How to get xfToken?

Status
Not open for further replies.

iso47

New member
First of all, I know I may be posting in the wrong forum, this is because I just signed up for this account, but I don't have permission to post to the correct forum, please forgive me.


I'm a forum user and I'm trying to bring some convenience to forum members.

We hope that the forum signature can be modified by invoking curl by running a bash script in the terminal. I've pored over the POST request when modifying the signature and tried simulating it in curl, but I'm running into problems because I don't know how to get the xfToken.

I already have cookies and xf_csrf.

My question is:
How to get xfToken? Do I need to do some conversion locally? Since xfToken looks like some kind of hash, are they a hash of xf_csrf? If yes, how to generate this kind of hash?

If the xfToken comes from the server, what kind of request do I need to send to the server to get the xfToken back?

Keep in mind that I'm just a forum user, not a mod or admin, so I don't have any access to the API or add add-ons, all I want to do is simulate the browser's POST behavior.

Please help me, I am using curl in linux terminal, would be very grateful if you could provide an example.

thanks.
 
Last edited:
The content of the POST request is:

Code:
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="signature_html"

<p>XXXYYYZZZ</p>
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfToken"

1647XXXX14,6b6921e2cdXXXXXXXXXXXdc31a941e1c
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfRequestUri"

/account/signature
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfWithData"

1
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfToken"

1647XXXX26,c90af8db56XXXXXXXXXXXaa9ebead16c
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfResponseType"

json
-----------------------------87854733XXXXXXXXXXX0312665307--

I am at a loss as to how to get xfToken.

It looks like time,hash, but this is definitely not sha1, I don't know how this is generated 1647XXXX26,c90af8db56XXXXXXXXXXXaa9ebead16c


I've tried to figure it out by reading the browser source code, but it's beyond my capabilities, I mean, I have absolutely no idea how those JS scripts work.
 
Last edited:
Support is only available to licensed customers.

You will need to add your forum user name to your customer account and then you can post in the relevant forum for support.
 
Status
Not open for further replies.
Back
Top Bottom