Note: stok token and exploit MUST use the same IP on the LAN, otherwise token is invalid! #97
Description
perhaps it it's obvious to most people or i am the first who ran into this due to having too many VMs and RPIs on the desk, but for the chance of helping others stubborn like me:
the webbrowser for obtaining the stok (URL token) and the python script running the exploit have to use the same source IP for the DUT.
(off course you might use a squid proxy, a nginx as reverse, some nat-rule or any other method to have the same effect.)
i realized this fault (which cost me several hourse to find) by uncomming the to print-statements
#print (r1.text)
#print (r2.text)
which then gave me the error reply (afaik) "illegal token".
i would suggest to add this to the doc (or even on the input dialoge)