Need help with a weird postdata
-
hello everyone.
i faced with this strange postdata and when ever i run the debugger i get this error in html view :
{"statusCode":403,"description":"Invalid state","name":"AnomalyDetected","code":"access_denied"}
and this is the post data:{client_id: "snuIZH5le2MaBPLQ67KAbMkwtsy3wHNJ",…} client_id: "snuIZH5le2MaBPLQ67KAbMkwtsy3wHNJ" connection: "ACS" nuperms: "eyJwZXJtaXNzaW9ucyI6W3siaWQiOiI2NzZlZTJjZS0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9TYXZlcnNfTmV3IiwiY3AiOiJTdW4gU2F2ZXJzIGdpdmVzIHlvdSBjYXNoLCB0cmVhdHMgYW5kIHByaXplcyDigJMgdGhhdOKAmXMgZXhjbHVzaXZlIG9mZmVycyBhbmQgcHJvbW90aW9ucyBpbmNsdWRpbmcgYm9udXMgY29kZXMsIEhvbGlkYXlzIGZyb20gwqM5LjUwLCBTdXBlcmRheXMgYW5kIG1vcmUuIFdlIHRoaW5rIHlvdeKAmWxsIGxvdmUgaXQsIGJ1dCBpZiBub3QsIHlvdSBjYW4gY2hhbmdlIHlvdXIgcHJlZmVyZW5jZXMgYXQgYW55IHRpbWUuIiwidHkiOiJBdXRvIiwidmUiOiIyMDE4LTA5LTIwVDEyOjUwOjA2LjAwMFoiLCJjdCI6IldoYXQgeW914oCZbGwgZ2V0IiwiY2EiOiJOT05FIn0seyJpZCI6IjY3NmVlNzdlLTFkNmMtMTFlOC1iNDY3LTBlZDVmODlmNzE4YiIsImNkIjoiU3VuX1NhdmVyc19CcmFuZCIsImNwIjoiV2XigJlsbCBrZWVwIHlvdSB1cGRhdGVkIG9uIHNwZWNpYWwgb2ZmZXJzIGFuZCBwcm9tb3Rpb25zIGZyb20gcHJvZHVjdHMgbGlrZSBTdW4gQmluZ28sIEVkaXRvcmlhbCBuZXdzbGV0dGVycyBhbmQgbW9yZS4iLCJ0eSI6IlNvZnQiLCJ2ZSI6IjIwMTgtMDktMjBUMTI6NTA6MDYuMDAwWiIsImN0IjoiVGhlcmXigJlzIG1vcmUiLCJjYSI6IkJPT0wiLCJjYTEiOiJJZiB5b3XigJlkIHByZWZlciBub3QgdG8gcmVjZWl2ZSB0aGVzZSwgdGljayBoZXJlLiJ9LHsiaWQiOiI2NzZmMTZlMC0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9NYXJrZXRpbmciLCJjcCI6Ildl4oCZbGwga2VlcCB5b3UgdXAgdG8gc3BlZWQgd2l0aCBleGNsdXNpdmUgb2ZmZXJzLCBwcm9tb3Rpb25zIGFuZCBwcm9kdWN0cyBmcm9tIFRoZSBTdW4gdGhhdCB3ZSB0aGluayB5b3XigJlsbCBsb3ZlLiBTb3VuZCBnb29kPyIsInR5IjoiSGFyZCIsInZlIjoiMjAxOC0wOS0yMFQxMjo1MDowNi4wMDBaIiwiY2giOlsiRW1haWwiLCJQb3N0IiwiUGhvbmUiLCJTTVMiXSwiY3QiOiJUaGF04oCZcyBub3QgYWxsIiwiY2EiOiJNVVRVQUxfRVgiLCJjYTEiOiJZZXMiLCJjYTIiOiJObyJ9LHsiaWQiOiI2NzZlZTUyNi0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9TYXZlcnNfSW5saWZlIiwidHkiOiJBdXRvIiwidmUiOiIyMDE4LTA5LTIwVDEyOjUwOjA2LjAwMFoiLCJjaCI6WyJFbWFpbCIsIlBvc3QiLCJQaG9uZSIsIlNNUyJdLCJjYSI6Ik5PTkUifV19" nustate: "eyJyZXR1cm5fdXJsIjoiaHR0cHM6Ly9zYXZlcnMudGhlc3VuLmNvLnVrL2xvZ2luIiwicHJvZHVjdEdyb3VwIjoiU3VuX1NhdmVycyJ9" password: "password" popup_options: {} prompt: "login" protocol: "oauth2" redirect_uri: "website address response_type: "code" scope: "openid profile email" sso: true state: "g6Fo2SA3dkRZRjNmc3lCYU5jeG1MOFJVcndOR3E2MllyNEZxb6N0aWTZIERXSVlJSXhTVDc3QlVjZGFXMUF5bWVHOEhhbVgxM0Vso2NpZNkgc251SVpINWxlMk1hQlBMUTY3S0FiTWt3dHN5M3dITko" tenant: "newsuk-ngn" username: "email" _csrf: "sGkMHo3u-gBljwQWoM_XKYqgbaG9TNjuNQ3A" _intstate: "deprecated"
-
You have to parse the required values like
_csrf
and generate0auth
if there is.
-
@Jaxson the _csrf that is in log is different and shorter then the csrf in post data.
i couldn't find the _csrf on log.
-
Since you get "Access Denied", one of the parameters must be wrong.
-
@Kirkoloft
Hey do you have check in the login page CTRL+U?
-
@Why001 yeah bro, but it seems to have Akamai according to @Jaxson opinion
-
@Kirkoloft Hum I see I see
-
It's not an opinion, it's a real statement.
-
@Kirkoloft
There are an akamai bro dead for you
-
@Jaxson ok, bro i saw it. thank you
-
If you want we can check it on discord @Kirkoloft