def execute(self, old_password, new_password):
self._form.update({
"pwd1": new_password,
"pwd2": new_password,
"javax.faces.partial.ajax": "true",
"javax.faces.source": "j_idt30",
"javax.faces.partial.execute": "@all",
"javax.faces.partial.render": "form",
"j_idt30": "j_idt30"
})
r = self._session.post(
"https://comptes.utc.fr/accounts-web/tools/changePassword.xhtml",
data=self._form,
headers={
"origin": "https://comptes.utc.fr",
"referer":
"https://comptes.utc.fr/accounts-web/tools/changePassword.xhtml",
"Faces-Request": "partial/ajax",
"X-Requested-With": "XMLHttpRequest"
})
soup = BeautifulSoup(r.text, features="html5lib")
err = soup.find("div", {"class": "ui-messages-error"})
if err:
raise Exception("Unable to change password for CAS : \n" +
'\n'.join([e.text for e in err.findAll("span")]))
register_provider(CasUTC)
PromptType.sms)
else:
raise Exception("Unsupported two-factor method '{}'".format(
challenge_type))
data.update({"challenge_response": response})
r = self._session.post(
"https://mobile.twitter.com/account/login_verification",
data=data)
url = urlparse(r.url)
r = self._session.get("https://twitter.com")
r = self._session.get("https://twitter.com/settings/password")
self._form = get_form(r.text, id="password-form")
def execute(self, old_password, new_password):
self._form.update({
"current_password": old_password,
"user_password": new_password,
"user_password_confirmation": new_password,
})
r = self._session.post("https://twitter.com/settings/passwords/update",
data=self._form,
headers={
"origin":
"https://twitter.com",
"referer":
"https://twitter.com/settings/password"
})
register_provider(Twitter)
def __init__(self, options):
self.username = options["username"]
def _login(self, old_password):
login_url = "https://aur.archlinux.org/login/"
r = self._session.post(login_url,
data={
"user": self.username,
"passwd": old_password
})
if r.status_code != 200:
raise Exception(
"Unable to log into your Arch User Repository account with current password"
)
return r
def prepare(self, old_password):
self._session = requests.Session()
self._login(old_password)
password_change_url = "https://aur.archlinux.org/account/" + self.username + "/edit"
r = self._session.get(password_change_url)
self._form = get_form(r.text, id="edit-profile-form")
def execute(self, old_password, new_password):
post_url = "https://aur.archlinux.org/account/" + self.username + "/update"
self._form.update({"P": new_password, "C": new_password})
r = self._session.post(post_url, data=self._form)
register_provider(ArchUserRepository)
bs = get_bootstrap(r.text)
form = {
"email": self.email,
"password": old_password,
"security_token": bs["data"]["security_token"]
}
r = self._session.post("https://www.cloudflare.com/a/login", data=form)
url = urlparse(r.url)
if url.path != "/a/overview":
raise Exception(
"Failed to log into Cloudflare with current password")
r = self._session.get(
"https://www.cloudflare.com/a/account/my-account")
bs = get_bootstrap(r.text)
self._atok = bs["atok"]
def execute(self, old_password, new_password):
r = self._session.put(
"https://www.cloudflare.com/api/v4/user/password",
json={
"new_password": new_password,
"new_password_confirm": new_password,
"old_password": old_password,
},
headers={"x-atok": self._atok})
if r.status_code != 200:
raise Exception("Failed to update Cloudflare password")
register_provider(Cloudflare)
self._session = requests.Session()
###authenticate
r = self._session.get("https://m.facebook.com/login.php")
form = get_form(r.text, id="login_form")
form.update({"email": self.username, "pass": old_password})
r = self._session.post("https://m.facebook.com/login.php", data=form)
###check for authentication failure
if "The email address that you've entered doesn't match any account" in r.text:
raise Exception("Facebook doesn't recognise this email")
if "The password you entered is incorrect" in r.text:
raise Exception("Incorrect password")
###load form
r = self._session.get(
"https://m.facebook.com/settings/security/password/")
self._form = get_form(r.text, method="post")
def execute(self, old_password, new_password):
self._form.update({
"password_old": old_password,
"password_new": new_password,
"password_confirm": new_password
})
r = self._session.post("https://m.facebook.com/password/change/",
data=self._form)
register_provider(Facebook)
"ctl00$ctl00$ctl00$ctl00$base_content$web_base_content$home_content$page_content_left$CntrlAuthorization$btnSendVerification":
"Send Security Code"
})
r = self._session.post("https://www.namecheap.com/myaccount/twofa/secondauth.aspx", data=form)
if "You have reached the limit" in r.text:
raise Exception("Namecheap has locked us out of further 2FA attempts. Wait 60 minutes and try again.")
