thc-hydra icon indicating copy to clipboard operation
thc-hydra copied to clipboard

Published 20 hours ago verified publisher icon vanhauser-thc

Brute Force Verification Form in GraphQL

Open dids-reyes opened this issue 1 year ago • 1 comments

Is this possible?

hydra -P path/to/my/wordlist.txt https:target.com https-post-form "{"variables":{},"query":"mutation {\n changePassword(password: \"Password\", verificationCode: \"^PASS^\", mobileNo: \"number\")\n}\n"}"

Screenshot 2023-12-13 at 4 43 50 PM

i don't need a login flag since i want to brute force only one field verificationCode. But it doesn't work with https, or in GraphQL mutation, am i doing it wrong?

dids-reyes avatar Dec 13 '23 08:12 dids-reyes

you could set the login to be the mobileno and insert that

vanhauser-thc avatar Jan 10 '24 12:01 vanhauser-thc