-
Notifications
You must be signed in to change notification settings - Fork 1
/
AuthBypass.py
49 lines (42 loc) · 2.24 KB
/
AuthBypass.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import requests
from bs4 import BeautifulSoup
from core import CommonFunctions
import Config
import copy
def check_authbypass(loginFormEndpoints,findings):
headers = {'User-Agent': Config.user_agent}
req = requests.Session()
for loginFormEndpoint_1 in loginFormEndpoints:
if "wp-login" in loginFormEndpoint_1.action:
continue
action = loginFormEndpoint_1.action
for payload in Config.auth_bypass_payloads:
loginFormEndpoint = copy.deepcopy(loginFormEndpoint_1)
loginFormEndpoint = CommonFunctions.refetch_form(req, loginFormEndpoint)
if loginFormEndpoint == None:
continue
params_dynamic = loginFormEndpoint.params['dynamic']
for field, value in params_dynamic.items():
params_dynamic[field] = payload
params = loginFormEndpoint.params['static']
params.update(params_dynamic)
try:
if loginFormEndpoint.method.lower() == "get":
r = req.get(action, headers=headers, params=params, allow_redirects=True,
proxies={"http": Config.http_proxy, "https": Config.https_proxy}, verify=False, timeout=Config.timeout)
else:
r = req.post(action, headers=headers, data=params, allow_redirects=True,
proxies={"http": Config.http_proxy, "https": Config.https_proxy}, verify=False, timeout=Config.timeout)
response_text = r.content.decode('utf-8', errors='ignore')
soup1 = BeautifulSoup(response_text, "html.parser")
except requests.exceptions.RequestException as e:
return
flag1 = False
for input in soup1.findAll('input'):
if input.has_attr('type') and input['type'] == 'password':
flag1 = True
if flag1 == False:
loginFormEndpoint1 = CommonFunctions.refetch_form(req, loginFormEndpoint)
if loginFormEndpoint1 == None:
findings["authbypass"]={"method":loginFormEndpoint.method,"action":loginFormEndpoint.action,"payload":payload}
return