van Hauser
van Hauser
hmm yes that looks like a bug, lets see if I can reproduce this
can you please submit the server reply that results in that error? I can not see what is going wrong otherwise. changing that line is not the right solution to...
I can not reproduce this. can you please email me the output of the following command to vh(at)thc(dot)org: hydra -I -v -d -l foo -P /home/Passtest -t1 HOST https-form-post "/owa/auth.owa:destination=https%3A%2F%2Fhost%2Fowa%2F&flags=4&forcedownlevel=0&username=ciit/^USER^&password=^PASS^&passwordText=&isUtf8=1:S=private"...
no I cannot reproduce this and I generate the exact page that your target is generating. are you using not a current version? did you compile from github?
difficult trying to fix a bug I cannot reproduce ... I tried something, can you please get the new github state, recompile and test?
but that is more likely an issue that S= or F= are not set correctly. analyze with `-v -t 1 -d`
you will know when you debug the issue with the command line options I mentioned. if you do not look what is happenening you wont know
1st - hydra is not a fuzzer. if you want to fuzz parameters - use a fuzzer. 2nd - although there could be a heuristic which tries to identify which...
Ah you mean you use a raw request file where you put ^USER^ and ^PASS^ at the right location? why would you think that would better than the existing setup?...
OK I understand it now. In complex situations e.g. where there are get and post parameters and http headers. what basically would happen is that the feature would load the...