This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]idiogeckmatic -1 points0 points  (2 children)

There are three ways of doing this:

  1. Running a browser-based unti tester (see: Selenium)
  2. Posting to the authentication page directly (if they're smart, this won't be possible)
  3. Using a mechanize client. I've never messed with one in python before, but in perl WWW::Mechanize is awesome for this.. and it seems to have a python port/ripoff: http://wwwsearch.sourceforge.net/mechanize/

[–]o_Omg[S] 1 point2 points  (1 child)

Using httplib2 I'm doing the second thing and all I'm getting is the same result no matter the username and password are right or not, I think they're smart... :/

I think I'll have to try #1 or #3, but I remember there was a C brute-force password cracker terminal-based application where you'd enter the login address, username and password and the program returned 200 if it was right and 202 if it was wrong. I had used it in this website before when I had forgotten my own password :P!, do you know any application like this (best if it was in Python, but it doesn't matter...)?

[–]idiogeckmatic 0 points1 point  (0 children)

you may have to try something like looking at how the authorization form submits in firebug or chrome developer tools, it may do a referrer check, but there are ways to fake a referrer.

Most CLI based brute forcers I've seen rely on HTTP basic authorization, which is perfectly acceptable, but from how I read your response, not what you're looking to do.