当python遇到authentication
编写参考Basic Authentication authentication with python:
http://www.voidspace.org.uk/python/articles/authentication.shtml
- 扫描tomcat弱口令——遇到Basic Authentication
tomcat登录验证
- 如果tomcat开启了后台管理,访问ip+/manager/html时会弹出验证框
截包分析
-
1.截包证明tomcat的登录验证是针对HTTP中的authentication项进行的
- 2.并且authentication项又进行了basic项加密
部分实现代码
basic编码:
import base64 as bs
"""
对指定字符串编码
"""
def b64encode_str(str_):
return bs.b64encode(str_)
"""
对指定字符串解码
"""
def b64decode_str(str_):
return bs.b64decode(str_)'''
在HTTP请求中加入Authorization
theurl="http://XXXX.com/manager/html"
username=xxx
password=xxx
req = urllib2.Request(theurl)
base64string = base64.encodestring(
'%s:%s' % (username, password))[:-1]
authheader = "Basic %s" % base64string
req.add_header("Authorization", authheader)
源码下载地址
http://cl0wn.sinaapp.com/tomcat_scan.py
http://pan.baidu.com/s/1sjkbLoT