[Help] Authentication Login in executable

[teehist]

I have a theory in mind but do not know if this is possible today, we assume has a program that requires authentication from an online site (Login) if the User exists and has vip days, the action from behind the executable (form, main) appears after giving the Login form.

 

 There are possibilities for type an illusion, bypassing the system making him think that the User has vip (premium) and accept the program (executable)...

 

I hope you understand.

 

Usually people speak it in Fiddler is possible, but I have no idea how.

 

I think normally it checks the type of User that it is in the forum (group), does anyone have any idea how?

 

I'm not asking tutorial, the more you post would be helpful. but am wondering any idea, any program that is able to do this and how really call this function that can do what im quoting.

 

[atom0s]

This depends on how the program is coded. If the program expects code to be streamed back from the server then bypassing it like this wont work since you wont have the valid code needed for the program to run. (Unless you have the expected code and can fake the return with it etc.)

Typically programs like this are setup with php scripts running on the server. It usually goes something like this:

1. The user starts the program.

2. The user enters their name and password into a form and click login.

3. The application sends the data to a php script on a remote server, such as: derp.com/login.php?u=TheEnteredUsername&p=TheEnteredPassword

4. The server will send a response if the login was valid or not. The response is what you are mostly interested in. This is where you would be altering the data coming back to the client to fake the valid status and allow the application to work.

Another method to do this is to alter your systems HOSTS file and force the website to connect to your own local web server. Have the expected script force return the valid value to log into the application etc.