avatarS12 Pentest

Summary

The article presents a Python script for performing brute force attacks on web logins, detailing its features such as bypassing IP blocks, using proxies, and adding custom headers and data.

Abstract

The article introduces a Python-based brute force tool designed to attack web logins by guessing passwords via HTTP POST requests. The author explains the script's mechanism, which involves comparing server response sizes to detect correct credentials. Key features include the ability to bypass IP rate limit blocks through header manipulation, connect via proxies for request inspection, and add custom headers and data to requests for flexibility. The tool also allows filtering responses based on error messages to identify successful logins. The author provides code snippets, examples, and screenshots to illustrate the tool's usage and encourages readers to use the tool responsibly. Additionally, the author invites feedback and support through Medium membership or by sharing the project.

Opinions

  • The author believes the script to be a flexible and powerful tool for penetration testers and security researchers.
  • The use of header manipulation to bypass IP blocks is highlighted as a significant advantage over other known scripts.
  • The author emphasizes the importance of being able to add custom headers and data to requests, enhancing the tool's versatility.
  • The article suggests that the tool can be a valuable resource for those looking to develop similar tools or understand brute force methodologies.
  • The author expresses appreciation for reader support, whether through membership donations or by sharing the project, indicating a commitment to continued development and content creation.

BruteForce Password on Web Login with Python

Introduction

Welcome, in this article I am going to show you how I programmed my Python script to make brute force attacks to web logins using the post method, I will also show you how to use it and some of the best features of the program (bypass IP block,add headers,add data…) I hope you like it!

The script that you will see in this article available in my Github with this link:

Features

  • Find Password
  • Bypass IP Block
  • Connect with Proxy
  • Add Headers and Data
  • Filter By Error Text Answer

Find Password

This is going to be the bulk of the article, this is where I’m going to show how they work and a few small code snippets in case someone wants to create something similar.

First of all, how does it work?

The most important part for this script to work is comparing the size of the response from the server when we send it incorrect credentials.

Here the script does is to send a request with a totally random username and password to see how the web responds to incorrect credentials.

Code:

First Web Petition:

Userfile and passwordfile represents userfield and passwordfield… Sorry

Second Web Petition and Comparison:

In this part the script starts to send web requests in a loop changing the password it tries for the user you have decided to attack, then it compares the length of the answers of the first request that we used incorrect credentials with the new requests you make, with this you get that when it answers 10 bytes of different answers (to avoid false positives) the script will report you that it has found the password.

But in addition to this it has some details that make it a very flexible tool, the first it’s the IP Block Bypass via Headers.

Bypass IP Block

Perfect, this part is a big difference to the great majority of scripts known so far, in my tool I have added to each request a series of headers with which you can bypass the IP Rate Limit Block, these headers are the following:

  • X-Forwarded-For
  • X-Originating-IP
  • X-Remote-IP
  • X-Remote-Addr

Not only have I added these headers, I have also created a series of very basic regular expressions with which each time a web request is sent, it is sent with a different IP in the headers, so the web thinks that each request comes from a different machine.

Code:

Regular Expresions:

Headers:

Result with Burpsuite:

Connect with Proxy

Sometimes you need to see what request you are sending and exactly how and what the server responds, for this I always use the Burpsuite proxy, but you can use any other, just add the -proxy option to the command and indicate the proxy address, now an example:

Command:

python3 bruteforce.py --url victim_url -user user -wordlist wordlist -proxy url_proxy

Result:

Burpsuite:

Add headers and Data

One of the most important new features of the tool is the possibility to add headers or data to your requests, you can add up to two headers or two parameters and you can quickly see how it works with the possibility to add a proxy. One important thing to say is that the format has to be the following:

  • -data “parameter”:”value”
  • -data “parameter1”:”value”,”parameter2”:”value”
  • -headers “parameter”:”value”
  • -headers “parameter1”:”value”,”parameter2”:”value”

Examples:

Command:

python3 bruteforce.py --url victim_url -user user -wordlist wordlist -proxy url_proxy -headers "Testing":"Headers" -data "testing":"data"

Result:

Filter by Error Message Response

Another interesting option is the option to add the error message that you get if the password, when a request responds without that error message will mean that it is the correct password.

Code:

Conclusions

Well here ends this article, I think it is very good and I think that if someone wants to create a similar tool will be very good because you can get some ideas. I hope you liked it, you can leave in the comments your opinion or any questions.

If you enjoy my content and would like to help me take this project to the next level, you can become a member by donating a monthly subscription. Your support will help me continue to create high-quality content. Thank you for your generosity!

If donating is not possible for you at this time, no problem at all! Your support in sharing my project and spreading the word is greatly appreciated. I will continue to create and share my work regardless, and I am grateful for your encouragement and interest.

If you want to support me you can check my main Medium Profile and see all the articles! Follow and support it!. This are the link:

Python
Hacking
Passwords
Malware
Hacker
Recommended from ReadMedium
avatarVijay Gupta
Shodan: The Most Dangerous Search Engine

Introduction

13 min read
avatarJonathan Mondaut
How ChatGPT Turned Me into a Hacker

Discover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

4 min read
avatarTony Mersan
Pentagon Hacking [ScareCrow Payloads]

Bypass Windows 11 ;) 💋 Bypass Anti-Virus

2 min read
avatarYogasatriautama
SOC: Install OpenCTI

OpenCTI (Open Cyber Threat Intelligence) is an open-source platform designed to collect, store, and utilize cyber threat data. It helps…

5 min read
avatarHassen Hannachi
Phishing Email — Ultimate Resources

Phishing email analysis involves examining emails to detect any sings of phishing. Phishing email analysis involves carefully examining…

5 min read
avatarAbhay Parashar
17 Mindblowing Python Automation Scripts I Use Everyday

Scripts That Increased My Productivity and Performance

14 min read