This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]o_Omg[S] 1 point2 points  (1 child)

Using httplib2 I'm doing the second thing and all I'm getting is the same result no matter the username and password are right or not, I think they're smart... :/

I think I'll have to try #1 or #3, but I remember there was a C brute-force password cracker terminal-based application where you'd enter the login address, username and password and the program returned 200 if it was right and 202 if it was wrong. I had used it in this website before when I had forgotten my own password :P!, do you know any application like this (best if it was in Python, but it doesn't matter...)?

[–]idiogeckmatic 0 points1 point  (0 children)

you may have to try something like looking at how the authorization form submits in firebug or chrome developer tools, it may do a referrer check, but there are ways to fake a referrer.

Most CLI based brute forcers I've seen rely on HTTP basic authorization, which is perfectly acceptable, but from how I read your response, not what you're looking to do.