Check the version of your broswer and download the driver. Got to "File", "Settings..." pycharm subdirectory and select "selenium" as interpreter. Now your python code can run Selenium. The next step consists to install a web page to attack. Launch a Centos image on VirtualBox and install an apache server with PHP using Ansible. The file html-php.yml describe via comments how to do it.
The prupose of this repository is explain how is possible to launch a brute force attack over a web page generating all the permutations using a list of chars and Selenium.
There are two fundamentals stpes. The first step consits on create all the possible combinations. To do it i have used a default python function named "product", it's inside of itertools. The function work efficiently so i didn't take any effort to optimitze it. However, if you want to know more about the implementation here is the code:
def product(*args, repeat=1):
# product('ABCD', 'xy') --> Ax Ay Bx By Cx Cy Dx Dy
# product(range(2), repeat=3) --> 000 001 010 011 100 101 110 111
pools = [tuple(pool) for pool in args] * repeat
result = [[]]
for pool in pools:
result = [x+[y] for x in result for y in pool]
for prod in result:
yield tuple(prod)
The second step is send the petition to the web page. Selenium can search the input using the name of the input so the program only has to get the list of permutations and loop over it putting every element of the list as the password. If this is executed secuencialy it will take a lot of time so i parallelized the code using a queue (FIFO) with N threds. The parameters passed to the queue are the passwords and a random thread take it and launch the login petition.
In conclusion, it's possible execute a brute force attack with Selenium, but it takes a lot of time. After a few searchs, i have decide to use the "mechanize" library. It also can be used to scrapping the web page and realize submit pettitions. After a changes on the code, it works better than selenium. Other important point is wich number of threads use. If you select a lower number of threads it don't use all the parralelition benefits, but if the number is higher it will increase the rescources of the pc without aport anything because they cant take any elemnt of the queue. After test some numbers of threads i think thath the optimal number is between 6 and 10, it can change in fuction of the computer. I would like take how much milliseconds take to found the correct password but i can't did it for the selected way used to stop the threads.
| VARIALBES | |
|---|---|
| URL | URL of the web page |
| CHARS | Chars used to create the permutations |
| USER | User thath you want to hack |
| PASS_LENG | First length of the permutations |
| N | Number of threads |
This type of attack need to scrap the web page so the mos popular options are just detect of any one is scrapping the web page. There are a lot of options:
--> Put hidden elements that only the program will detect.--> Count the number of petitions of an IP.
--> Detect a high volume of petitions on a specific section of the web page or URL.
--> Use an AI to detect an irregular user pattern of conduction.
Of course, all this ideas are good but i want to think my personal solution. By my criteriuos the best way is just change the tags from all the elements when the HTML file is sended to the user. Th HTML file has to be procesed by an ofuscator because it's possible automat the scrapping using the structure of the HTML. The problem of do it is that if there's JavaScript code you need to validate the HTML file when the user send a POST or GET message, if not, a XSS attack could be raised. Is necessary to use a token or similar and save it into a database and, using a list of conditions, delete the token.