def srp6authenticate(br, host, username, password): try: debugData = [] br.open('http://' + host) token = br.find(lambda tag: tag.has_attr('name') and tag['name'] == 'CSRFtoken')['content'] debugData.append('Got CSRF token: ' + token) usr = srp.User(username, password, hash_alg=srp.SHA256, ng_type=srp.NG_2048) uname, A = usr.start_authentication() debugData.append("A value " + str(binascii.hexlify(A))) br.open('http://' + host + '/authenticate', method='post', data=urlencode({ 'CSRFtoken': token, 'I': uname, 'A': binascii.hexlify(A) })) debugData.append("br.response " + str(br.response)) j = json.decoder.JSONDecoder().decode(br.parsed.decode()) debugData.append("Challenge received: " + str(j)) M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B'])) debugData.append("M value " + str(binascii.hexlify(M))) br.open('http://' + host + '/authenticate', method='post', data=urlencode({ 'CSRFtoken': token, 'M': binascii.hexlify(M) })) debugData.append("br.response " + str(br.response)) j = json.decoder.JSONDecoder().decode(br.parsed.decode()) debugData.append("Got response " + str(j)) if 'error' in j: raise Exception( "Unable to authenticate (check password?), message:", j) usr.verify_session(binascii.unhexlify(j['M'])) if not usr.authenticated(): raise Exception("Unable to authenticate") return True except Exception: print("Authentication failed, debug values are: " + str(debugData)) print("Exception: " + str(sys.exc_info()[0])) traceback.print_exc() raise
def srp6authenticate(br, host, username, password): br.open('http://' + host) token = br.find(lambda tag: tag.has_attr('name') and tag['name'] == 'CSRFtoken')['content'] #print('Got CSRF token: ' + token) usr = srp.User(username, password, hash_alg=srp.SHA256, ng_type=srp.NG_2048) uname, A = usr.start_authentication() #print(binascii.hexlify(A)) br.open('http://' + host + '/authenticate', method='post', data=urlencode({ 'CSRFtoken': token, 'I': uname, 'A': binascii.hexlify(A) })) #print(br.response) j = json.decoder.JSONDecoder().decode(br.parsed.decode()) #print('Challenge rceived: ' + str(j)) M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B'])) #print(binascii.hexlify(M)) br.open('http://' + host + '/authenticate', method='post', data=urlencode({ 'CSRFtoken': token, 'M': binascii.hexlify(M) })) #print(br.response) j = json.decoder.JSONDecoder().decode(br.parsed.decode()) #print('Got response ' + str(j)) usr.verify_session(binascii.unhexlify(j['M'])) if not usr.authenticated(): print('Failed to authenticate') return False print('Authenticated OK') return True
def authenticate(br, host, username, password): #br.set_debug_http(True) #br.set_debug_responses(True) #br.set_debug_redirects(True) r = br.open('http://' + host) bs = bs4.BeautifulSoup(r, features="html5lib") token = bs.head.find(lambda tag: tag.has_attr('name') and tag['name'] == 'CSRFtoken')['content'] #print('Got CSRF token ' + token) usr = srp.User(username, password, hash_alg=srp.SHA256, ng_type=srp.NG_2048) uname, A = usr.start_authentication() req = mechanize.Request('http://' + host + '/authenticate', data=urllib.urlencode({ 'CSRFtoken': token, 'I': uname, 'A': binascii.hexlify(A) })) r = br.open(req) j = json.decoder.JSONDecoder().decode(r.read()) #print('Sent challenge, got ' + str(j)) M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B'])) req = mechanize.Request('http://' + host + '/authenticate', data=urllib.urlencode({ 'CSRFtoken': token, 'M': binascii.hexlify(M) })) r = br.open(req) j = json.decoder.JSONDecoder().decode(r.read()) #print('Got response ' + str(j)) usr.verify_session(binascii.unhexlify(j['M'])) if not usr.authenticated(): #print('Failed to authenticate') return False #print('Authenticated OK') return True