Closed madsky closed 8 years ago
Hi - where the site being brute-forced doesn't correctly implement SSL, the code errors.
This Stackoverflow comment holds a solution (http://stackoverflow.com/a/28048260):
import ssl
ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE
urllib2.urlopen(req, context=ctx)
Thanks, updated the exploit to include the fix.
Hi - where the site being brute-forced doesn't correctly implement SSL, the code errors.
This Stackoverflow comment holds a solution (http://stackoverflow.com/a/28048260):
with the other import statements
import ssl
following the read-in of the passwords
ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE
for each incantation of urllib2.urlopen() add the context=ctx argument
urllib2.urlopen(req, context=ctx)