def get(self, url): """ Buka situs dan handle koneksi error """ # Atur socket timeout RemoteConnection.set_timeout(SETTING.SOCKET_TIMEOUT) wrapped = errormanager(SETTING.BROWSER.get) wrapped(url)
def login(username, password): handler = SETTING.HTTP_AUTH_HANDLER(username, password) wrapped = errormanager(requests.get, False) r = wrapped(TARGET.URL, auth=handler) if r.status_code == 200: status = STATUS.OK else: status = STATUS.NO infoMsg = "Account => %s : %s (%s)" % (username, password, status) logger.info(infoMsg) if status == STATUS.OK: TARGET.CREDENTIALS.append((username, password)) raise BrutemapStopBruteForceException
def checkTarget(url): """ Memeriksa jika target adalah target yang didukung. """ infoMsg = "Checking target..." logger.info(infoMsg) response = None try: wrapped = errormanager(requests.get) response = wrapped(url) except Exception, e: logger.exception(e) raise BrutemapSkipTargetException
def checkTarget(url): """ Memeriksa jika target adalah target yang didukung. """ infoMsg = "Checking target..." logger.info(infoMsg) response = None try: wrapped = errormanager(requests.get) response = wrapped(url) except Exception as e: logger.exception(e) raise BrutemapSkipTargetException if response.status_code == 401: infoMsg = "Login page type: 'HTTP AUTHENTICATION'" logger.info(infoMsg) TARGET.URL = response.url header = response.headers.get("www-authenticate") if not header: criMsg = "Cannot find HTTP Authentication type. " criMsg += "url %s there is no HTTP header 'WWW-Authenticate'" % repr( url) logger.critical(criMsg) raise BrutemapSkipTargetException else: authType = header.split(" ", 1)[0].lower() auth_handler = None if authType == "basic": auth_handler = requests.auth.HTTPBasicAuth elif authType == "digest": auth_handler = requests.auth.HTTPDigestAuth else: warnMsg = "Unsupported HTTP authentication (%s). " % repr( authType.capitalize()) logger.warn(warnMsg) infoMsg = "Enter HTTP authentication handler (for 'python-requests'). " infoMsg += "(press 'CTRL-C' to exit)" logger.info(infoMsg) registerInterruptHandler(reset=True) skip_target = False while not skip_target: try: auth_handler = __import__( raw_input( "[#] (e.g. 'requests.auth.HTTPDigestAuth')> ")) if issubclass(auth_handler, requests.auth.AuthBase) and \ not auth_handler is requests.auth.AuthBase: break except KeyboardInterrupt: print() skip_target = True except Exception as e: logger.exception(e) registerInterruptHandler() if skip_target: raise BrutemapSkipTargetException infoMsg = "HTTP authentication type: %s" % authType.capitalize() logger.info(infoMsg) SETTING.HTTP_AUTH_HANDLER = auth_handler else: SETTING.HTTP_AUTH_HANDLER = response = None browser.get(url) form_elements = [] if response is not None else getFormElements() if len(form_elements) > 0: fields = getFormField() status, pageType = isSupportedTarget(fields) if not status: criMsg = "Unsupported target" logger.critical(criMsg) raise BrutemapSkipTargetException else: TARGET.URL = str(browser.current_url) infoMsg = "Login page type: %s" % repr(pageType) logger.info(infoMsg) bruteForceAttack(fields) elif response is not None: bruteForceAttack((), http_auth=response) else: criMsg = "Unsupported target" logger.critical(criMsg) raise BrutemapSkipTargetException
def __getattr__(self, name): object_ = getattr(SETTING.BROWSER, name) if callable(object_): object_ = errormanager(object_) return object_