'Reverse Engineering Web Request

I'm trying to automate authentication to a network device, but can't figure out what this payload is. It's definitely form data, but unsure what this is encoded as.

CSRFtoken=e3e53f9ce3ae02047584cdf2f07b725d6d9d0a54c771cea9ab2b79cbcfb30909&I=vendor&A=a4ebd3b0c999f6dc4b4b7407b8f8a22f808983e5c311fc5f8f8700bcf922e436924445d99409b283d2e4a8713c541ff84d9f497472087d6edea62d9b34e8414fe1a96497d6b3f79503384b258a90203b86bf0312ee5439684fa763xd1ff8c8950e15c6718248590e8111ca81ffb9ace56c978dee3623f7acaaf3db6a90bd2f5c2eb0b0b88bf8c3b59655aba52caf20e6c34bc8aa6f745643486feabd22d20fcc18d61de5004d86a26acb44bd042ed1ba9573aa63a62d19942587fbbf14924cef0d7edcfd7c469dc15d5b7aee8a95077160c3f089707ea508e4d020ffb35c9b631d5ad4d3868434f5a535fc3afd0df7eae3579d73fd67f99169f44556a0921277

CSRFtoken=e3e53f9ce3ae02047584cdf2f07b725d6d9d0a54c771cea9ab2b79cbcfb30909
I=vendor
A=a4ebd3b0c999f6dc4b4b7407b8f8a22f808983e5c311fc5f8f8700bcf922e436924445d99409b283d2e4a8713c541ff84d9f497472087d6edea62d9b34e8414fe1a96497d6b3f79503384b258a90203b86bf0312ee5439684fa763xd1ff8c8950e15c6718248590e8111ca81ffb9ace56c978dee3623f7acaaf3db6a90bd2f5c2eb0b0b88bf8c3b59655aba52caf20e6c34bc8aa6f745643486feabd22d20fcc18d61de5004d86a26acb44bd042ed1ba9573aa63a62d19942587fbbf14924cef0d7edcfd7c469dc15d5b7aee8a95077160c3f089707ea508e4d020ffb35c9b631d5ad4d3868434f5a535fc3afd0df7eae3579d73fd67f99169f44556a0921277

I've changed the strings a little, in case it contains a password once decoded.

It's an NGINX web server, if that helps.

nginxreverse-engineering


Solution 1:[1]

CSRFtoken is a 32 bit hexadecimal string, A is 256 bits. Most likely one-way cryptographic hashes that can cannot be decoded, generally used to validate requests sent with form data.

console.log('CSRFtoken\n', hexToString('e3e53f9ce3ae02047584cdf2f07b725d6d9d0a54c771cea9ab2b79cbcfb30909'))
console.log('A\n',         hexToString('a4ebd3b0c999f6dc4b4b7407b8f8a22f808983e5c311fc5f8f8700bcf922e436924445d99409b283d2e4a8713c541ff84d9f497472087d6edea62d9b34e8414fe1a96497d6b3f79503384b258a90203b86bf0312ee5439684fa763xd1ff8c8950e15c6718248590e8111ca81ffb9ace56c978dee3623f7acaaf3db6a90bd2f5c2eb0b0b88bf8c3b59655aba52caf20e6c34bc8aa6f745643486feabd22d20fcc18d61de5004d86a26acb44bd042ed1ba9573aa63a62d19942587fbbf14924cef0d7edcfd7c469dc15d5b7aee8a95077160c3f089707ea508e4d020ffb35c9b631d5ad4d3868434f5a535fc3afd0df7eae3579d73fd67f99169f44556a0921277'))

function hexToString(s) {
  const bytes = new Uint8Array(s.length/2)
  for (let i=0; i < s.length; i+=2) {
    bytes[i/2] = parseInt(s.substring(i, i+2), 16) // hex to int
  }
  return new TextDecoder().decode(bytes)           // int to text
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Nginx getting the event "ngx_master_****" was not signaled for 5s

Valid characters in nginx upstream name

Nginx proxy_pass with $remote_addr

Nginx the event was not signaled for 5s

how to serve static files through nginx and django in windows

The Streamlit app stops with "Please wait... " and then stops

The Streamlit app stops with "Please wait... " and then stops

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Locate the nginx.conf file my nginx is actually using

Angular SPA with Custom --base-href and Nginx Routing

What does "trust proxy" actually do in express.js, and do I need to use it?

Nginx ingress controller not giving metrics for prometheus

(13: Permission denied) while connecting to upstream:[nginx]

Ubuntu Nginx/Laravel 500 Internal Server Error