How to get xfToken?

Status
Not open for further replies.
I

iso47

New member
First of all, I know I may be posting in the wrong forum, this is because I just signed up for this account, but I don't have permission to post to the correct forum, please forgive me.


I'm a forum user and I'm trying to bring some convenience to forum members.

We hope that the forum signature can be modified by invoking curl by running a bash script in the terminal. I've pored over the POST request when modifying the signature and tried simulating it in curl, but I'm running into problems because I don't know how to get the xfToken.

I already have cookies and xf_csrf.

My question is:
How to get xfToken? Do I need to do some conversion locally? Since xfToken looks like some kind of hash, are they a hash of xf_csrf? If yes, how to generate this kind of hash?

If the xfToken comes from the server, what kind of request do I need to send to the server to get the xfToken back?

Keep in mind that I'm just a forum user, not a mod or admin, so I don't have any access to the API or add add-ons, all I want to do is simulate the browser's POST behavior.

Please help me, I am using curl in linux terminal, would be very grateful if you could provide an example.

thanks.
 
Last edited:
Sort by date Sort by votes
The content of the POST request is:

Code: 
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="signature_html"

<p>XXXYYYZZZ</p>
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfToken"

1647XXXX14,6b6921e2cdXXXXXXXXXXXdc31a941e1c
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfRequestUri"

/account/signature
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfWithData"

1
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfToken"

1647XXXX26,c90af8db56XXXXXXXXXXXaa9ebead16c
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfResponseType"

json
-----------------------------87854733XXXXXXXXXXX0312665307--

I am at a loss as to how to get xfToken.

It looks like time,hash, but this is definitely not sha1, I don't know how this is generated 1647XXXX26,c90af8db56XXXXXXXXXXXaa9ebead16c


I've tried to figure it out by reading the browser source code, but it's beyond my capabilities, I mean, I have absolutely no idea how those JS scripts work.
 
Last edited:
Upvote 0 Downvote
Support is only available to licensed customers.

You will need to add your forum user name to your customer account and then you can post in the relevant forum for support.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lutish
  • Question Question
XF 2.2 How to get XFRM description attachment file in add content page
Replies
2
Views
571
lutish
lutish
jromaine
  • Question Question
XF 2.2 How to get a total number of posts per user?
Replies
5
Views
366
cwe
cwe
S
  • Question Question
How to get a statistic from custom user fields?
Replies
3
Views
480
TPerry
TPerry
FoxSecrets
  • Question Question
XF 2.2 How to get rid of "Template is unknown" error
Replies
15
Views
943
FoxSecrets
FoxSecrets
CStrategies
  • Question Question
XF 2.1 How to get IPs of a specific user
Replies
2
Views
538
CStrategies
CStrategies
Top Bottom