请问如何获取h1的token?还有bc和fuzz的

Question

请问如何获取h1的token?还有bc和fuzz的

Closed this issue 2 years ago · 5 comments

LonelyBoy2005 commented 2 years ago

[es]
hosts=http://192.168.182.134:9200
auth_user=elastic
auth_passwd=darkangel123

[bc]
bc_cookie=_crowdcontrol_session=xx

[h1]
h1_cookie=__Host-session=xx
x_csrf_token=xx

[fuzz]
key=xx

Answer 1 · 2023-02-23T11:44:22.000Z

h1、bc的token就是hackerone和bugcrowd的账号token，抓包就能看到，fuzz的是扫描器fuzz功能的key，目前没放出来该功能，暂时不用管。

Answer 2 · 2023-02-23T13:43:53.000Z

我通过burp抓包抓到了h1_cookie=__Host-session=xx和x_csrf_token=xx，但是运行 python3 darkangel.py --add-new-domain时却显示05:42:19,149 [INFOR] collecth1domain:90 - H1-Token失效，请及时更新。

Answer 3 · 2023-02-24T03:24:57.000Z

可能是遇到了这个编码问题：#5

Answer 4 · 2023-02-25T15:47:01.000Z

is it possible to add a domain (target) manually...??

Answer 5 · 2023-02-26T03:29:27.000Z

is it possible to add a domain (target) manually...??

https://github.com/Bywalks/DarkAngel#--add-domain-and-scan