Roberto Salgado edited this page Sep 1, 2016 · 18 revisions

Credmap Wiki

Welcome to the credmap wiki! Here you will find information regarding the XML structure used to login into different websites. This information will provide you with all the necessary details required to create a login for a website of your choosing.

Site Template

The "site-template.xml" file which contains all possible tags that can be used in the XML file to perform a login on a website. A description of what each tag does can be found below.

<properties>
	<name value="" />
	<description value="" />
	<login_url value="" />
	<valid_password value="" />
	<valid_http_status value="" />
	<invalid_http_status value="" msg="" />
	<invalid_password value="" />
	<invalid_account value="" />
	<inactive_account value="" />
	<custom_search value="" regex="" />
	<captcha_flag value="" />
	<valid_response_header value="" type="" />
	<custom_response_header value="" msg="" />
	<headers value="" />
	<cookies value="" />
	<user_agent value="" />
	<username_or_email value="" />
	<email_exception value="" />
	<login_parameter value="" type="" />
	<password_parameter value="" type="" />
	<csrf_token_name value="" />
	<csrf_url value="" />
	<csrf_regex value="" />
	<csrf_setcookie value="" />
	<csrf_start value="" />
	<csrf_end value="" />
	<data value="" />
	<multiple_params value="">
	    <param value="" regex="" type="" />
	    <param value="" regex="" type="" />
	    <param value="" regex="" type="" />
	</multiple_params>
</properties>

Tags Description

Name

Set the name of the site to be tested. This name is displayed when using the --list arg.

Description

Set a description of the site to be tested. This information will be displayed via an arg in a future version.

Login_URL

Set the URL where the login request will be sent to.

Example

XML

<login_url value="http://www.example.com/login.php" />

> *[Reference](https://github.com/lightos/credmap/blob/master/websites/bitbucket.org.xml#L4)*  
  
### Valid_Password
Set a string to be searched for in the login response when the supplied credentials are valid.

**Example**  
> **XML**  
> ```xml
<valid_password value="Sign Out" />

Reference

Valid_HTTP_Status

Set an HTTP status code via the "value" attribute to be matched in any HTTP response. If the specified status code is detected, the program will continue on as normal. Wildcards are accepted after the first digit in the status code.

Example

XML

<valid_http_status value="4**" />

> *[Reference](https://github.com/lightos/credmap/blob/master/websites/soundcloud.com.xml#L5)*  
  

### Invalid_HTTP_Status
Set an HTTP status code via the "value" attribute to be matched in any HTTP response. If the specified status code is detected, the program will output "Credentials were incorrect.", unless a custom message is set via the "msg" attribute. Wildcards are accepted after the first digit in the status code.

**Example**  
> **XML**  
> ```xml
<invalid_http_status value="503" msg="All of the servers are busy right now." />

Reference

Invalid_Password

Set a string to be searched for in the login response when the supplied credentials are invalid.

Example

XML

<invalid_password value="Invalid username/email or password" />

> *[Reference](https://github.com/lightos/credmap/blob/master/websites/ebay.com.xml#L5)*  
    
### Invalid_Account
Set a string to be searched for in the login response when the supplied user account does not exist on the website.

**Example**  
> **XML**  
> ```xml
<invalid_account value="There is no user by the name" />

Reference

Inactive_Account

Set a string to be searched for in the login response when the supplied user account has been disabled or is not active on the website.

Example

XML

<inactive_account value="Your account is inactive." />

> *[Reference](https://github.com/lightos/credmap/blob/master/websites/pastebin.com.xml#L6)*  
  
### Custom_Search
Set a custom REGEX to be searched for in the login response. The "value" attribute is used to set the message that will be displayed on the console and the "regex" attribute to specify the REGEX pattern to match.

**Example**  
> **XML**  
> ```xml
<custom_search value="Temporary server internal error." regex="Internal\sError\.\sPlease\stry\sagain\slater\." />

Reference

Captcha_Flag

Set a string to be searched for in the login response when a captcha has been detected.

