Book Image

Python Web Penetration Testing Cookbook

By : Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip
Book Image

Python Web Penetration Testing Cookbook

By: Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip

Overview of this book

Table of Contents (16 chapters)
Python Web Penetration Testing Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Brute forcing login through the Authorization header


Many websites use HTTP basic authentication to restrict access to content. This is especially prevalent in embedded devices such as routers. The Python requests library has built-in support for basic authentication, making an easy way to create an authentication brute force script.

Getting ready

Before creating this recipe, you're going to need a list of passwords to attempt to authenticate with. Create a local text file called passwords.txt, with each password on a new line. Check out Brute forcing passwords in Chapter 2, Enumeration, for password lists from online resources. Also, spend some time to scope out the target server as you're going to need to know how it responds to a failed login request, so that we can differentiate when the brute force works or not.

How to do it…

The following code will attempt to brute force entry to website through basic authentication:

import requests
from requests.auth import HTTPBasicAuth

with open('passwords...