while url.path == "/myaccount/twofa/secondauth.aspx":
form = get_form(r.text, id="aspnetForm")
code = self.prompt("Enter your SMS authorization code", PromptType.sms)
form.update({
"ctl00$ctl00$ctl00$ctl00$base_content$web_base_content$home_content$page_content_left$CntrlAuthorization$txtAuthVerification":
code,
})
r = self._session.post("https://www.namecheap.com/myaccount/twofa/secondauth.aspx", data=form)
url = urlparse(r.url)
r = self._session.get("https://ap.www.namecheap.com/Profile/Security")
soup = BeautifulSoup(r.text, "html.parser")
self._ncCompliance = soup.find("input", attrs={ "name": "ncCompliance" }).get("value", "")
def execute(self, old_password, new_password):
r = self._session.post("https://ap.www.namecheap.com/profile/security/password/change", data={
"newPassword": new_password,
"oldPassword": old_password,
}, headers={
"_NcCompliance": self._ncCompliance
} ,allow_redirects=False)
if r.status_code != 200:
raise Exception("Failed to update NameCheap password")
register_provider(Namecheap)
domains = ["ycombinator.com", "news.ycombinator.com"]
options = {"username": ProviderOption(str, "Your Hacker News username")}
def __init__(self, options):
self.username = options["username"]
def prepare(self, old_password):
self._session = requests.Session()
r = self._session.post("https://news.ycombinator.com/login",
data={
"acct": self.username,
"pw": old_password
},
allow_redirects=False)
if "Bad login" in r.text:
raise Exception(
"Unable to log into Hacker News with current password")
r = self._session.get("https://news.ycombinator.com/changepw")
self._form = get_form(r.text)
def execute(self, old_password, new_password):
self._form.update({"oldpw": old_password, "pw": new_password})
r = self._session.post("https://news.ycombinator.com/r",
data=self._form,
allow_redirects=False)
if r.status_code != 302:
raise Exception("Failed to update Hacker News password")
register_provider(YCombinator)
"https://discordapp.com/api/v6/auth/mfa/totp", json=data)
if r.status_code != 200:
raise Exception(
"Failed to authenticate with the TOTP token: {}".format(
r.json()))
self._session.headers["authorization"] = r.json().get("token")
def execute(self, old_password, new_password):
data = {"password": old_password, "new_password": new_password}
while True:
r = self._session.patch("https://discordapp.com/api/v6/users/@me",
json=data)
if r.status_code != 200:
json = r.json()
if json.get("code") == 60008: # Invalid two-factor code
code = self.prompt("Enter your two factor (TOTP) code",
PromptType.totp)
data["code"] = code
else:
raise Exception(
"Failed to update Discord password: {}".format(json))
else:
break
register_provider(Discord)
r = self._session.post("https://gitlab.com/users/sign_in", data=form)
if r.status_code != 200:
raise Exception(
"Unable to log into GitLab account with current password")
return r
def _set_form(self):
r = self._session.get("https://gitlab.com/profile/password/edit")
self._form = get_form(r.text, id="edit_user_{}".format(self.user_id))
def prepare(self, old_password):
self._session = requests.Session()
r = self._login(old_password)
self._handle_two_factor_auth(r)
self._read_userid()
self._set_form()
def execute(self, old_password, new_password):
self._form.update({
"user[current_password]": old_password,
"user[password]": new_password,
"user[password_confirmation]": new_password,
})
r = self._session.post("https://gitlab.com/profile/password",
data=self._form)
register_provider(GitLab)
def prepare(self, old_password):
self._session = requests.Session()
r = self._session.get(
"https://pypi.python.org/pypi?%3Aaction=login_form")
self._form = get_form(r.text, type="div", id="content")
self._form.update({
"username": self.username,
"password": old_password
})
r = self._session.post("https://pypi.python.org/pypi",
data=self._form,
allow_redirects=False)
if not r.ok:
raise Exception("Unable to log into PyPI with current password")
