以摘要认证(Digest Authentication)方式伪登录某摄像头 |
您所在的位置:网站首页 › deepfreeze830版本密码 › 以摘要认证(Digest Authentication)方式伪登录某摄像头 |
本文部分摘自ASP.NET Web API(三):安全验证之使用摘要认证(digest authentication) 密码已知。 分析发现,该摄像头Web登录采用了Digest Authentication的方式。流程如下: 总结一下: HA1=MD5(username:realm:password) HA2=MD5(method:digestURI) response=MD5(HA1:nonce:nc:cnonce:qop:HA2)注意:不是所有的摘要认证方式都按上述进行计算,具体可阅读Digest access authentication 伪登录代码: #!/usr/bin/python import hashlib import httplib import re ip="the camera 's ip" port="the camera 's port" username="your username" pwd="your password" conn = httplib.HTTPConnection(ip, port,timeout=10) # step 1: get nonce from 401 unauthorized response sent by the server conn.connect() headers={ "Host": ip+":"+port, "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Connection": "keep-alive", "Upgrade-Insecure-Requests": "1" } conn.request("GET", "http://"+ip+":"+port+"/", "",headers) res = conn.getresponse().getheader('WWW-Authenticate') conn.close() nonce =re.findall(r'nonce="(.*?)"',res)[0] realm=re.findall(r'realm="(.*?)"',res)[0] qop=re.findall(r'qop="(.*?)"',res)[0] opaque=re.findall(r'opaque="(.*?)"',res)[0] print "login successfully..." # step 2: GET http://ip:port/upgrade.htm urI="/upgrade.htm" method="GET" nc="00000001" cnonce="12234dce7db449b5" # cal HA1 m = hashlib.md5() m.update(username+":"+realm+":"+pwd) HA1 = m.hexdigest() # cal HA2 m = hashlib.md5() m.update(method+":"+urI) HA2 = m.hexdigest() # cal client response m = hashlib.md5() m.update(HA1+":"+nonce+":"+nc+":"+cnonce+":"+qop+":"+HA2) response= m.hexdigest() # GET http://ip:port/upgrade.htm headers={ "Host": ip+":"+port, "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Connection": "keep-alive", "Upgrade-Insecure-Requests": "1", "Authorization": 'Digest username="'+username+'", realm="'+realm+'", nonce="'+nonce+'", uri="'+urI+'", algorithm=MD5, response="'+response+'", opaque="'+opaque+'", qop='+qop+', nc='+nc+', cnonce="'+cnonce+'"' } conn.connect() conn.request(method, "http://"+ip+":"+port+urI, "", headers) res = conn.getresponse() print res.read() conn.close() |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |