From ec1961b580185a612c710630392532f5c854ddd9 Mon Sep 17 00:00:00 2001
From: Shihaam Abdul Rahman <shihaam@shihaam.me>
Date: Mon, 22 May 2023 18:19:03 +0500
Subject: [PATCH] example data

---
 refereapi.md | 146 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 146 insertions(+)
 create mode 100644 refereapi.md

diff --git a/refereapi.md b/refereapi.md
new file mode 100644
index 0000000..a20f5de
--- /dev/null
+++ b/refereapi.md
@@ -0,0 +1,146 @@
+
+
+# Request 1 - /webserver/token
+- request:
+```bash
+curl 'http://192.168.1.1/api/webserver/token' \
+  -H 'Accept: */*' \
+  -H 'Accept-Language: en-US,en' \
+  -H 'Connection: keep-alive' \
+  -H 'Cookie: SessionID=Cs0LUomy6A4rf2fcN0oLa3sYHEyw6MGbd5F6xZC0HUsXdF0zOcerUZdZ3fksRRLEpf8gnUEhHzClsr0paCjKaYaSamwkJwX7W4tAUxVKukkGQZ4Q0fFygbkknQ9MsIwa' \
+  -H 'Referer: http://192.168.1.1/html/home.html' \
+  -H 'Sec-GPC: 1' \
+  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
+  -H 'X-Requested-With: XMLHttpRequest' \
+  -H '_ResponseSource: Broswer' \
+  --compressed \
+  --insecure
+```
+- response:
+```xml
+<?xml version="1.0" encoding="UTF-8"?><response><token>7usoFzYsT0SDyVi9rUyNTr5ZBH0lw1zTL4J9WuCLB0QTM0A0mbivNZO1boz0z8D3</token></response>
+```
+
+# Request 3 - /user/challenge_login
+- request:
+```bash
+curl 'http://192.168.1.1/api/user/challenge_login' \
+  -H 'Accept: */*' \
+  -H 'Accept-Language: en-US,en' \
+  -H 'Connection: keep-alive' \
+  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
+  -H 'Cookie: SessionID=Cs0LUomy6A4rf2fcN0oLa3sYHEyw6MGbd5F6xZC0HUsXdF0zOcerUZdZ3fksRRLEpf8gnUEhHzClsr0paCjKaYaSamwkJwX7W4tAUxVKukkGQZ4Q0fFygbkknQ9MsIwa' \
+  -H 'Origin: http://192.168.1.1' \
+  -H 'Referer: http://192.168.1.1/html/home.html' \
+  -H 'Sec-GPC: 1' \
+  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
+  -H 'X-Requested-With: XMLHttpRequest' \
+  -H '_ResponseSource: Broswer' \
+  -H '__RequestVerificationToken: L4J9WuCLB0QTM0A0mbivNZO1boz0z8D3' \
+  --data-raw '<?xml version="1.0" encoding="UTF-8"?><request><username>admin</username><firstnonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de4417</firstnonce><mode>1</mode></request>' \
+  --compressed \
+  --insecure
+```
+- payload:
+```xml
+<?xml version="1.0" encoding="UTF-8"?><request><username>admin</username><firstnonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de4417</firstnonce><mode>1</mode></request>
+```
+- response:
+```xml
+<?xml version="1.0" encoding="UTF-8"?><response><iterations>100</iterations><servernonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de44179M0rKTb0c0BMElXpX3gYalymZmYf3UHZ</servernonce><modeselected>1</modeselected><salt>e887b38d6c96bdd9a4cd5e50c94afd09290cff8dca6a857eb77e593f93de8c1a</salt><newType>0</newType></response>
+```
+
+# Request 2 - /time/timeout
+- request:
+```bash
+curl 'http://192.168.1.1/api/time/timeout' \
+  -H 'Accept: */*' \
+  -H 'Accept-Language: en-US,en' \
+  -H 'Connection: keep-alive' \
+  -H 'Cookie: SessionID=Cs0LUomy6A4rf2fcN0oLa3sYHEyw6MGbd5F6xZC0HUsXdF0zOcerUZdZ3fksRRLEpf8gnUEhHzClsr0paCjKaYaSamwkJwX7W4tAUxVKukkGQZ4Q0fFygbkknQ9MsIwa' \
+  -H 'Referer: http://192.168.1.1/html/home.html' \
+  -H 'Sec-GPC: 1' \
+  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
+  -H 'X-Requested-With: XMLHttpRequest' \
+  -H '_ResponseSource: Broswer' \
+  --compressed \
+  --insecure
+```
+- response:
+```xml
+<?xml version="1.0" encoding="UTF-8"?><response><timeout>5</timeout></response>
+```
+
+# Request 3 - /user/authentication_login
+- request:
+```bash
+curl 'http://192.168.1.1/api/user/authentication_login' \
+  -H 'Accept: */*' \
+  -H 'Accept-Language: en-US,en' \
+  -H 'Connection: keep-alive' \
