# Request 1 - /webserver/token
- request:
```bash
curl 'http://192.168.1.1/api/webserver/token' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en' \
  -H 'Connection: keep-alive' \
  -H 'Cookie: SessionID=Cs0LUomy6A4rf2fcN0oLa3sYHEyw6MGbd5F6xZC0HUsXdF0zOcerUZdZ3fksRRLEpf8gnUEhHzClsr0paCjKaYaSamwkJwX7W4tAUxVKukkGQZ4Q0fFygbkknQ9MsIwa' \
  -H 'Referer: http://192.168.1.1/html/home.html' \
  -H 'Sec-GPC: 1' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H '_ResponseSource: Broswer' \
  --compressed \
  --insecure
```
- response:
```xml
<?xml version="1.0" encoding="UTF-8"?><response><token>7usoFzYsT0SDyVi9rUyNTr5ZBH0lw1zTL4J9WuCLB0QTM0A0mbivNZO1boz0z8D3</token></response>
```

# Request 2 - /user/challenge_login
- request:
```bash
curl 'http://192.168.1.1/api/user/challenge_login' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'Cookie: SessionID=Cs0LUomy6A4rf2fcN0oLa3sYHEyw6MGbd5F6xZC0HUsXdF0zOcerUZdZ3fksRRLEpf8gnUEhHzClsr0paCjKaYaSamwkJwX7W4tAUxVKukkGQZ4Q0fFygbkknQ9MsIwa' \
  -H 'Origin: http://192.168.1.1' \
  -H 'Referer: http://192.168.1.1/html/home.html' \
  -H 'Sec-GPC: 1' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H '_ResponseSource: Broswer' \
  -H '__RequestVerificationToken: L4J9WuCLB0QTM0A0mbivNZO1boz0z8D3' \
  --data-raw '<?xml version="1.0" encoding="UTF-8"?><request><username>admin</username><firstnonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de4417</firstnonce><mode>1</mode></request>' \
  --compressed \
  --insecure
```
- payload:
```xml
<?xml version="1.0" encoding="UTF-8"?><request><username>admin</username><firstnonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de4417</firstnonce><mode>1</mode></request>
```
- response:
```xml
<?xml version="1.0" encoding="UTF-8"?><response><iterations>100</iterations><servernonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de44179M0rKTb0c0BMElXpX3gYalymZmYf3UHZ</servernonce><modeselected>1</modeselected><salt>e887b38d6c96bdd9a4cd5e50c94afd09290cff8dca6a857eb77e593f93de8c1a</salt><newType>0</newType></response>
```

# Request 3 - /time/timeout
- request:
```bash
curl 'http://192.168.1.1/api/time/timeout' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en' \
  -H 'Connection: keep-alive' \
  -H 'Cookie: SessionID=Cs0LUomy6A4rf2fcN0oLa3sYHEyw6MGbd5F6xZC0HUsXdF0zOcerUZdZ3fksRRLEpf8gnUEhHzClsr0paCjKaYaSamwkJwX7W4tAUxVKukkGQZ4Q0fFygbkknQ9MsIwa' \
  -H 'Referer: http://192.168.1.1/html/home.html' \
  -H 'Sec-GPC: 1' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H '_ResponseSource: Broswer' \
  --compressed \
  --insecure
```
- response:
```xml
<?xml version="1.0" encoding="UTF-8"?><response><timeout>5</timeout></response>
```

