Re: Password HTML form bruteforce

From: Vladimir Parkhaev (vladimir@arobas.net)
Date: 04/19/02


Date: Fri, 19 Apr 2002 08:01:32 -0400
From: Vladimir Parkhaev <vladimir@arobas.net>
To: joh ket <johket@hotmail.com>

Quoting joh ket (johket@hotmail.com):
>
> So depending on the password I get redirected to a
> page...
>
> How should the primary and the secondary repsonse
> be configured?
>
> Or does somebody else have a better idea how to do
> this?
>

I always vote for rolling your own.... Here is a little skeleton script
that you can adapt to your needs depending on task in hand

#!/usr/bin/perl -w
use LWP::UserAgent;
use HTTP::Request::Common qw(POST);
use MIME::Base64 qw(encode_base64);
$|++;

$auth = 'Basic ' . encode_base64('foo:bar');
$ua = new LWP::UserAgent;

$req = POST 'http://server.domain.com', Authorization => $auth;
my $res = $ua->request($req);

($res->is_success)? print $res->as_string : die "Error: ", $res->status_line;
__END__

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/