Brief introduction
Crawler Links :
1.? http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/
2. Http://www.heibanke.com/accounts/login
knowledge Points:Cookies & Session, CSRF, Web programming, multi-threaded password enumeration
hint: As with the third question, see clearly, the topic is displayed after http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/login, Instead of the login interface for URL link 2. Get a cookie (csrftoken) login from URL1 or URL2 and get a page with a long password. Random input account password, will jump out of a page to let you find the password, password document page loading is very slow, is due to the back end of the artificial limit of time, the password location randomly generated, from the number of pages and lines to know the password altogether 100 bits. To speed up guessing time, we have to open a thread for each password page (multithreading), which increases the speed of enumerating passwords.
Reference Code
#!/usr/bin/env python# encoding:utf-8 Import requestsimport sysimport reimport threadingreload (SYS) Sys.setdefaultencoding ("Utf-8") csrf = "" username = "Peter" password = "112233" Final_password = "" Payload_login = {"Us Ername ": Username," password ":p assword," Csrfmiddlewaretoken ": csrf} dict = {}thread = [] Website_signup =" http://www . Heibanke.com/accounts/login "Website_login =" http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/ "Website_pwlist =" http://www.heibanke.com/lesson/crawler_ex03/pw_list/?page=%s "s = requests. Session () s.get (website_signup) csrf = s.cookies["Csrftoken"]payload_login["csrfmiddlewaretoken"] = Csrfs.post ( Website_login,data=payload_login) csrf = s.cookies["Csrftoken"] def getpassword (page): Global dict while True: RESP = S.get (website_pwlist%page) Word_pos = Re.findall (' <td data-toggle= ' tooltip ' data-placement= ' left ' title = "Password_pos" > (\d+) </td> ', resp.content) Word_val = Re.findall (' <td data-toggle= "tooltip" data-placement= "left" title= "Password_val" > (\d+) </td> ', resp.content) for I in range (len (wo Rd_pos)): Dict[int (word_pos[i])] = word_val[i] Print word_pos[i]+ "--" +word_val[i "If Len (di CT) ==100:break def main (): Global dict Global Final_password for I in Range (1,14): t = Threadi Ng. Thread (target=getpassword,args= (i,)) Thread.append (t) for I in Thread:i.start () print "Thread Run ing "for I in Thread:i.join () print" thread join "If Len (dict) ==100:k = Dict.keys () K. Sort () for I in Range (len (dict)): Final_password + = Dict[k[i]] print "[+]found:" + Final_password if __name__ = = ' __main__ ': Main ()
Blackboard--crawler level--checkpoint