updated templates
parent
c69b1e7619
commit
ae8b2125a1
|
@ -15,17 +15,14 @@ requests:
|
|||
- |
|
||||
GET https://identity.atechmedia.com/login HTTP/1.1
|
||||
Host: identity.atechmedia.com
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
|
||||
Referer: https://identity.atechmedia.com/login
|
||||
|
||||
- |
|
||||
POST https://identity.atechmedia.com/login HTTP/1.1
|
||||
Host: identity.atechmedia.com
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
|
||||
Origin: https://identity.atechmedia.com
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: https://identity.atechmedia.com/login
|
||||
Connection: close
|
||||
|
||||
utf8=%E2%9C%93&authenticity_token={{url_encode(authenticity_token)}}&username={{username}}&password={{password}}&commit=Login
|
||||
|
||||
|
@ -39,6 +36,7 @@ requests:
|
|||
internal: true
|
||||
xpath:
|
||||
- /html/body/div/div[2]/div/form/input[2]
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- username
|
||||
|
@ -50,6 +48,7 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- 'Set-Cookie: user_session'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
|
|
@ -17,7 +17,6 @@ requests:
|
|||
Content-Type: application/json
|
||||
Origin: https://id.atlassian.com
|
||||
Referer: https://id.atlassian.com/
|
||||
Connection: close
|
||||
|
||||
{"username":"{{username}}","password":"{{password}}","state":{"csrfToken":"{{rand_text_alpha(10, "")}}"}}
|
||||
|
||||
|
@ -26,6 +25,7 @@ requests:
|
|||
dsl:
|
||||
- username
|
||||
- password
|
||||
|
||||
attack: pitchfork
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
@ -33,6 +33,7 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- '"error_description":"Wrong email or password."'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 403
|
||||
|
|
|
@ -25,6 +25,7 @@ requests:
|
|||
dsl:
|
||||
- username
|
||||
- password
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
@ -32,6 +33,7 @@ requests:
|
|||
words:
|
||||
- '"email":"'
|
||||
- '"eid":"'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -15,9 +15,6 @@ requests:
|
|||
POST https://api.chef.io/login HTTP/1.1
|
||||
Host: api.chef.io
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
|
||||
Content-Length: 160
|
||||
|
||||
utf8=%E2%9C%93&authenticity_token=&authenticity_token=&to=https://api.chef.io/login-success&username={{username}}&password={{password}}&commit=Sign+In
|
||||
|
||||
|
@ -27,6 +24,7 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- 'Location: https://api.chef.io/login-success'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
|
@ -12,13 +12,9 @@ info:
|
|||
self-contained: true
|
||||
requests:
|
||||
- raw:
|
||||
- |-
|
||||
- |
|
||||
POST https://hub.docker.com/v2/users/login HTTP/1.1
|
||||
Host: hub.docker.com
|
||||
Accept: */*
|
||||
Accept-Language: en-US;q=0.9,en;q=0.8
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36
|
||||
Connection: close
|
||||
Content-Type: application/json
|
||||
|
||||
{
|
||||
|
@ -34,10 +30,12 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- 'token'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'Set-Cookie: token='
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -12,7 +12,7 @@ info:
|
|||
self-contained: true
|
||||
requests:
|
||||
- raw:
|
||||
- |-
|
||||
- |
|
||||
POST https://gitea.com/user/login HTTP/1.1
|
||||
Host: gitea.com
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
@ -31,6 +31,7 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- 'Location: /'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 303
|
|
@ -34,6 +34,7 @@ requests:
|
|||
internal: true
|
||||
xpath:
|
||||
- /html/body/div[3]/main/div/div[4]/form/input[1]
|
||||
|
||||
- type: xpath
|
||||
name: timestamp
|
||||
part: body
|
||||
|
@ -41,6 +42,8 @@ requests:
|
|||
internal: true
|
||||
xpath:
|
||||
- /html/body/div[3]/main/div/div[4]/form/div/input[10]
|
||||
|
||||
|
||||
- type: xpath
|
||||
name: timestamp_secret
|
||||
part: body
|
||||
|
@ -48,6 +51,7 @@ requests:
|
|||
internal: true
|
||||
xpath:
|
||||
- /html/body/div[3]/main/div/div[4]/form/div/input[11]
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- username
|
||||
|
|
|
@ -42,7 +42,6 @@ requests:
|
|||
- username
|
||||
- password
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
|
|
|
@ -15,12 +15,9 @@ requests:
|
|||
- |-
|
||||
POST https://api.pulumi.com/api/console/email/login HTTP/1.1
|
||||
Host: api.pulumi.com
|
||||
Content-Length: 48
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
|
||||
Content-Type: application/json
|
||||
Origin: https://app.pulumi.com
|
||||
Referer: https://app.pulumi.com/
|
||||
Connection: close
|
||||
|
||||
{"emailOrLogin":"{{username}}","password":"{{password}}"}
|
||||
|
||||
|
|
|
@ -20,25 +20,19 @@ http:
|
|||
- |
|
||||
GET /users/sign_in HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
|
||||
Accept-Language: en-US,en;q=0.9,de;q=0.8
|
||||
Connection: close
|
||||
|
||||
- |
|
||||
POST /users/sign_in HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Length: 186
|
||||
Cache-Control: max-age=0
|
||||
Origin: http://{{Hostname}}
|
||||
Origin: {{BaseURL}}
|
||||
DNT: 1
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
|
||||
Referer: http://{{Hostname}}/users/sign_in
|
||||
Referer: {{BaseURL}}/users/sign_in
|
||||
Accept-Language: en-US,en;q=0.9,de;q=0.8
|
||||
Connection: close
|
||||
|
||||
authenticity_token={{url_encode(authenticity_token)}}&user%5Blogin%5D={{username}}&user%5Bpassword%5D={{password}}&user%5Bremember_me%5D=0
|
||||
|
||||
cookie-reuse: true
|
||||
attack: pitchfork
|
||||
|
||||
|
@ -50,12 +44,12 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '"/users/sign_in".*?authenticity_token"\s+value="([^"]+)"'
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- username
|
||||
- password
|
||||
|
||||
matchers-condition: and
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
|
|
|
@ -23,13 +23,10 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
accept: application/json, text/plain, */*
|
||||
DNT: 1
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
|
||||
content-type: application/json
|
||||
Origin: {{BaseURL}}
|
||||
Referer: {{BaseURL}}/login
|
||||
Accept-Language: en-US,en;q=0.9,de;q=0.8
|
||||
Cookie: redirect_to=%2F
|
||||
Connection: close
|
||||
|
||||
{"user":"{{username}}","password":"{{password}}"}
|
||||
|
||||
|
@ -38,6 +35,7 @@ requests:
|
|||
dsl:
|
||||
- username
|
||||
- password
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
Loading…
Reference in New Issue