Yuukiro Hitane
Addict
- Joined
- Jan 5, 2017
- Posts
- 33
- Reaction
- 34
- Points
- 72
As far as I know, this tutorial is only applicable to HTTP Injector App.
In this tutorial kailangan po ninyo ng apps na pwedeng makatulong sa understanding niyo tungkol sa payloads.
These apps are available at Google Playstore:
Once installed, you may now proceed:
To start with, I'll give you a sample PAYLOAD. This payload is actually working depende nalang sa "Proxy" at "SSH Server" kung gagana. Note that this payload is only one line, walang line breaks jan yan dapat actually.
GET You do not have permission to view the full content of this post. Log in or register now. HTTP/1.1[crlf]Host: You do not have permission to view the full content of this post. Log in or register now.: Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-G920W8 Build/MMB29K)[crlf]Connection: Keep-Alive[crlf]Accept-Encoding: gzip[crlf][crlf][raw][crlf][crlf]
EFGH
The two lines above will become one line nalang as:
ABCD[crlf]EFGH
In this tutorial kailangan po ninyo ng apps na pwedeng makatulong sa understanding niyo tungkol sa payloads.
These apps are available at Google Playstore:
1. HTTP Request Shooter
2. Packet Capture
2. Packet Capture
Once installed, you may now proceed:
To start with, I'll give you a sample PAYLOAD. This payload is actually working depende nalang sa "Proxy" at "SSH Server" kung gagana. Note that this payload is only one line, walang line breaks jan yan dapat actually.
GET You do not have permission to view the full content of this post. Log in or register now. HTTP/1.1[crlf]Host: You do not have permission to view the full content of this post. Log in or register now.: Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-G920W8 Build/MMB29K)[crlf]Connection: Keep-Alive[crlf]Accept-Encoding: gzip[crlf][crlf][raw][crlf][crlf]
- This payload is actually WORKING since libre naman talaga bumisita sa You do not have permission to view the full content of this post. Log in or register now. so dapat yung i-rereplace mo sa You do not have permission to view the full content of this post. Log in or register now. ay free site na pwede mong i-visit kapag wala kang load.
- Now open the app Packet Capture, then press the PLAY BUTTON (Green Triangle on Top Right Corner).
- Minimize the app, open the HTTP Request Shooter. It's better if you don't have any load, kasi malalaman mo kung kaya ba talagang ma i-visit yung You do not have permission to view the full content of this post. Log in or register now. nang FREE. Input mo siya sa URL, then method is GET, then press the header then the + symbol, sa header name, put "Connection" (w/o ""), sa header value, put "Keep-Alive". As far as I remember, parang Case Sensitive talaga gumawa ng payload kaya pay attention to your CAPS and Lower case letters. After those procedures, you may now press SEND Button. Kapag successful, ilang seconds lang, ma re-receive mo na ang tinatawag na HTTP Response. Naka sulat dapat jan "Status Code", "Elapsed Time", "Content", etc. The only thing that should bother you is the Status Code. The "Status code" should be preferably 200, 201, 202, 203, and so on, and pwede rin minsan yung 300, 301, 302, 303 and so on. Those status indicates na naka connect ka na sa You do not have permission to view the full content of this post. Log in or register now. through direct request.
- Now go back to your Packet Capture App. It should tell you na may na capture na packets. Example, "54 captures". So press the PAUSE Button (Top Right Corner parin) then open the captured packets. Hanapin mo sa listahan ang pinaka una sa baba na packets captured from HTTP Request Shooter then press it. Ang first tab (1) jan any ang sent REQUEST and the second or succeeding tabs (2, ....) ay ang RESPONSE ng server. Ang REQUEST tab ay ang siya ring ginagawang PAYLOAD without the [crlf] commands kac nga hidden sila sa app na ito. Save the upstream through the menu button sa top right. Name it whatever you want but remember to put ".txt" (w/o "") always sa hulihan para maging text file siya.
- Now open the text file, then copy all.
- Then paste it sa HTTP INJECTOR sa may text field ng payload.
- Then add the command [crlf] after every line breaks and remove the line break. Remember na walang spaces dapat sa mga gilid ng [crlf]
- Example:
EFGH
The two lines above will become one line nalang as:
ABCD[crlf]EFGH
- After putting [crlf] for every line break, remember na the whole payload should end with two [crlf] commands. Optional na yung [raw][crlf][crlf]
- Then lastly, see to it na yung PROXY mo e kayang i visit yung web ng You do not have permission to view the full content of this post. Log in or register now.. Kasi minsan hindi mo talaga ma i-visit yung site na iyan sa ibang bansa kaya trial and error na kung maghahanap kayo ng proxies. Try nyo yung host checker sa http injector with the proxy para malaman nyo talaga kung kayang i-visit yung site. The status sa host checker should be anything but not 500, 501, 502, 503, and so on.