r = self._session.get(
"https://pypi.python.org/pypi?%3Aaction=user_form")
self._form = custom_get_form(
r.text,
lambda x: x.find(id="content").find("form").find_all("input"))
def execute(self, old_password, new_password):
self._form.update({"password": new_password, "confirm": new_password})
r = self._session.post("https://pypi.python.org/pypi",
data=self._form,
allow_redirects=False)
if not r.ok:
raise Exception("Failed to update PyPI password")
register_provider(PyPI)
def prepare(self, old_password):
self._session = requests.Session()
r = self._session.get("https://ankiweb.net/account/login")
self._form = get_form(r.text, id="form")
self._form.update({
"username": self.username,
"password": old_password
})
r = self._session.post("https://ankiweb.net/account/login",
data=self._form,
allow_redirects=False)
if not r.ok or r.status_code != 302:
raise Exception("Unable to log into AnkiWeb with current password")
r = self._session.get("https://ankiweb.net/account/settings")
self._form = get_form(r.text)
def execute(self, old_password, new_password):
self._form.update({
"oldpw": old_password,
"pass1": new_password,
"pass2": new_password
})
r = self._session.post("https://ankiweb.net/account/settings",
data=self._form,
allow_redirects=False)
if not r.ok or r.status_code != 302:
raise Exception("Failed to update AnkiWeb password")
register_provider(AnkiWeb)
# Linode has a weird form on this page
soup = BeautifulSoup(r.text, "html.parser")
inputs = soup.find_all("input")
form = get_form_data(inputs)
form.update({"auth_password": old_password})
r = self._session.post("https://manager.linode.com/profile/reauth",
data=form)
r = self._session.get("https://manager.linode.com/profile/auth")
# This form is also weird. Why you gotta be weird, Linode?
soup = BeautifulSoup(r.text, "html.parser")
self._form = {
"authenticity_token":
soup.find("input", attrs={
"name": "authenticity_token"
}).get("value", "")
}
def execute(self, old_password, new_password):
self._form.update({
"password": new_password,
"password2": new_password,
"expires": self.expiry
})
r = self._session.post("https://manager.linode.com/profile/password",
data=self._form)
if r.status_code != 200:
raise Exception("Failed to update Linode password")
register_provider(Linode)
self._user_id = j.get("uuid")
break
if not self._user_id:
raise Exception("Unable to extract user ID")
r = self._session.get(
"https://cloud.digitalocean.com/settings/profile?i=" +
self._user_id[:6])
soup = BeautifulSoup(r.text, "html.parser")
self._csrf_token = soup.find("meta", attrs={
"name": "csrf-token"
}).get("content", "")
self._user = self._session.get(
"https://cloud.digitalocean.com/api/v1/users/" +
self._user_id).json()
def execute(self, old_password, new_password):
self._user["user"].update({
"current_password": old_password,
"password": new_password,
"password_confirmation": new_password,
})
r = self._session.put("https://cloud.digitalocean.com/api/v1/users/" +
self._user_id,
json=self._user,
headers={"X-CSRF-Token": self._csrf_token})
if r.status_code != 200:
raise Exception("Failed to update Digital Ocean password")
register_provider(DigitalOcean)
self._session = requests.Session()
r = self._session.get("https://github.com/login")
form = get_form(r.text)
form.update({"login": self.username, "password": old_password})
r = self._session.post("https://github.com/session", data=form)
if r.status_code != 200:
raise Exception(
"Unable to log into GitHub account with current password")
url = urlparse(r.url)
while url.path == "/sessions/two-factor":
form = get_form(r.text)
code = self.prompt("Enter your two factor (TOTP) code",
PromptType.totp)
form.update({"otp": code})
r = self._session.post("https://github.com/sessions/two-factor",
data=form)
url = urlparse(r.url)
r = self._session.get("https://github.com/settings/admin")
self._form = get_form(r.text, id="change_password")
