SVN weak password scan (Python)

Lonely as the brain over the snow, so to write a blog to share a bit. #虽然上一篇博客我还没写完

SVN's weak password, it looks very complex, but in fact very simple AH = = Although unlike Pymssql/mymssql, Python provides a very useful package, but if the understanding of the principle is very simple ~ ~

0x00 Basic Cognition

The first thing to know is the authentication method as shown:

This involves the HTTP authentication method, the concrete can refer to http://blog.csdn.net/samlei/article/details/5485305

SVN uses the simplest basic Auth. Basic Auth is widely used, such as the phpMyAdmin HTTP authentication method, the Nodejs Express framework of the Basic-auth plug-in and so on.

0x10 determine whether the current request requires authentication

If the current request requires authentication, in the browser, the window will pop up as shown, and if so, how to judge in the script? Can be verified by the HTTP response header:

Import= requests.get ('https://test.com/myspace', verify=False) Print Res.headers

You can see that the following field is included in the header:

' www-authenticate ' ' Basic realm= "Subversion" '

0x20 How to certify

There are two methods for Basic-auth:

1. Add authorization to the HTTP header

" Base64 encrypted string for Basic user name and password "

2. Add a user name and password to the URL

http://User:[email protected]

0X30 the authentication module in Python requests

In writing this blog, check the information process, found the artifact requests unexpectedly contains the authentication module. #虽然0x20中提到的认证方式也很简单.

Import Requests  from Import  = requests.get ('https://httpbin.org/hidden-basic-auth/user/passwd', auth= Httpbasicauth ('user'passwd')#  r = requests.get (' https://httpbin.org/hidden-basic-auth/user/passwd ', auth= (' user ', ' passwd '))    # Shorthand  Print(R.json ())

0X40 Final Code

defsvn_busrt (self, URL, user, password):Try: Res= Requests.get ('https://'+user+':'+password+'@'+url, Verify=false, timeout=30)        exceptException, E:PrintFore.red +"Connection Error"Self.count+ = 1return        ifRes.status_code = = 200:            PrintFore.green +"[+] success!%s\t%s:%s"%(URL, user, password) result_list.append ([user, password])

SVN weak password scan (Python)