Comments (3)
Nice find. I've pushed a few changes that should fix this. Can you try again with the latest dev branch?
pip install --force-reinstall git+https://github.com/blacklanternsecurity/trevorspray@dev
from trevorspray.
Now getting a lot of this when spraying accounts:
[This operation is not allowed in the current authentication state.] (Response code 403)
Guessing this is working properly now and that's the throttling coming into play?
Also, the finished spraying line says this:
Finished spraying 54 users against https://{subdomain}.okta.com/api/v1/authn
Guessing it should be the actual subdomain inside those brackets? Is that just a small oversight or is it not actually taking the subdomain value when spraying?
Thanks for the quick turnaround!
from trevorspray.
Yes, it looks like you are being rate limited.
The actual requests do contain the subdomain; you can verify this with -v
.
from trevorspray.
Related Issues (20)
- delay/jitter don't seem to work on Okta module HOT 4
- Not Declared Variable. HOT 2
- Error when supplying --url to owa spray module (on-prem owa instances) HOT 2
- install issues HOT 2
- how to run trevorspray
- Endpoint uses POST request HOT 2
- 'Skipping'element HOT 2
- Error handling command line parameters HOT 1
- Feature request: allow specifying Okta domain HOT 1
- False positives maybe? HOT 1
- Error Code with Valid User HOT 1
- Error Socks5 HOT 2
- Incorrect trevorproxy dependency version HOT 1
- trevorspray is not running HOT 1
- Add Loot timeout
- error pipx install - seemed to fail to build package HOT 1
- Trevorspray User Enumeration Bug HOT 2
- Response Code 401 when spraying Okta with valid credentials
- Feature request: Duo Security AD FS login portal module HOT 1
- Proxythread Error (OWA) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trevorspray.