Regexp for complex password

Sajid · ‎03-Oct-2019

Hi Guys,

Need help for below regexp,

when HTTP_REQUEST_DATA {

set payload [URI::decode [HTTP::payload]]

regexp {^.*txtURL=([^&]+).*$} $payload -> gotURL

regexp {^.*username=([^&]+).*$} $payload -> username

regexp {^.*password=([^&]+).*$} $payload -> password

HTTP::release

}

works for simpel password, but facing issue with password having following characters

$,&, % etc.

sample string

--- <HTTP_REQUEST_DATA>: Payload is = username=apptest&password=1234&1abc&txtURL=https://trng.example.com:443/ssoman/c/SSA

Regards,

Sajid

corrado · ‎16-Oct-2019

This might work if there is always a field starting with &, like &txtURL, after the "password=" filed.

I asslumed that since you use a regex that excludes character & , but as you said passwords containing character '&' will not be matched while using this regex you will always have "&" as a character after the password so everything but last & will match.

^.*password=(\K.*)&

Sajid · ‎16-Oct-2019

Hi Corrado,

Thanks for your response.

Got this error,

warning: ["\K" has no meaning. Did you mean "\\K" or "K"?][{^.*password=(\K.*)&}]

Regards,

Sajid

DevCentral

Regexp for complex password

MFA required on DevCentral