黑板客 -- 爬虫闯关 -- 关卡04

简介


**爬虫闯关链接**:

**1. **http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/

**2. ** http://www.heibanke.com/accounts/login


知识点:cookie & session , csrf , Web编程,多线程密码枚举


提示:和第三题一样,看清楚,题目在http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/登录后显示,而不是URL链接2的登录界面。从URL1或URL2中获取Cookie(CSRFTOKEN)登录,然后得到一个提示密码很长的页面。随便输入帐号密码,会跳出一个页面让你找密码,密码文档页面加载非常慢,是由于后端人为限制时间,密码位置随机生成,从页数与行数可知密码一共100位。为了加快猜测时间,我们要为每一个密码页面开一个线程(多线程处理),提高枚举密码的速度。


参考代码


#!/usr/bin/env python
# encoding: utf-8
 
import requests
import sys
import re
import threading
reload(sys)
 
sys.setdefaultencoding("utf-8")
 
csrf = ""
username = "Peter"
password = "112233"
final_password = ""
 
payload_login = {
	"username":username,
	"password":password,
	"csrfmiddlewaretoken":csrf
}
 
dict = {}
thread = []
 
website_signUp = "http://www.heibanke.com/accounts/login"
website_login = "http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/"
website_PWlist = "http://www.heibanke.com/lesson/crawler_ex03/pw_list/?page=%s"
 
s = requests.Session()
s.get(website_signUp)
csrf = s.cookies["csrftoken"]
payload_login["csrfmiddlewaretoken"] = csrf
s.post(website_login,data=payload_login)
csrf = s.cookies["csrftoken"]
 
 
def GetPassword(page):
	global dict
	while True:
		resp = s.get(website_PWlist%page)
		word_pos = re.findall('<td data-toggle="tooltip" data-placement="left" title="password_pos">(\d+)</td>', resp.content)
		word_val = re.findall('<td data-toggle="tooltip" data-placement="left" title="password_val">(\d+)</td>', resp.content)
		for i in range(len(word_pos)):
			dict[int(word_pos[i])] = word_val[i]
			print word_pos[i]+" -- "+word_val[i]
		if len(dict)==100:
			break
 
def main():
	global dict
	global final_password
	for i in range(1,14):
		t = threading.Thread(target=GetPassword,args=(i,))
		thread.append(t)
	for i in thread:
		i.start()
		print "Thread Runing"
	for i in thread:
		i.join()
		print "Thread Join"
	if len(dict)==100:
		k = dict.keys()
		k.sort()
		for i in range(len(dict)):
			final_password += dict[k[i]]
		print "[+]FOUND:" + final_password
 
 
 
if __name__ == '__main__':
	main()
posted @ 2018-10-01 18:05  倚剑问天  阅读(161)  评论(0编辑  收藏  举报