Need help with a weird postdata



  • hello everyone.
    i faced with this strange postdata and when ever i run the debugger i get this error in html view :
    {"statusCode":403,"description":"Invalid state","name":"AnomalyDetected","code":"access_denied"}
    and this is the post data:

    {client_id: "snuIZH5le2MaBPLQ67KAbMkwtsy3wHNJ",…}
    client_id: "snuIZH5le2MaBPLQ67KAbMkwtsy3wHNJ"
    connection: "ACS"
    nuperms: "eyJwZXJtaXNzaW9ucyI6W3siaWQiOiI2NzZlZTJjZS0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9TYXZlcnNfTmV3IiwiY3AiOiJTdW4gU2F2ZXJzIGdpdmVzIHlvdSBjYXNoLCB0cmVhdHMgYW5kIHByaXplcyDigJMgdGhhdOKAmXMgZXhjbHVzaXZlIG9mZmVycyBhbmQgcHJvbW90aW9ucyBpbmNsdWRpbmcgYm9udXMgY29kZXMsIEhvbGlkYXlzIGZyb20gwqM5LjUwLCBTdXBlcmRheXMgYW5kIG1vcmUuIFdlIHRoaW5rIHlvdeKAmWxsIGxvdmUgaXQsIGJ1dCBpZiBub3QsIHlvdSBjYW4gY2hhbmdlIHlvdXIgcHJlZmVyZW5jZXMgYXQgYW55IHRpbWUuIiwidHkiOiJBdXRvIiwidmUiOiIyMDE4LTA5LTIwVDEyOjUwOjA2LjAwMFoiLCJjdCI6IldoYXQgeW914oCZbGwgZ2V0IiwiY2EiOiJOT05FIn0seyJpZCI6IjY3NmVlNzdlLTFkNmMtMTFlOC1iNDY3LTBlZDVmODlmNzE4YiIsImNkIjoiU3VuX1NhdmVyc19CcmFuZCIsImNwIjoiV2XigJlsbCBrZWVwIHlvdSB1cGRhdGVkIG9uIHNwZWNpYWwgb2ZmZXJzIGFuZCBwcm9tb3Rpb25zIGZyb20gcHJvZHVjdHMgbGlrZSBTdW4gQmluZ28sIEVkaXRvcmlhbCBuZXdzbGV0dGVycyBhbmQgbW9yZS4iLCJ0eSI6IlNvZnQiLCJ2ZSI6IjIwMTgtMDktMjBUMTI6NTA6MDYuMDAwWiIsImN0IjoiVGhlcmXigJlzIG1vcmUiLCJjYSI6IkJPT0wiLCJjYTEiOiJJZiB5b3XigJlkIHByZWZlciBub3QgdG8gcmVjZWl2ZSB0aGVzZSwgdGljayBoZXJlLiJ9LHsiaWQiOiI2NzZmMTZlMC0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9NYXJrZXRpbmciLCJjcCI6Ildl4oCZbGwga2VlcCB5b3UgdXAgdG8gc3BlZWQgd2l0aCBleGNsdXNpdmUgb2ZmZXJzLCBwcm9tb3Rpb25zIGFuZCBwcm9kdWN0cyBmcm9tIFRoZSBTdW4gdGhhdCB3ZSB0aGluayB5b3XigJlsbCBsb3ZlLiBTb3VuZCBnb29kPyIsInR5IjoiSGFyZCIsInZlIjoiMjAxOC0wOS0yMFQxMjo1MDowNi4wMDBaIiwiY2giOlsiRW1haWwiLCJQb3N0IiwiUGhvbmUiLCJTTVMiXSwiY3QiOiJUaGF04oCZcyBub3QgYWxsIiwiY2EiOiJNVVRVQUxfRVgiLCJjYTEiOiJZZXMiLCJjYTIiOiJObyJ9LHsiaWQiOiI2NzZlZTUyNi0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9TYXZlcnNfSW5saWZlIiwidHkiOiJBdXRvIiwidmUiOiIyMDE4LTA5LTIwVDEyOjUwOjA2LjAwMFoiLCJjaCI6WyJFbWFpbCIsIlBvc3QiLCJQaG9uZSIsIlNNUyJdLCJjYSI6Ik5PTkUifV19"
    nustate: "eyJyZXR1cm5fdXJsIjoiaHR0cHM6Ly9zYXZlcnMudGhlc3VuLmNvLnVrL2xvZ2luIiwicHJvZHVjdEdyb3VwIjoiU3VuX1NhdmVycyJ9"
    password: "password"
    popup_options: {}
    prompt: "login"
    protocol: "oauth2"
    redirect_uri: "website address
    response_type: "code"
    scope: "openid profile email"
    sso: true
    state: "g6Fo2SA3dkRZRjNmc3lCYU5jeG1MOFJVcndOR3E2MllyNEZxb6N0aWTZIERXSVlJSXhTVDc3QlVjZGFXMUF5bWVHOEhhbVgxM0Vso2NpZNkgc251SVpINWxlMk1hQlBMUTY3S0FiTWt3dHN5M3dITko"
    tenant: "newsuk-ngn"
    username: "email"
    _csrf: "sGkMHo3u-gBljwQWoM_XKYqgbaG9TNjuNQ3A"
    _intstate: "deprecated"
    


  • You have to parse the required values like _csrf and generate 0auth if there is.



  • @Jaxson the _csrf that is in log is different and shorter then the csrf in post data.
    i couldn't find the _csrf on log.



  • Since you get "Access Denied", one of the parameters must be wrong.


  • Mod

    @Kirkoloft
    Hey do you have check in the login page CTRL+U?



  • @Why001 yeah bro, but it seems to have Akamai according to @Jaxson opinion


  • Mod

    @Kirkoloft Hum I see I see



  • It's not an opinion, it's a real statement.


  • Mod

    @Kirkoloft
    There are an akamai bro dead for you



  • @Jaxson ok, bro i saw it. thank you


  • Mod

    If you want we can check it on discord @Kirkoloft


Log in to reply