Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anyone know how to scape a sharepoint site? #120

Open
jaxjexjox opened this issue Jun 26, 2024 · 3 comments
Open

Anyone know how to scape a sharepoint site? #120

jaxjexjox opened this issue Jun 26, 2024 · 3 comments

Comments

@jaxjexjox
Copy link

Sorry for the support question!

I am wanting to use this on an "internal" (so to speak) Azure hosted Sharepoint site, which obviously wants, trusted devices, single sign on and what have you.

I've fiddled with some of the commands to try and authenticate against this but had no luck.
Has anyone managed to achieve this?

Example:
sudo docker run -it --rm -v "${PWD}:/host" ghcr.io/digininja/cewl -d 2 -w file.txt --auth_user first.lastname@ourdomain.com --auth_pass MYAZUREPASS https://subdomain.sharepoint.com/sites/SITENAME/

I am going to guess this is particularly difficult to do? Does anyone know, if possible please.
I do apologise for a bit of a run of the mill support question but I've tried a variety of things and had no luck

Any thoughts would be appreciated and thanks for the hard work.
@digininja
Copy link
Owner

What you will need to do is to login and work out which headers are required for authentication and then pass them all using multiple --header parameters.

Something like this:

./cewl.rb cewl.test --header auth:value1 --header authOther:value2

That will pass the headers on each request.

The problem you will have is if any of the values are updated on a per-request basis, if they are, then you are out of luck.

@jaxjexjox
Copy link
Author

Thanks for the reply, I missed this.

It's M365 hosted sharepoint, so I can imagine it may demand some kind of verified device / certificates and all kinds of things.
Would WSL potentially help in bypassing this? I'm guessing not.

Any tips on how to find these headers? I'm guessing the dev tools?

@digininja
Copy link
Owner

digininja commented Jul 28, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@digininja @jaxjexjox