-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hydra hangs with user provided HTTP header [2] #564
Comments
I just updated hydra from 9.0 to 9.1 and use the same command to try passwords for my app, in the 9.1 version hangs, this could be related to what @yelsanya is issuing |
@yelsanya please make the effort to write a clear issue report. @Memogcia same for you, without any information ... how should that help? full command lines and what exactly is not working, etc. |
@vanhauser-thc after running command below hydra can't process a single request (as you can see from the first screenshot it didn't finish in 3 minutes, while the same command without providing a header on the second pane finished in 1 second. I left it running for 30+ minutes, no changes): The difference with the second screenshot is that I changed ":" to ":" in the header part since in the manual page it is written in that way (I know that both should work). I downgraded to v9.0 and the exact same command works perfectly fine. |
thank you that helps. can you now please add the "-d" switch to both 9.0 and 9.1 commands and send the debug output? |
I can't compile Hydra 9.0, I am on Kali Linux, installed the optional packages but it returns me an error, I think I will need to purge Hydra in order to compile and install it
|
@Memogcia I am also kali so no :)
|
Yeah, I can compile the last version, so I did what you told me, here is an output with the most recent changes in master kali@kali:~/Documents/thc-hydra$ ./hydra -l admin -t 2 -w 3 -V -d -f -P ../Dictionaries/rockyou_cleaned.txt mydomain.com https-post-form "/login:csrf_token_name=${CSRF}&login_username=^USER^&login_password=^PASS^&login_submit=Log+in%21:S=moved:H=Content-Type: application/x-www-form-urlencoded:H=Cookie: csrf_cookie_name=${CSRF}; PHPSESSID=${SESSIONID}" [WARNING] the waittime you set is low, this can result in errornous results Edit: When I want to compile Hydra 9.0:
And It shows me the error that I commented #564 (comment) |
I think I can clear up a bit how to reproduce this bug as I am currently experiencing it as well. Providing any headers for hydra causes it to hang and not send any requests. So for example running the command below results in hydra working as expected: Whereas the next command would cause hydra not to send any outgoing traffic to the web server and appear to get stuck in a loop: The problem seems to be introduced only in Debug for
|
@RaduNico thank you, that was a very good analysis! |
@vanhauser-thc I can confirm that It works with the Hydra v9.2-dev version. It doesn't hang anymore and continues with the next attempts, I will explain better my uses cases in the future. Thanks both @RaduNico @vanhauser-thc EDIT: also I used the debug flag and It shows the debug like in the v9.0 that @RaduNico showed above |
P.S. Sorry for opening new issue wasn't sure whether closed issue will be checked
The text was updated successfully, but these errors were encountered: