SVN weak password scan (Python)

Source: Internet
Author: User
Tags http authentication

Lonely as the brain over the snow, so to write a blog to share a bit. #虽然上一篇博客我还没写完

SVN's weak password, it looks very complex, but in fact very simple AH = = Although unlike Pymssql/mymssql, Python provides a very useful package, but if the understanding of the principle is very simple ~ ~

0x00 Basic Cognition

The first thing to know is the authentication method as shown:

This involves the HTTP authentication method, the concrete can refer to http://blog.csdn.net/samlei/article/details/5485305

SVN uses the simplest basic Auth. Basic Auth is widely used, such as the phpMyAdmin HTTP authentication method, the Nodejs Express framework of the Basic-auth plug-in and so on.

0x10 determine whether the current request requires authentication

If the current request requires authentication, in the browser, the window will pop up as shown, and if so, how to judge in the script? Can be verified by the HTTP response header:

Import= requests.get ('https://test.com/myspace', verify=False) Print Res.headers

You can see that the following field is included in the header:

' www-authenticate ' ' Basic realm= "Subversion" '

0x20 How to certify

There are two methods for Basic-auth:

1. Add authorization to the HTTP header

" Base64 encrypted string for Basic user name and password "

2. Add a user name and password to the URL

http://User:[email protected]

0X30 the authentication module in Python requests

In writing this blog, check the information process, found the artifact requests unexpectedly contains the authentication module. #虽然0x20中提到的认证方式也很简单.

Import Requests  from Import  = requests.get ('https://httpbin.org/hidden-basic-auth/user/passwd', auth= Httpbasicauth ('user'passwd')#  r = requests.get (' https://httpbin.org/hidden-basic-auth/user/passwd ', auth= (' user ', ' passwd '))    # Shorthand  Print(R.json ())

0X40 Final Code

defsvn_busrt (self, URL, user, password):Try: Res= Requests.get ('https://'+user+':'+password+'@'+url, Verify=false, timeout=30)        exceptException, E:PrintFore.red +"Connection Error"Self.count+ = 1return        ifRes.status_code = = 200:            PrintFore.green +"[+] success!%s\t%s:%s"%(URL, user, password) result_list.append ([user, password])

SVN weak password scan (Python)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.