Need help with a weird postdata

Kirkoloft

hello everyone.
i faced with this strange postdata and when ever i run the debugger i get this error in html view :
{"statusCode":403,"description":"Invalid state","name":"AnomalyDetected","code":"access_denied"}
and this is the post data:

{client_id: "snuIZH5le2MaBPLQ67KAbMkwtsy3wHNJ",…}
client_id: "snuIZH5le2MaBPLQ67KAbMkwtsy3wHNJ"
connection: "ACS"
nuperms: "eyJwZXJtaXNzaW9ucyI6W3siaWQiOiI2NzZlZTJjZS0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9TYXZlcnNfTmV3IiwiY3AiOiJTdW4gU2F2ZXJzIGdpdmVzIHlvdSBjYXNoLCB0cmVhdHMgYW5kIHByaXplcyDigJMgdGhhdOKAmXMgZXhjbHVzaXZlIG9mZmVycyBhbmQgcHJvbW90aW9ucyBpbmNsdWRpbmcgYm9udXMgY29kZXMsIEhvbGlkYXlzIGZyb20gwqM5LjUwLCBTdXBlcmRheXMgYW5kIG1vcmUuIFdlIHRoaW5rIHlvdeKAmWxsIGxvdmUgaXQsIGJ1dCBpZiBub3QsIHlvdSBjYW4gY2hhbmdlIHlvdXIgcHJlZmVyZW5jZXMgYXQgYW55IHRpbWUuIiwidHkiOiJBdXRvIiwidmUiOiIyMDE4LTA5LTIwVDEyOjUwOjA2LjAwMFoiLCJjdCI6IldoYXQgeW914oCZbGwgZ2V0IiwiY2EiOiJOT05FIn0seyJpZCI6IjY3NmVlNzdlLTFkNmMtMTFlOC1iNDY3LTBlZDVmODlmNzE4YiIsImNkIjoiU3VuX1NhdmVyc19CcmFuZCIsImNwIjoiV2XigJlsbCBrZWVwIHlvdSB1cGRhdGVkIG9uIHNwZWNpYWwgb2ZmZXJzIGFuZCBwcm9tb3Rpb25zIGZyb20gcHJvZHVjdHMgbGlrZSBTdW4gQmluZ28sIEVkaXRvcmlhbCBuZXdzbGV0dGVycyBhbmQgbW9yZS4iLCJ0eSI6IlNvZnQiLCJ2ZSI6IjIwMTgtMDktMjBUMTI6NTA6MDYuMDAwWiIsImN0IjoiVGhlcmXigJlzIG1vcmUiLCJjYSI6IkJPT0wiLCJjYTEiOiJJZiB5b3XigJlkIHByZWZlciBub3QgdG8gcmVjZWl2ZSB0aGVzZSwgdGljayBoZXJlLiJ9LHsiaWQiOiI2NzZmMTZlMC0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9NYXJrZXRpbmciLCJjcCI6Ildl4oCZbGwga2VlcCB5b3UgdXAgdG8gc3BlZWQgd2l0aCBleGNsdXNpdmUgb2ZmZXJzLCBwcm9tb3Rpb25zIGFuZCBwcm9kdWN0cyBmcm9tIFRoZSBTdW4gdGhhdCB3ZSB0aGluayB5b3XigJlsbCBsb3ZlLiBTb3VuZCBnb29kPyIsInR5IjoiSGFyZCIsInZlIjoiMjAxOC0wOS0yMFQxMjo1MDowNi4wMDBaIiwiY2giOlsiRW1haWwiLCJQb3N0IiwiUGhvbmUiLCJTTVMiXSwiY3QiOiJUaGF04oCZcyBub3QgYWxsIiwiY2EiOiJNVVRVQUxfRVgiLCJjYTEiOiJZZXMiLCJjYTIiOiJObyJ9LHsiaWQiOiI2NzZlZTUyNi0xZDZjLTExZTgtYjQ2Ny0wZWQ1Zjg5ZjcxOGIiLCJjZCI6IlN1bl9TYXZlcnNfSW5saWZlIiwidHkiOiJBdXRvIiwidmUiOiIyMDE4LTA5LTIwVDEyOjUwOjA2LjAwMFoiLCJjaCI6WyJFbWFpbCIsIlBvc3QiLCJQaG9uZSIsIlNNUyJdLCJjYSI6Ik5PTkUifV19"
nustate: "eyJyZXR1cm5fdXJsIjoiaHR0cHM6Ly9zYXZlcnMudGhlc3VuLmNvLnVrL2xvZ2luIiwicHJvZHVjdEdyb3VwIjoiU3VuX1NhdmVycyJ9"
password: "password"
popup_options: {}
prompt: "login"
protocol: "oauth2"
redirect_uri: "website address
response_type: "code"
scope: "openid profile email"
sso: true
state: "g6Fo2SA3dkRZRjNmc3lCYU5jeG1MOFJVcndOR3E2MllyNEZxb6N0aWTZIERXSVlJSXhTVDc3QlVjZGFXMUF5bWVHOEhhbVgxM0Vso2NpZNkgc251SVpINWxlMk1hQlBMUTY3S0FiTWt3dHN5M3dITko"
tenant: "newsuk-ngn"
username: "email"
_csrf: "sGkMHo3u-gBljwQWoM_XKYqgbaG9TNjuNQ3A"
_intstate: "deprecated"

A Former User

You have to parse the required values like _csrf and generate 0auth if there is.

Kirkoloft

@Jaxson the _csrf that is in log is different and shorter then the csrf in post data.
i couldn't find the _csrf on log.

A Former User

Since you get "Access Denied", one of the parameters must be wrong.

Why001

@Kirkoloft
Hey do you have check in the login page CTRL+U?

Kirkoloft

@Why001 yeah bro, but it seems to have Akamai according to @Jaxson opinion

Why001

@Kirkoloft Hum I see I see

A Former User

It's not an opinion, it's a real statement.

Why001

@Kirkoloft
There are an akamai bro dead for you

Kirkoloft

@Jaxson ok, bro i saw it. thank you

Why001

If you want we can check it on discord @Kirkoloft