Just do it as I told you before.In this new case you can search for the name bufferlength but this time in Unicode format.The second found of it = the right.
Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
04563F40 45 32 30 33 39 66 30 65 61 61 35 39 34 35 62 37 E2039f0eaa5945b7
04563F50 31 38 36 36 36 62 32 65 66 64 63 34 65 34 36 65 18666b2efdc4e46e
04563F60 62 00 75 00 66 00 66 00 65 00 72 00 6C 00 65 00 b.u.f.f.e.r.l.e.
04563F70 6E 00 67 00 74 00 68 00 00 00 00 00 00 00 00 00 n.g.t.h.........
04563F80 62 00 75 00 66 00 66 00 65 00 72 00 4C 00 65 00 b.u.f.f.e.r.L.e.
04563F90 6E 00 67 00 74 00 68 00 00 00 00 00 00 00 00 00 n.g.t.h.........
Now right above the name you can see the token in ASCII format.Token = "E2039f0eaa5945b718666b2efdc4e46e"
So I see the token seems only to work for round about 13 minutes +/- before the connection gets disconnected = new token necessary.Anyway.Also keep in your mind that this is still a low level method to find the token.On the other hand you could also code a tool or hook-code to get the token for the sites who using tokens but for this you need some RCE debug knowledge.
greetz