`hydra -l username -P passwordlist 127.0.0.1 https-post-form "/index.php:UserNa

1. `hydra -l username -P passwordlist 127.0.0.1 https-post-form "/index.php:UserName=^USER^&Password=^PASS^&submit=logout:invalid" -vV -f`
2.  
3. The option field (following the service field) takes three ":" separated
4. values and an optional fourth value, the first is the page on the server
5. to GET or POST to, the second is the POST/GET variables (taken from either
6. the browser, or a proxy such as PAROS) with the varying usernames and passwords
7. in the "^USER^" and "^PASS^" placeholders, the third is the string that it
8. checks for an *invalid* or *valid* login - any exception to this is counted
9. as a success.
10. So please:
11. * invalid condition login should be preceded by "F="
12. * valid condition login should be preceded by "S=".
13. By default, if no header is found the condition is assume to be a fail,
14. so checking for *invalid* login.