₦airaland Forum

modestbrowser:
Ok... U didn't state it.

Yeah, I used fiddler to capture all required cookies, headers and post parameters. The thing is any time the form is submitted the JavaScript unsubmit(); Code adds some other custom cookies and parameters which are not visible in the pure html source code . The JavaScript code is very bulky so how can I detect which code is executed on form submit(); and detect how those cookies or parameters are gotten and implement it with c# for a successful login

modestbrowser:
I can now put u through.... It's easy
Only on Node.js tho

I know it’s achieveable with node.js , I’m trying to achieve this using c# or vb.net

Echatbook:
You can drop yours

+2347060****1. WhatsApp

Echatbook:
Which site are you trying to login to, let me see

If I should mention the site, some people might miss behave.

Should I drop my contact or you drop yours so I can paste it on WhatsApp

Must it be in js or can it be called from another language like python

holuphisayor:
It's headless by default.
share ur whatsapp I'll contact u.

+2347060******

holuphisayor:
Have you tried puppeteer?
Since, you already know the problem.

puppeteer Is a node.js library and I’m guessing it will it will do the job , but how fast can it run

Can I have your phone number or email ?

holuphisayor:
what do you mean by hidden cookie?
I use fiddler to capture network requests. But isn't it the same as checking your network tab on your browser and copying the request headers?

It will capture the request headers quite alright,
In the same request header there are some essential cookies sent along with the request. And if the server does not see that cookie it won’t give the right response, and in this case the cookie is unique for each request and I don’t know where it came from using chrome network tester or fiddler .


In some other sites it might be a token generated by an algorithm that can be sent back as a cookie or as a csrf token along with the request. And if the token or cookie does not match the algorithm the server will return a bad response.

The problem is this sites hide the way this cookie or csrf are gotten so no one can send post or get request to the server without using a Webbrowser

Thanks bro, I was using fiddler and chrome network development tester it only showed me the url parameters, and a cookie which I don’t know where it came from . I will try with burp and give you reply .

Thanks man

I can’t believe my eyes , is there no ethical hacker in this forum ?

Hello nairaland
I am an ethical hacker am trying to programmatically log into a website , I successfully gained access nairaland and some other tough sites and it worked because nairaland does have much security for that .

But when I try to login to some other sites it won’t work cus I may not have supplied the right cookie as a real browser would or sometimes there are some client side tokens that are difficult to find out where they where generated .


Abeg who sabi web pentesting very well , make we meet abeg

ogocology:
Sorry, people.
I was actually working on a project and planned posting pictures and steps after I get it to work.
It was a quad copter. (You'll understand why I used past tense later)
I used the following:
4pcs 2212 1000kv brushless motors.
4pcs ESCs
Kk 2.15 flight controller
Turnigy 9x Radio Transmitter and receiver (8Ch)
Zippy 3000mah 3S lipo battery.

After setting up and configuration, I went outdoors to test the quad.

1st trial crashed into a tree. Luckily, no damage was done.
The second time, it gained altitude fast.
And in a twinkle of an eye, it disappeared into the sky.

A 3-hour long search couldn't find it. I'm still searching though.

So sad!

, I can build my own flight controllers from scratch, that's building not coupling , what u're doing is coupling