def execute(self, old_password, new_password):
self._form.update({
"user[old_password]": old_password,
"user[password]": new_password,
"user[password_confirmation]": new_password,
})
r = self._session.post("https://github.com/account", data=self._form)
register_provider(GitHub)
###authenticate
r = self._session.get("https://archiveofourown.org/users/login")
form = get_form(r.text, id="new_user")
form.update({
"user[login]": self.login,
"user[password]": old_password
})
r = self._session.post("https://archiveofourown.org/users/login",
data=form)
self.username = list(filter(None, str.split(r.url, "/")))[-1]
###load form
r = self._session.get("https://archiveofourown.org/users/" +
self.username + "/change_password")
self._form = get_form(r.text, method="post")
def execute(self, old_password, new_password):
self._form.update({
"password_check": old_password,
"password": new_password,
"password_confirmation": new_password
})
r = self._session.post("https://archiveofourown.org/users/" +
self.username + "/changed_password",
data=self._form)
register_provider(Ao3)
def prepare(self, old_password):
self._session = requests.Session()
self._session.get("https://www.zotero.org/user/login")
r = self._session.post("https://www.zotero.org/user/login",
data={
"username": self.username,
"password": old_password,
"remember": 0,
"login": "",
"oid_identifier": ""
})
if "Invalid credentials provided" in r.text:
raise Exception("Unable to log into Zotero with current password")
r = self._session.get("https://www.zotero.org/settings/account")
def execute(self, old_password, new_password):
form_data = {
"password": old_password,
"new_password": new_password,
"new_password2": new_password,
"updatesettings": ""
}
r = self._session.post("https://www.zotero.org/settings/account",
data=form_data,
allow_redirects=False)
if "Account Settings Saved" not in r.text:
raise Exception("Failed to update Zotero password")
register_provider(Zotero)
_login_url = "https://en.wikipedia.org/w/index.php?title=Special:UserLogin"
_password_change_url = "https://en.wikipedia.org/w/index.php?" \
"title=Special:ChangeCredentials" \
"/MediaWiki\Auth\PasswordAuthenticationRequest"
def __init__(self, options):
self.username = options["username"]
def _login(self, old_password):
r = self._session.get(self._login_url)
form = get_form(r.text)
form.update({"wpName": self.username, "wpPassword": old_password})
r = self._session.post(self._login_url, data=form)
if r.status_code != 200:
raise Exception(
"Unable to log into Wikipedia account with current password")
return r
def prepare(self, old_password):
self._session = requests.Session()
self._login(old_password)
r = self._session.get(self._password_change_url)
self._form = get_form(r.text)
def execute(self, old_password, new_password):
self._form.update({"password": new_password, "retype": new_password})
r = self._session.post(self._password_change_url, data=self._form)
register_provider(Wikipedia)
"pixiv_id": self.username,
"password": old_password
})
r = self._session.post("https://accounts.pixiv.net/api/login",
data=self._form)
r = self._session.get("https://www.pixiv.net/setting_userdata.php",
params={"type": "password"})
url = urlparse(r.url)
if url.path != "/setting_userdata.php":
raise Exception("Current password for pixiv is incorrect")
self._form = get_form(r.text, action="setting_userdata.php")
self._form.update({"check_pass": old_password})
r = self._session.post("https://www.pixiv.net/setting_userdata.php",
data=self._form)
self._form = get_form(r.text, action="setting_userdata.php")
def execute(self, old_password, new_password):
self._form.update({
"new_password_1": new_password,
"new_password_2": new_password
})
r = self._session.post("https://www.pixiv.net/setting_userdata.php",
data=self._form)
url = urlparse(r.url)
if url.path == "/setting_userdata.php":
raise Exception("Failed to update pixiv password")
register_provider(Pixiv)
