Thc Hydra Brute force session/cookie(header)
hydra IP -l mylogin -P /.../test.txt http-get-form "/index.php:login=^USER^&password=mypassword:S=You are logged in!:H=Cookie: token=^PASS^;" -V
That command is working, when I not using ^PASS^ for checking token. When I trying to use ^PASS^ in token, that is not working, even if I have a got right token in test.txt.
I really asking for, a brute force a just header/cookie! For example, I know my login and password, but lets sey I "forgot" my token cookie. How can I brute force with Dictionary the Cookie in Header?
I hope everyone will understand my question!
PS. I using that, only for my permission/personal checking!!!