Strona 1 z 1

Thc Hydra Brute force session/cookie(header)

: 08 lut 2017, 13:24
autor: AnnonymusPlayer
I have a problem with using a dictionary in Thc Hydra for Header/Cookie parametr.

hydra IP -l mylogin -P /.../test.txt http-get-form "/index.php:login=^USER^&password=mypassword:S=You are logged in!:H=Cookie: token=^PASS^;" -V

That command is working, when I not using ^PASS^ for checking token. When I trying to use ^PASS^ in token, that is not working, even if I have a got right token in test.txt.

I really asking for, a brute force a just header/cookie! For example, I know my login and password, but lets sey I "forgot" my token cookie. How can I brute force with Dictionary the Cookie in Header?

I hope everyone will understand my question!

PS. I using that, only for my permission/personal checking!!!

Re: Thc Hydra Brute force session/cookie(header)

: 10 lut 2017, 17:39
autor: MrBAD0094
You wanna hack router? OR php online/offline page?
Why do you use "/index.php:login=^USER^&password=mypassword:S=You are logged in!:H=Cookie: token=^PASS^;"??
Maybe you use wrong parametr? Do you sure to use "http-get-form" ?