i am having some trouble brute forcing a password on a website in https. this is the command that i'm using:
hydra -l email -P /path/rockyou.txt WEBSITE_IP http-post-form “_token=6UZ59LAb1LAKF4Z4sdKXGXBMiquzBWYK5tqG6Wwr&email=^USER^&password=^PASS^”
but every time i'm starting the process comes out an error message:
[ERROR] optional parameter must start with a '/' slash!
maybe I using some wrong parameters but i don't know how to proceed. i'm doing the test on a website in https to check the vulnerabilities and it's first time using hydra, so if you can also link a website where to learn hydra and other tool more it would be very helpful.
You just need to add slash '/' in your parameter. Use this command
hydra -l email -P /path/rockyou.txt WEBSITE_IP http-post-form
“/_token=6UZ59LAb1LAKF4Z4sdKXGXBMiquzBWYK5tqG6Wwr&email=^USER^&password=^PASS^”