thc-hydra
thc-hydra copied to clipboard
the variables ^USER^ and ^PASS^ are not assigned correctly
IMPORTANT This is just for reporting BUGS not help on how to hack, how to use hydra, command line options or how to get it compiled. Please search for help via search engines. Issues asking for this here will be closed.
Describe the bug A bug is present in hydra, the variables ^USER^ and ^PASS^ are not assigned correctly and apparently the program works but after a network capture you can still see that they are not replaced
I attach screenshots, I don't know if this error is present in the entire code or only for the Android version.
To Reproduce I have hydra v9.6dev download of GitHub
Steps to reproduce the behavior:
- Run Android pcap
- In Termux run the command line: ./hydra -c 5 -l admin -p passwd 192.168.100.29 http-get "/login:user=^USER^&passwd=^PASS^"
- The command exit done
- In the pcap I can see the explicit variable (^USER^ and ^PASS^) in the request
GET /login?user=^USER^&passwd=^PASS^ HTTP/1.1 Host: 192.168.100.29 Connection: close Authorization: Basic YWRtaW46cGFzc3dk User-Agent: Mozilla/4.0 (Hydra)
Expected behavior GET /login?user=admin&passwd=passwd HTTP/1.1 Host: 192.168.100.29 Connection: close Authorization: Basic YWRtaW46cGFzc3dk User-Agent: Mozilla/4.0 (Hydra)
Screenshots
Termux
pcap
Desktop (please complete the following information):
- OS: Android Termux 0.118.0
- hydra version current github state v9.6dev