Example

XML

<captcha_flag value="Please fill out a captcha." />

> *[Reference](https://github.com/lightos/credmap/blob/master/websites/amazon.com.xml#L9)*  
  
### Valid_Response_Header
Set a string to be searched for in the headers, and cookies when a valid login is performed. The specified string to look for is set via the "value" attribute which can be a normal string or a REGEX pattern. The "type" attribute must be set to "regex" for REGEX matching.

**Examples**  
> **HTTP Response**  
> `Set-Cookie: session="zmj8otarj3rljdlq3n3p9i2ci1"; path=/; domain=.example.com`  

> **XML (Normal Search)**
```xml
> <valid_response_header value="session=" />

Reference

XML (REGEX search)

<valid_response_header value="session="[^"]+"" type="regex" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/skype.com.xml#L8)*  
  
### Custom_Response_Header
Set a custom message to be displayed when a specified header is detected in the login response. The custom message is specified via the "msg" attribute and the header to look for is specified via the "value" attribute.

**Example**  
> **HTTP Response Header**  
> `Set-Cookie: USERSESSION=zmj8otarj3rljdlq3n3p9i2ci1; path=/; domain=.example.com`  

> __XML__  
> ```xml
<custom_response_header value="USERSESSION" msg="The provided user exists, but the password was incorrect!" />

Reference

Headers

Set additional headers to be sent with the login request. Each header should be separated by a newline "\n".

Example

HTTP Request Header

X-Requested-With: XMLHttpRequest; Referer: https://example.com/log_in


> __XML__  
> ```xml
<headers value="X-Requested-With=XMLHttpRequest\nReferer=https://example.com/log_in" />

Reference

Cookies

Set additional cookies to be sent with the login request. Each cookie should be separated by an ampersand.

Example

HTTP Request Header
Cookies: locale=en_US; path=/; domain=.example.com

XML

```

Reference

User_Agent

Specify a user-agent to be used only for the specific website.

Example

HTTP Request Header
Cookies: locale=en_US; path=/; domain=.example.com

XML

<user_agent value="Mozilla/4.0 (compatible; MSIE 4.0; Windows 98 )" />


### Username_Or_Email
Specify if the website uses a "username", "email" or "both" for login.

**Example**  
> __XML__  
> ```xml
<username_or_email value="both" />

Reference

Email_Exception

Generally the username is used in cases where a website requires a domain specific e-mail to login. However, the e-mail address can be used instead if the hostname matches the one specified under the "value" attribute of this tag. The "value" attribute uses REGEX for its matching.

In the following example, the e-mail "johndoe1@example.com" is used instead of the user "johndoe".

Example

Cmdline Args
--username johndoe --email johndoe1@example.com
XML

<email_exception value="@example."/>


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/yahoo.com.xml#L11)*  

### Login_Parameter
Set the parameter in the HTTP POST login request where the specified username or email will be placed. This tag also accepts the "type" attribute which currently supports "JSON" in the event that the POST data is formatted as such.

**Examples**  
> __POST data__  
> `login=johndoe1@example.com&remember_me=0`  
> __XML__ (Normal Type)  
> ```xml
<login_parameter value="login"/>
<data value="login=&amp;remember_me=0"/>

Reference

POST data
{"username_or_email":"johndoe1@example.com","remember_me":"0"}
XML (JSON Type)

<login_parameter value="username_or_email" type="json" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/pinterest.com.xml#L11)*  

### Password_Parameter
Set the parameter in the HTTP POST login request where the specified password will be placed. This tag also accepts the "type" attribute which currently supports "JSON" in the event that the POST data is formatted as such.

**Examples**  
> __POST data__  
> `password=abc123&remember_me=0`  
> __XML__ (Normal Type)  
> ```xml
<password_parameter value="password"/>
<data value="password=&amp;remember_me=0"/>

Reference

POST data
{"password":"abc123","remember_me":"0"}
XML (JSON Type)

<password_parameter value="password" type="json" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/pinterest.com.xml#L12)*  


### Time_Parameter
Set the current time in the specified parameter. The time-format can be specified through the "type" attribute which currently supports "epoch" time.

