def srp6authenticate(br, host, username, password):
try:
debugData = []
br.open('http://' + host)
token = br.find(lambda tag: tag.has_attr('name') and tag['name'] ==
'CSRFtoken')['content']
debugData.append('Got CSRF token: ' + token)
usr = srp.User(username,
password,
hash_alg=srp.SHA256,
ng_type=srp.NG_2048)
uname, A = usr.start_authentication()
debugData.append("A value " + str(binascii.hexlify(A)))
br.open('http://' + host + '/authenticate',
method='post',
data=urlencode({
'CSRFtoken': token,
'I': uname,
'A': binascii.hexlify(A)
}))
debugData.append("br.response " + str(br.response))
j = json.decoder.JSONDecoder().decode(br.parsed.decode())
debugData.append("Challenge received: " + str(j))
M = usr.process_challenge(binascii.unhexlify(j['s']),
binascii.unhexlify(j['B']))
debugData.append("M value " + str(binascii.hexlify(M)))
br.open('http://' + host + '/authenticate',
method='post',
data=urlencode({
'CSRFtoken': token,
'M': binascii.hexlify(M)
}))
debugData.append("br.response " + str(br.response))
j = json.decoder.JSONDecoder().decode(br.parsed.decode())
debugData.append("Got response " + str(j))
if 'error' in j:
raise Exception(
"Unable to authenticate (check password?), message:", j)
usr.verify_session(binascii.unhexlify(j['M']))
if not usr.authenticated():
raise Exception("Unable to authenticate")
return True
except Exception:
print("Authentication failed, debug values are: " + str(debugData))
print("Exception: " + str(sys.exc_info()[0]))
traceback.print_exc()
raise
def srp6authenticate(br, host, username, password):
br.open('http://' + host)
token = br.find(lambda tag: tag.has_attr('name') and tag['name'] ==
'CSRFtoken')['content']
#print('Got CSRF token: ' + token)
usr = srp.User(username,
password,
hash_alg=srp.SHA256,
ng_type=srp.NG_2048)
uname, A = usr.start_authentication()
#print(binascii.hexlify(A))
br.open('http://' + host + '/authenticate',
method='post',
data=urlencode({
'CSRFtoken': token,
'I': uname,
'A': binascii.hexlify(A)
}))
#print(br.response)
j = json.decoder.JSONDecoder().decode(br.parsed.decode())
#print('Challenge rceived: ' + str(j))
M = usr.process_challenge(binascii.unhexlify(j['s']),
binascii.unhexlify(j['B']))
#print(binascii.hexlify(M))
br.open('http://' + host + '/authenticate',
method='post',
data=urlencode({
'CSRFtoken': token,
'M': binascii.hexlify(M)
}))
#print(br.response)
j = json.decoder.JSONDecoder().decode(br.parsed.decode())
#print('Got response ' + str(j))
usr.verify_session(binascii.unhexlify(j['M']))
if not usr.authenticated():
print('Failed to authenticate')
return False
print('Authenticated OK')
return True
def authenticate(br, host, username, password):
#br.set_debug_http(True)
#br.set_debug_responses(True)
#br.set_debug_redirects(True)
r = br.open('http://' + host)
bs = bs4.BeautifulSoup(r, features="html5lib")
token = bs.head.find(lambda tag: tag.has_attr('name') and tag['name'] ==
'CSRFtoken')['content']
#print('Got CSRF token ' + token)
usr = srp.User(username,
password,
hash_alg=srp.SHA256,
ng_type=srp.NG_2048)
uname, A = usr.start_authentication()
req = mechanize.Request('http://' + host + '/authenticate',
data=urllib.urlencode({
'CSRFtoken': token,
'I': uname,
'A': binascii.hexlify(A)
}))
r = br.open(req)
j = json.decoder.JSONDecoder().decode(r.read())
#print('Sent challenge, got ' + str(j))
M = usr.process_challenge(binascii.unhexlify(j['s']),
binascii.unhexlify(j['B']))
req = mechanize.Request('http://' + host + '/authenticate',
data=urllib.urlencode({
'CSRFtoken': token,
'M': binascii.hexlify(M)
}))
r = br.open(req)
j = json.decoder.JSONDecoder().decode(r.read())
#print('Got response ' + str(j))
usr.verify_session(binascii.unhexlify(j['M']))
if not usr.authenticated():
#print('Failed to authenticate')
return False
#print('Authenticated OK')
return True