Have you tried out curl at all? http://curl.haxx.se/ I have never tried this supposedly curl compiles with OpenSSL with no problems. Although using curl would require you do a bit of scripting it would be very minimal it would require a loop and in it you would 1) Connect to the page and get the URL and if they have a cookie save it. 2) Grab out the new URL from the output, I am guessing they are doing a "Location:" so this should be simple. 3) Grab a password from some file of pre-generated passwords Place this in -d option which is how curl does POSTS along with the username. Yes this is definatly some scripting but curl does almost all the work, try it out. If you need more help, if you contact me offline with some more details I can probably get you going. Take care On Tue, 17 Apr 2001, Batten, Gerald wrote: > I'm not trying to crack the SSL session itself. I'm just trying to get an > idea of the quality of passwords the users are using for that site, but from > an external test only. > > The web server is not using the typical 'username/password' pop-up box, > they're using a dynamically generated form, which has a different URL every > time the page is brought up. The user enters their userid and password in > the form and clicks on 'submit' which uses the HTTP POST method. The > session is SSL-encrypted as well. The difficulty I am having is that short > of writing my own perl script (which I am desperately trying to avoid... > sorry, I don't like coding any more), none of the tools I have found can > brute-force a form-based login over SSL. I tried using sslproxy and stunnel > on NT/2000, but those ports lack some of the functionality I need. My next > step is to try and convince one of my Linux co-workers to run stunnel on > their system. > > Gerald. > > Note: Views expressed in this e-mail do not necessarily represent those of > my employer. > Note: Views expressed in this e-mail are not necessarily mine either. <clip> ========================================================================== --"the more you know and understand the more you must know and understand .. knowledge is an unsatiable hunger .. which makes life easier and at the same time harder .... knowledge is a paradox w/ no resolution just a boundless function of human nature .... knowledge is a trap which we embrace and which we run away from .... and in the end the only escape is death .... or maybe not "<grin>-- ========================================================================== -This message transmitted on 100% recycled electrons- -Save the whales, Feed the hungry, Free the mallocs- Two cats on a roof, Which one falls off first? The one with the smaller mew.
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 17:43:00 PDT