**Example**  
> __POST data__  
> `time_stamp=1447948386&remember_me=0`  
> __XML__ (Epoch Type)  
> ```xml
<time_parameter value="time_stamp" type="epoch" />
<data value="time_stamp=&amp;remember_me=0"/>

Reference

CSRF_Token_Name

Set the name of the CSRF parameter if available for the token to be placed in the login request. This token will first be retrieved from the URL specified in the "csrf_url" tag and extracted using either the "csrf_regex", "csrf_setcookie", or "csrf_start" and "csrf_end" tags. The token can be placed in a POST data parameter, in a cookie or in a header.

Examples

POST data
authenticity_token=5b404f7b7f90dc67708635fc8dd34536&remember_me=0
XML

<csrf_token_name value="authenticity_token" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/groupon.com.xml#L13)*  

> __HTTP Request Headers__  
> ```
Referer: https://example.com
X-CSRFToken: 5b404f7b7f90dc67708635fc8dd34536
X-Requested-With: XMLHttpRequest

XML

<csrf_token_name value="CSRFToken" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/instagram.com.xml#L11)*  

### CSRF_URL
Set the URL where the CSRF Token should be fetched from.

**Example**  
> __XML__
> ```xml
<csrf_url value="https://example.com/login" />

Reference

CSRF_REGEX

Set a REGEX to match the CSRF token from the HTML response of the "CSRF_URL". The token must be grouped with (?P) or simply have it be the first matching group in the REGEX. Those who are not comfortable with REGEX can take a look at "CSRF_Start" and "CSRF_End" below as a replacement for "CSRF_REGEX".

Example

HTML Response

``` > __XML__ > ```xml ```

Reference

CSRF_SetCookie

Set a REGEX to match the CSRF token from a cookie set when requesting the "CSRF_URL". The token must be grouped with (?P) or simply have it be the first matching group in the REGEX.

Example

HTTP Response Header
Set-Cookie: CSRF_TOKEN=5b404f7b7f90dc67708635fc8dd34536; path=/; domain=.example.com

XML

<csrf_setcookie value="CSRF_TOKEN=(?P<token>.{32}" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/pinterest.com.xml#L15)*  

### CSRF_Start / CSRF_End
Set a string to specify where the CSRF token begins and ends. 

**Example**  
> __HTML Response__
> ```html
<input type="hidden" name="csrf_token" value="5b404f7b7f90dc67708635fc8dd34536" />

XML

<csrf_start value="type="hidden" name="csrf_token" value="" /> <csrf_end value="" />" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/github.com.xml#L12L13)*  

### Data
Set the parameters for a POST request. Leave the values for the username, password and CSRF parameters empty and they will be filled in automatically based on the specified values in the "login_parameter", "password_parameter", and "csrf_token_name" tags.

**Example**  
> __HTML Response__
> ```html
<form action="login.php" method="post">
    <input type="text" name="login" value="" />
    <input type="password" name="password" value="" />
    <input type="checkbox" name="remember_me" value="1" />
    <input type="hidden" name="csrf_token" value="5b404f7b7f90dc67708635fc8dd34536" />
    <input type="submit" value="Submit">
</form>

XML

```

Reference

Multi_Params

Set multiple parameters to be sent along the login request. The "multi_param" tag uses the "value" attribute to specify a "URL" where to fetch the parameters to be sent with the login request. Each parameter is specified in it's own child tag "param" which can requires the attribute "value" and optionally "regex" and type".

By default, if only the "value" attribute is set, credmap will automatically look within HTML tags with name="value" and use the content of this tag's "value" attribute. If the "regex" attribute is specified, credmap will match the REGEX value specified and either grab the group named (?P) if available, otherwise it will use the first matching group.

The "type" attribute can be used to specify where in the HTTP Request this value should be replaced. By default, it replaces the parameters in the HTTP POST request, however "cookie" and "header" are also valid values for this attribute.

Example

HTML Response

```

XML

<multiple_params value="http://example.com/login" /> </multiple_params>


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/amazon.com.xml#L14-L26)*  
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.