Skip to content

Home

Jump to bottom Edit New page
Roberto Salgado edited this page Sep 1, 2016 · 18 revisions

Credmap Wiki

Welcome to the credmap wiki! Here you will find information regarding the XML structure used to login into different websites. This information will provide you with all the necessary details required to create a login for a website of your choosing.

Site Template

The "site-template.xml" file which contains all possible tags that can be used in the XML file to perform a login on a website. A description of what each tag does can be found below.

<properties>
	<name value="" />
	<description value="" />
	<login_url value="" />
	<valid_password value="" />
	<valid_http_status value="" />
	<invalid_http_status value="" msg="" />
	<invalid_password value="" />
	<invalid_account value="" />
	<inactive_account value="" />
	<custom_search value="" regex="" />
	<captcha_flag value="" />
	<valid_response_header value="" type="" />
	<custom_response_header value="" msg="" />
	<headers value="" />
	<cookies value="" />
	<user_agent value="" />
	<username_or_email value="" />
	<email_exception value="" />
	<login_parameter value="" type="" />
	<password_parameter value="" type="" />
	<csrf_token_name value="" />
	<csrf_url value="" />
	<csrf_regex value="" />
	<csrf_setcookie value="" />
	<csrf_start value="" />
	<csrf_end value="" />
	<data value="" />
	<multiple_params value="">
	    <param value="" regex="" type="" />
	    <param value="" regex="" type="" />
	    <param value="" regex="" type="" />
	</multiple_params>
</properties>

Tags Description

Name

Set the name of the site to be tested. This name is displayed when using the --list arg.

Description

Set a description of the site to be tested. This information will be displayed via an arg in a future version.

Login_URL

Set the URL where the login request will be sent to.

Example

XML





<login_url value="http://www.example.com/login.php" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/bitbucket.org.xml#L4)*  
  
### Valid_Password
Set a string to be searched for in the login response when the supplied credentials are valid.

**Example**  
> **XML**  
> ```xml
<valid_password value="Sign Out" />





Reference




Valid_HTTP_Status


Set an HTTP status code via the "value" attribute to be matched in any HTTP response. If the specified status code is detected, the program will continue on as normal. Wildcards are accepted after the first digit in the status code.


Example




XML






<valid_http_status value="4**" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/soundcloud.com.xml#L5)*  
  

### Invalid_HTTP_Status
Set an HTTP status code via the "value" attribute to be matched in any HTTP response. If the specified status code is detected, the program will output "Credentials were incorrect.", unless a custom message is set via the "msg" attribute. Wildcards are accepted after the first digit in the status code.

**Example**  
> **XML**  
> ```xml
<invalid_http_status value="503" msg="All of the servers are busy right now." />





Reference




Invalid_Password


Set a string to be searched for in the login response when the supplied credentials are invalid.


Example




XML






<invalid_password value="Invalid username/email or password" />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/ebay.com.xml#L5)*  
    
### Invalid_Account
Set a string to be searched for in the login response when the supplied user account does not exist on the website.

**Example**  
> **XML**  
> ```xml
<invalid_account value="There is no user by the name" />





Reference




Inactive_Account


Set a string to be searched for in the login response when the supplied user account has been disabled or is not active on the website.


Example




XML






<inactive_account value="Your account is inactive." />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/pastebin.com.xml#L6)*  
  
### Custom_Search
Set a custom REGEX to be searched for in the login response. The "value" attribute is used to set the message that will be displayed on the console and the "regex" attribute to specify the REGEX pattern to match.

**Example**  
> **XML**  
> ```xml
<custom_search value="Temporary server internal error." regex="Internal\sError\.\sPlease\stry\sagain\slater\." />





Reference




Captcha_Flag


Set a string to be searched for in the login response when a captcha has been detected.


Example




XML






<captcha_flag value="Please fill out a captcha." />


> *[Reference](https://github.com/lightos/credmap/blob/master/websites/amazon.com.xml#L9)*  
  
### Valid_Response_Header
Set a string to be searched for in the headers, and cookies when a valid login is performed. The specified string to look for is set via the "value" attribute which can be a normal string or a REGEX pattern. The "type" attribute must be set to "regex" for REGEX matching.

