linux-based-products
mtshikomba
commented
4 years ago I had the same error. I noticed I was using Python 3.7, and the project required Python 3.6.
The solution was to downgrade to Python 3.6. This solved the problem for me.
py-radicz
commented
3 years ago import cgi
from html import escape
cgi.escape = escapedid the thing for me
spyder-sanju
commented
3 years ago how to edit harvester.py file it says permission denied
bro firstly u hv to loggin as a super user (root user) then u need to learn chmod commands to give permissions to the files ..,
Expected Behaviour Print output
Put here what the expected behaviour should be when reporting an issue
Actual Behaviour Exception happened during processing of request from ('0.0.0.0', 63279)
Traceback (most recent call last):
File "/usr/lib/python3.8/socketserver.py", line 650, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.8/socketserver.py", line 360, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.8/socketserver.py", line 720, in init
self.handle()
File "/usr/lib/python3.8/http/server.py", line 427, in handle
self.handle_one_request()
File "/usr/lib/python3.8/http/server.py", line 415, in handle_one_request
method()
File "/usr/share/set/src/webattack/harvester/harvester.py", line 334, in do_POST
filewrite.write(cgi.escape("PARAM: " + line + "\n"))
AttributeError: module 'cgi' has no attribute 'escape'
Set Version 8.0.3