What's type of hash is it ? How to parse it ?



  • Hey, I want to know what type of hash this is ! I made some researches and it appears to be a hmac but I dont know from where and how to parse it Capture.PNG because its inexistent in the source page !



  • What happens if you just put a random HMAC in there? If it says there's an error then it'll be something on the website I do believe...



  • It says like incorrect hash something like that !

    Also it all time changes even If I dont change the password !
    @Nalon



  • @Niper Ok it might be something on the website. I don't think it'll be your username or password that's being hashed because the post request is the only time it gets uploaded.. Maybe is the csrf token? Try turning the csrf token into a hmac thing and sending the request then? I am really not to sure, I'm sure Yuri will know though if he / she gets on.


  • Admin

    The fact that it changes all the time probably means that a csrf code or unix timestamp is mixed in to create the hash. You will have to look through the javascript of the website, hoping it's not obfuscated. I cannot help more, sorry.



  • <smart-aleck-mode>
    If we stick exactly to the Rules of Openbullet, you own the site or have at least the permission to use it on the site.
    And so you either should know how the value is generated or you can ask the one who operates the site.
    </smart-aleck-mode>


Log in to reply