# Request 4 - /user/authentication_login
- request:
```bash
curl 'http://192.168.1.1/api/user/authentication_login' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'Cookie: SessionID=Cs0LUomy6A4rf2fcN0oLa3sYHEyw6MGbd5F6xZC0HUsXdF0zOcerUZdZ3fksRRLEpf8gnUEhHzClsr0paCjKaYaSamwkJwX7W4tAUxVKukkGQZ4Q0fFygbkknQ9MsIwa' \
  -H 'Origin: http://192.168.1.1' \
  -H 'Referer: http://192.168.1.1/html/home.html' \
  -H 'Sec-GPC: 1' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H '_ResponseSource: Broswer' \
  -H '__RequestVerificationToken: 7gMDssgEmFJrA0CrPvudLIdlwOK061Gf' \
  --data-raw '<?xml version="1.0" encoding="UTF-8"?><request><clientproof>a35c26ecc35708fdbfd2b51c11344aa945e7b0542906c4f1b25edc607d05c4c7</clientproof><finalnonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de44179M0rKTb0c0BMElXpX3gYalymZmYf3UHZ</finalnonce></request>' \
  --compressed \
  --insecure
```
- payload:
```xml
<?xml version="1.0" encoding="UTF-8"?><request><clientproof>a35c26ecc35708fdbfd2b51c11344aa945e7b0542906c4f1b25edc607d05c4c7</clientproof><finalnonce>c6c4acd3555a04d0c28fe6fa591db567906e9a0fb961ca1232b2974e43de44179M0rKTb0c0BMElXpX3gYalymZmYf3UHZ</finalnonce></request>
```
- response:
```xml
<?xml version="1.0" encoding="UTF-8"?><response><rsan>b0fa5c08b6e4e660311ef7031371c360881e16dc869f210c35b8d7d3faad532bc59c6592582971cef11582810592b179dc2146c202244a05c19b52d9e1d4206a7257d7b0c7699d369ccc0933ca8a79413244d74f5e8ecc3ecca256b4eec55c4cf4a4826bbc8d2168d2d884088e11597498263d66be785c861618add86ee9a8ae7e4b717b0f332696436026d66a1f6c516a142344fc9973de0930a141fc1f8be2b7c8c09ac7166b18989795de6585352fcb6429fee8b654e623b21c2cfe2ca46026c3a73964ff2cb28f9ccdd255bc81cd047279771444ac7e8630e4b9b43fff8c6b88424838e0022ddea776be08410b1b154d2a70f006820a539674f0e5231ea3</rsan><rsae>010001</rsae><serversignature>fac00d46ddce565a5f8fc2b925070dedd4c84c98d7f9ecdcb97a105e90a9c21a</serversignature><rsapubkeysignature>327e0f2e4c7572007c5da86e7491477c2945a2233d82fc8cc808808a58d7e622</rsapubkeysignature></response>
```

# Request 5 - /user/state-login
- request:
```bash
curl 'http://192.168.1.1/api/user/state-login' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en' \
  -H 'Connection: keep-alive' \
  -H 'Cookie: SessionID=f6Nja9NzWyK4LY4Yr80eI9FFAjPZuc0dUy0bdkOalo7fhOtspjkMCndE94KlcdM3iYSTxIgOFqDS3ZZL0P06S4Hjr8HmTiq6yuUKgTzAarIUqzujpOCl6BAs4yNLnSNd' \
  -H 'Referer: http://192.168.1.1/html/home.html' \
  -H 'Sec-GPC: 1' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H '_ResponseSource: Broswer' \
  --compressed \
  --insecure
```

- response:
```xml
<?xml version="1.0" encoding="UTF-8"?><response><userlevel>2</userlevel><firstlogin>1</firstlogin><Username>admin</Username><rsapadingtype>1</rsapadingtype><extern_password_type>1</extern_password_type><State>0</State><password_type>4</password_type><history_login_flag>0</history_login_flag><wifipwdsamewithwebpwd>0</wifipwdsamewithwebpwd></response>
```

# Request 6 - /time/timeout
- request:
```bash
curl 'http://192.168.1.1/api/time/timeout' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en' \
  -H 'Connection: keep-alive' \
  -H 'Cookie: SessionID=f6Nja9NzWyK4LY4Yr80eI9FFAjPZuc0dUy0bdkOalo7fhOtspjkMCndE94KlcdM3iYSTxIgOFqDS3ZZL0P06S4Hjr8HmTiq6yuUKgTzAarIUqzujpOCl6BAs4yNLnSNd' \
  -H 'Referer: http://192.168.1.1/html/home.html' \
  -H 'Sec-GPC: 1' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H '_ResponseSource: Broswer' \
  --compressed \
  --insecure
```
- response:
```xml
<?xml version="1.0" encoding="UTF-8"?><response><timeout>5</timeout></response>
```