Blackboard Guest-Crawler level 04

Source: Internet
Author: User

Brief introduction



Crawler Links :


1.? http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/

2. Http://www.heibanke.com/accounts/login


knowledge Points:Cookies & Session, CSRF, Web programming, multi-threaded password enumeration


hint: As with the third question, see clearly, the topic is displayed after http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/login, Instead of the login interface for URL link 2. Get a cookie (csrftoken) login from URL1 or URL2 and get a page with a long password. Random input account password, will jump out of a page to let you find the password, password document page loading is very slow, is due to the back end of the artificial limit of time, the password location randomly generated, from the number of pages and lines to know the password altogether 100 bits. To speed up guessing time, we have to open a thread for each password page (multithreading), which increases the speed of enumerating passwords.


Reference Code
#!/usr/bin/env python# encoding:utf-8 Import requestsimport sysimport reimport threadingreload (SYS) Sys.setdefaultencoding ("Utf-8") csrf = "" username = "Peter" password = "112233" Final_password = "" Payload_login = {"Us Ername ": Username," password ":p assword," Csrfmiddlewaretoken ": csrf} dict = {}thread = [] Website_signup =" http://www . Heibanke.com/accounts/login "Website_login =" http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/ "Website_pwlist =" http://www.heibanke.com/lesson/crawler_ex03/pw_list/?page=%s "s = requests. Session () s.get (website_signup) csrf = s.cookies["Csrftoken"]payload_login["csrfmiddlewaretoken"] = Csrfs.post (        Website_login,data=payload_login) csrf = s.cookies["Csrftoken"] def getpassword (page): Global dict while True: RESP = S.get (website_pwlist%page) Word_pos = Re.findall (' <td data-toggle= ' tooltip ' data-placement= ' left ' title = "Password_pos" > (\d+) </td> ', resp.content) Word_val = Re.findall (' <td data-toggle= "tooltip" data-placement= "left" title= "Password_val" > (\d+) </td> ', resp.content) for I in range (len (wo Rd_pos)): Dict[int (word_pos[i])] = word_val[i] Print word_pos[i]+ "--" +word_val[i "If Len (di CT) ==100:break def main (): Global dict Global Final_password for I in Range (1,14): t = Threadi Ng. Thread (target=getpassword,args= (i,)) Thread.append (t) for I in Thread:i.start () print "Thread Run ing "for I in Thread:i.join () print" thread join "If Len (dict) ==100:k = Dict.keys () K.    Sort () for I in Range (len (dict)): Final_password + = Dict[k[i]] print "[+]found:" + Final_password if __name__ = = ' __main__ ': Main ()

Blackboard--crawler level--checkpoint

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.