+  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
+  -H 'Cookie: SessionID=Cs0LUomy6A4rf2fcN0oLa3sYHEyw6MGbd5F6xZC0HUsXdF0zOcerUZdZ3fksRRLEpf8gnUEhHzClsr0paCjKaYaSamwkJwX7W4tAUxVKukkGQZ4Q0fFygbkknQ9MsIwa' \
+  -H 'Origin: http://192.168.1.1' \
+  -H 'Referer: http://192.168.1.1/html/home.html' \
+  -H 'Sec-GPC: 1' \
+  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
+  -H 'X-Requested-With: XMLHttpRequest' \
+  -H '_ResponseSource: Broswer' \
+  -H '__RequestVerificationToken: 7gMDssgEmFJrA0CrPvudLIdlwOK061Gf' \
+  --data-raw '<?xml version="1.0" encoding="UTF-8"?><request><clientproof>a35c26ecc35708fdbfd2b51c11344aa945e7b0542906c4f1b25edc607d05c4c7</clientproof><finalnonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de44179M0rKTb0c0BMElXpX3gYalymZmYf3UHZ</finalnonce></request>' \
+  --compressed \
+  --insecure
+```
+- payload:
+```xml
+<?xml version="1.0" encoding="UTF-8"?><request><clientproof>a35c26ecc35708fdbfd2b51c11344aa945e7b0542906c4f1b25edc607d05c4c7</clientproof><finalnonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de44179M0rKTb0c0BMElXpX3gYalymZmYf3UHZ</finalnonce></request>
+```
+- response:
+```xml
+<?xml version="1.0" encoding="UTF-8"?><response><rsan>b0fa5c08b6e4e660311ef7031371c360881e16dc869f210c35b8d7d3faad532bc59c6592582971cef11582810592b179dc2146c202244a05c19b52d9e1d4206a7257d7b0c7699d369ccc0933ca8a79413244d74f5e8ecc3ecca256b4eec55c4cf4a4826bbc8d2168d2d884088e11597498263d66be785c861618add86ee9a8ae7e4b717b0f332696436026d66a1f6c516a142344fc9973de0930a141fc1f8be2b7c8c09ac7166b18989795de6585352fcb6429fee8b654e623b21c2cfe2ca46026c3a73964ff2cb28f9ccdd255bc81cd047279771444ac7e8630e4b9b43fff8c6b88424838e0022ddea776be08410b1b154d2a70f006820a539674f0e5231ea3</rsan><rsae>010001</rsae><serversignature>fac00d46ddce565a5f8fc2b925070dedd4c84c98d7f9ecdcb97a105e90a9c21a</serversignature><rsapubkeysignature>327e0f2e4c7572007c5da86e7491477c2945a2233d82fc8cc808808a58d7e622</rsapubkeysignature></response>
+```
+
+# Request 3 - /user/state-login
+- request:
+```bash
+curl 'http://192.168.1.1/api/user/state-login' \
+  -H 'Accept: */*' \
+  -H 'Accept-Language: en-US,en' \
+  -H 'Connection: keep-alive' \
+  -H 'Cookie: SessionID=f6Nja9NzWyK4LY4Yr80eI9FFAjPZuc0dUy0bdkOalo7fhOtspjkMCndE94KlcdM3iYSTxIgOFqDS3ZZL0P06S4Hjr8HmTiq6yuUKgTzAarIUqzujpOCl6BAs4yNLnSNd' \
+  -H 'Referer: http://192.168.1.1/html/home.html' \
+  -H 'Sec-GPC: 1' \
+  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
+  -H 'X-Requested-With: XMLHttpRequest' \
+  -H '_ResponseSource: Broswer' \
+  --compressed \
+  --insecure
+```
+
+- response:
+```xml
+<?xml version="1.0" encoding="UTF-8"?><response><userlevel>2</userlevel><firstlogin>1</firstlogin><Username>admin</Username><rsapadingtype>1</rsapadingtype><extern_password_type>1</extern_password_type><State>0</State><password_type>4</password_type><history_login_flag>0</history_login_flag><wifipwdsamewithwebpwd>0</wifipwdsamewithwebpwd></response>
+```
+
+# Request 4 - /time/timeout
+- request:
+```bash
+curl 'http://192.168.1.1/api/time/timeout' \
+  -H 'Accept: */*' \
+  -H 'Accept-Language: en-US,en' \
+  -H 'Connection: keep-alive' \
+  -H 'Cookie: SessionID=f6Nja9NzWyK4LY4Yr80eI9FFAjPZuc0dUy0bdkOalo7fhOtspjkMCndE94KlcdM3iYSTxIgOFqDS3ZZL0P06S4Hjr8HmTiq6yuUKgTzAarIUqzujpOCl6BAs4yNLnSNd' \
+  -H 'Referer: http://192.168.1.1/html/home.html' \
+  -H 'Sec-GPC: 1' \
+  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
+  -H 'X-Requested-With: XMLHttpRequest' \
+  -H '_ResponseSource: Broswer' \
+  --compressed \
+  --insecure
+```
+- response:
+```xml
+<?xml version="1.0" encoding="UTF-8"?><response><timeout>5</timeout></response>
+```
+
+