General Questions

Didn't want to hijack the m0n0back.exe thread so I started this thread. I was looking at the response from an http server GET request and I received the following:

Code:

X-Powered-By: PHP/4.4.9
Last-Modified: Wed, 11 Dec 2013 23:48:16 GMT
Cache-Control: post-check=0, pre-check=0
Content-Type: text/plain
Set-Cookie: PHPSESSID=c3bfd02086904cc8a3a08f338ae0ade6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

sid:98ac64e693f1fb953e0164fd1d5a2ae71afe7321,1386805696;ip:5f2a63c96b400a1b4d406ca379dc68bdd953cae5,1386805696

It would seem that the token would be the sid. What part of the sid line is the actual token? Is it the whole line or just the first part:

Code:

98ac64e693f1fb953e0164fd1d5a2ae71afe7321

To answer my own question. The line below is an example of a token that must be used with an HTTP POST command:

Code:

sid:98ac64e693f1fb953e0164fd1d5a2ae71afe7321,1386805696;ip:5f2a63c96b400a1b4d406ca379dc68bdd953cae5,1386805696

Hi,

AFAIK, what you call the "http server token" is the CSRF magic that is generated for a session/ip address couple.
One need to make a first request and grab the CSRF magic from the answer, using grep for instance.
I'm not sure I fully understood what your question was though.

Pierre

Hi,

AFAIK, what you call the "http server token" is the CSRF magic that is generated for a session/ip address couple.
One need to make a first request and grab the CSRF magic from the answer, using grep for instance.
I'm not sure I fully understood what your question was though.

Pierre

Pierre, I understood what the token was for. At the time of my original post, I wasn't sure what part of the sid: line was the token. I understand now though the entire sid: line is the token that should be posted to m0n0wall.