题目字典给我们了,访问网站以后要登陆,输入admin,密码123
BP拦截包查看:
base64加密
然后可以写个脚本,转换一下字典,变成admin+字典的base64加密
import base64 import sys import io with open('aa.txt', 'r') as f: for line in f: url = "admin:" + line bytes_url = url.encode("utf-8") str_url = base64.b64encode(bytes_url) # 被编码的参数必须是二进制数据 with open('a.txt', 'a') as c: c.write(str_url.decode() + "\n")
然后也有BP自带的加密和添加数据功能:
启用Custom iterator
设置开头数据:
加载字典:
取消URL编码
设置数据编码格式为base64
爆破