How to get xfToken?

Status
Not open for further replies.
I

iso47

New member
First of all, I know I may be posting in the wrong forum, this is because I just signed up for this account, but I don't have permission to post to the correct forum, please forgive me.


I'm a forum user and I'm trying to bring some convenience to forum members.

We hope that the forum signature can be modified by invoking curl by running a bash script in the terminal. I've pored over the POST request when modifying the signature and tried simulating it in curl, but I'm running into problems because I don't know how to get the xfToken.

I already have cookies and xf_csrf.

My question is:
How to get xfToken? Do I need to do some conversion locally? Since xfToken looks like some kind of hash, are they a hash of xf_csrf? If yes, how to generate this kind of hash?

If the xfToken comes from the server, what kind of request do I need to send to the server to get the xfToken back?

Keep in mind that I'm just a forum user, not a mod or admin, so I don't have any access to the API or add add-ons, all I want to do is simulate the browser's POST behavior.

Please help me, I am using curl in linux terminal, would be very grateful if you could provide an example.

thanks.
 
Last edited:
Sort by date Sort by votes
The content of the POST request is:

Code: 
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="signature_html"

<p>XXXYYYZZZ</p>
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfToken"

1647XXXX14,6b6921e2cdXXXXXXXXXXXdc31a941e1c
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfRequestUri"

/account/signature
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfWithData"

1
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfToken"

1647XXXX26,c90af8db56XXXXXXXXXXXaa9ebead16c
-----------------------------87854733XXXXXXXXXXX0312665307
Content-Disposition: form-data; name="_xfResponseType"

json
-----------------------------87854733XXXXXXXXXXX0312665307--

I am at a loss as to how to get xfToken.

It looks like time,hash, but this is definitely not sha1, I don't know how this is generated 1647XXXX26,c90af8db56XXXXXXXXXXXaa9ebead16c


I've tried to figure it out by reading the browser source code, but it's beyond my capabilities, I mean, I have absolutely no idea how those JS scripts work.
 
Last edited:
Upvote 0 Downvote
Support is only available to licensed customers.

You will need to add your forum user name to your customer account and then you can post in the relevant forum for support.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

A
How to get rid of Staff member section on members page
Replies
5
Views
69
Alvin63
A
S
  • Question Question
XF 2.2 Media gallery hidden image path, how to get a direct image url?
Replies
1
Views
21
Ricsca
Ricsca
Samorite
  • Question Question
XF 2.3 How to get my background image to run through the header and footer
Replies
2
Views
66
Samorite
Samorite
Basenotes
XF 2.3 How to get id of token when using tokeninputrow in form
Replies
3
Views
68
Basenotes
Basenotes
W
  • Question Question
XF 2.2 How to get a member stat to auto-fill a custom field?
Replies
0
Views
23
WRIST.pub
W
Back
Top Bottom