**Examples**  
> **HTTP Response**  
> `Set-Cookie: session="zmj8otarj3rljdlq3n3p9i2ci1"; path=/; domain=.example.com`  

> **XML (Normal Search)**
```xml
> <valid_response_header value="session=" />





Reference






XML (REGEX search)






<valid_response_header value="session="[^"]+"" type="regex" />



> *[Reference](https://github.com/lightos/credmap/blob/master/websites/skype.com.xml#L8)*  
  
### Custom_Response_Header
Set a custom message to be displayed when a specified header is detected in the login response. The custom message is specified via the "msg" attribute and the header to look for is specified via the "value" attribute.

**Example**  
> **HTTP Response Header**  
> `Set-Cookie: USERSESSION=zmj8otarj3rljdlq3n3p9i2ci1; path=/; domain=.example.com`  

> __XML__  
> ```xml
<custom_response_header value="USERSESSION" msg="The provided user exists, but the password was incorrect!" />





Reference




Headers


Set additional headers to be sent with the login request. Each header should be separated by a newline "\n".


Example




HTTP Request Header






X-Requested-With: XMLHttpRequest;
Referer: https://example.com/log_in



> __XML__  
> ```xml
<headers value="X-Requested-With=XMLHttpRequest\nReferer=https://example.com/log_in" />





Reference




Cookies


Set additional cookies to be sent with the login request. Each cookie should be separated by an ampersand.


Example




HTTP Request Header

Cookies: locale=en_US; path=/; domain=.example.com






XML






```  



Reference




User_Agent


Specify a user-agent to be used only for the specific website.


Example




HTTP Request Header

Cookies: locale=en_US; path=/; domain=.example.com






XML






<user_agent value="Mozilla/4.0 (compatible; MSIE 4.0; Windows 98 )" />



### Username_Or_Email
Specify if the website uses a "username", "email" or "both" for login.

**Example**  
> __XML__  
> ```xml
<username_or_email value="both" />





Reference




Email_Exception


Generally the username is used in cases where a website requires a domain specific e-mail to login. However, the e-mail address can be used instead if the hostname matches the one specified under the "value" attribute of this tag. The "value" attribute uses REGEX for its matching.


In the following example, the e-mail "johndoe1@example.com" is used instead of the user "johndoe".


Example




Cmdline Args

--username johndoe --email johndoe1@example.com

XML






<email_exception value="@example."/>



> *[Reference](https://github.com/lightos/credmap/blob/master/websites/yahoo.com.xml#L11)*  

### Login_Parameter
Set the parameter in the HTTP POST login request where the specified username or email will be placed. This tag also accepts the "type" attribute which currently supports "JSON" in the event that the POST data is formatted as such.

**Examples**  
> __POST data__  
> `login=johndoe1@example.com&remember_me=0`  
> __XML__ (Normal Type)  
> ```xml
<login_parameter value="login"/>
<data value="login=&amp;remember_me=0"/>





Reference






POST data

{"username_or_email":"johndoe1@example.com","remember_me":"0"}

XML (JSON Type)






<login_parameter value="username_or_email" type="json" />




> *[Reference](https://github.com/lightos/credmap/blob/master/websites/pinterest.com.xml#L11)*  

### Password_Parameter
Set the parameter in the HTTP POST login request where the specified password will be placed. This tag also accepts the "type" attribute which currently supports "JSON" in the event that the POST data is formatted as such.

**Examples**  
> __POST data__  
> `password=abc123&remember_me=0`  
> __XML__ (Normal Type)  
> ```xml
<password_parameter value="password"/>
<data value="password=&amp;remember_me=0"/>





Reference






POST data

{"password":"abc123","remember_me":"0"}

XML (JSON Type)






<password_parameter value="password" type="json" />




> *[Reference](https://github.com/lightos/credmap/blob/master/websites/pinterest.com.xml#L12)*  


### Time_Parameter
Set the current time in the specified parameter. The time-format can be specified through the "type" attribute which currently supports "epoch" time.

**Example**  
> __POST data__  
> `time_stamp=1447948386&remember_me=0`  
> __XML__ (Epoch Type)  
> ```xml
<time_parameter value="time_stamp" type="epoch" />
<data value="time_stamp=&amp;remember_me=0"/>





Reference




CSRF_Token_Name


Set the name of the CSRF parameter if available for the token to be placed in the login request. This token will first be retrieved from the URL specified in the "csrf_url" tag and extracted using either the "csrf_regex", "csrf_setcookie", or "csrf_start" and "csrf_end" tags. The token can be placed in a POST data parameter, in a cookie or in a header.


