Is correct these hash?
#4
(01-22-2018, 06:37 AM)epixoip Wrote: Is the json you posted the request or the response? If it's the request, and that is indeed a hash of the password, then the password is being hashed client-side and you simply need to read the javascript to figure out what it's doing. However, it looks like that hash isn't a password hash, but rather the session id.

Anyway, undeath is correct. The biggest threat to http is mitm, so you need to actually mitm the app to demonstrate that threat.

Thanks!

Maybe is a session id. The application connects to apache tomcat. I'm trying to filter by "http.request.method == POST", but I can't see hash pass :-(


Messages In This Thread
Is correct these hash? - by mmm286 - 01-21-2018, 11:06 PM
RE: Is correct these hash? - by undeath - 01-22-2018, 12:11 AM
RE: Is correct these hash? - by SebastianG33 - 02-05-2018, 08:46 PM
RE: Is correct these hash? - by epixoip - 01-22-2018, 06:37 AM
RE: Is correct these hash? - by mmm286 - 01-22-2018, 11:08 PM
RE: Is correct these hash? - by epixoip - 01-23-2018, 02:24 PM