I’m trying to use this endpoint I got from intercepting the request from an app, but it generates an Authorization header that looks like this: 681752:3Sm7F/USk16SU/GxRHGkBwpLM98=

I’m thinking if I manage to identify how it is created I may use this endpoint pretending to be the app, but I can’t identify what kind of hash is this. It is a different hash every request and the beggining is always the same “681752:“. There is no authentication request.

I tried using hashcat to identify the hash, it returned PeopleSoft and Umbraco HMAC-SHA1 when the input was only the second part of the hash and returned TOTP (HMAC-SHA1) when I included the beggining. An online hash identifier returned Base64(unhex(SHA-1($plaintext))). I don’t know if the beggining is relevant to the hash.

Does anyone know what kind of hash is this?

Some more examples:

681752:8uigXlGMNI7BzwLCJlDbcKR2FP4=

681752:4jTaupNX6AaJl8B7W9VPzTQyO+4=