Examples




POST data

authenticity_token=5b404f7b7f90dc67708635fc8dd34536&remember_me=0

XML






<csrf_token_name value="authenticity_token" />




> *[Reference](https://github.com/lightos/credmap/blob/master/websites/groupon.com.xml#L13)*  

> __HTTP Request Headers__  
> ```
Referer: https://example.com
X-CSRFToken: 5b404f7b7f90dc67708635fc8dd34536
X-Requested-With: XMLHttpRequest





XML






<csrf_token_name value="CSRFToken" />




> *[Reference](https://github.com/lightos/credmap/blob/master/websites/instagram.com.xml#L11)*  

### CSRF_URL
Set the URL where the CSRF Token should be fetched from.

**Example**  
> __XML__
> ```xml
<csrf_url value="https://example.com/login" />





Reference




CSRF_REGEX


Set a REGEX to match the CSRF token from the HTML response of the "CSRF_URL". The token must be grouped with (?P) or simply have it be the first matching group in the REGEX. Those who are not comfortable with REGEX can take a look at "CSRF_Start" and "CSRF_End" below as a replacement for "CSRF_REGEX".


Example




HTML Response





   
```  
> __XML__
> ```xml

```  



Reference




CSRF_SetCookie


Set a REGEX to match the CSRF token from a cookie set when requesting the "CSRF_URL". The token must be grouped with (?P) or simply have it be the first matching group in the REGEX.


Example




HTTP Response Header

Set-Cookie: CSRF_TOKEN=5b404f7b7f90dc67708635fc8dd34536; path=/; domain=.example.com






XML






<csrf_setcookie value="CSRF_TOKEN=(?P<token>.{32}" />



> *[Reference](https://github.com/lightos/credmap/blob/master/websites/pinterest.com.xml#L15)*  

### CSRF_Start / CSRF_End
Set a string to specify where the CSRF token begins and ends. 

**Example**  
> __HTML Response__
> ```html
<input type="hidden" name="csrf_token" value="5b404f7b7f90dc67708635fc8dd34536" />





XML






<csrf_start value="type="hidden" name="csrf_token" value="" />
<csrf_end value="" />" />



> *[Reference](https://github.com/lightos/credmap/blob/master/websites/github.com.xml#L12L13)*  

### Data
Set the parameters for a POST request. Leave the values for the username, password and CSRF parameters empty and they will be filled in automatically based on the specified values in the "login_parameter", "password_parameter", and "csrf_token_name" tags.

**Example**  
> __HTML Response__
> ```html
<form action="login.php" method="post">
    <input type="text" name="login" value="" />
    <input type="password" name="password" value="" />
    <input type="checkbox" name="remember_me" value="1" />
    <input type="hidden" name="csrf_token" value="5b404f7b7f90dc67708635fc8dd34536" />
    <input type="submit" value="Submit">
</form>





XML






```  



Reference




Multi_Params


Set multiple parameters to be sent along the login request. The "multi_param" tag uses the "value" attribute to specify a "URL" where to fetch the parameters to be sent with the login request. Each parameter is specified in it's own child tag "param" which can requires the attribute "value" and optionally "regex" and type".


By default, if only the "value" attribute is set, credmap will automatically look within HTML tags with name="value" and use the content of this tag's "value" attribute. If the "regex" attribute is specified, credmap will match the REGEX value specified and either grab the group named (?P) if available, otherwise it will use the first matching group.


The "type" attribute can be used to specify where in the HTTP Request this value should be replaced. By default, it replaces the parameters in the HTTP POST request, however "cookie" and "header" are also valid values for this attribute.


Example




HTML Response






    
    
    
    
    
    
    

```  



XML






<multiple_params value="http://example.com/login" />


</multiple_params>




> *[Reference](https://github.com/lightos/credmap/blob/master/websites/amazon.com.xml#L14-L26)*  



              


              

                
                   Add a custom footer
              

          



  
          

            

              

                
                   Add a custom sidebar
              


            
Clone this wiki locally