kevinadhiguna / wifi-sploit

Wi-Fi sploit is a password cracker for router's login pages (but it works fine in any login page site, even on internet :D)
84 stars 25 forks source link

New wfs.py functions and creation of wfs-browser-beta.py/wfs-browser.py #7

Closed d4v1-sudo closed 9 months ago

d4v1-sudo commented 9 months ago

Improvements in all py files:

  1. Add current attempt login combination in relation to total combinations.
  2. Input router's IP (default: 192.168.1.1).
  3. Added more failed login words in the expression conjunction.
  4. Added Keyboard Interrupt exception treatment.
  5. Print server response after successful login.

Improvements in wfs.py:

  1. Updated Error Expression:

    • The error expression has been updated to include a variety of possible messages, represented as bytes-like objects within a set.
  2. Brute Function:

    • The brute function has been modified to include additional parameters combinations_tested and total_combinations.
    • Added HTTP request headers to simulate a conventional browser request.
    • Added exception handling to deal with SSL errors if they occur.
  3. Main Function:

    • The variable combinations_tested has been initialized outside the main loop to track the total number of combinations tested.
    • Logic added to calculate the total number of possible combinations.
    • Exception handling added to capture keyboard interrupts (Ctrl + C).
  4. Disable SSL Verification:

    • SSL certificate verification has been disabled to allow insecure HTTP requests.
  5. Output Enhancements:

    • The output of the brute function has been improved to display the current number of combinations tested relative to the total.
    • Output adjusted to provide more information in case of error.
  6. Disable urllib3 Warnings:

    • urllib3 disable warning added to prevent unnecessary warning messages.

Creation of wfs-browser-beta.py for routers that don't identify the wfs.py script as an browser:

  1. Introduction of Web Automation with Selenium:

    • The major enhancement is the integration of Selenium, a powerful tool for web automation, into the brute-forcing script.
    • Selenium provides the capability to interact with web elements, such as forms, buttons, and links, enabling more sophisticated testing scenarios compared to basic HTTP requests.
  2. Dynamic Switching between Requests and Selenium:

    • The script intelligently determines whether to use basic HTTP requests or Selenium based on certain conditions.
    • If the server response indicates a need for an upgrade (such as encountering specific error messages), the script switches to using Selenium for further testing.
    • This dynamic switching enhances flexibility and adaptability, ensuring the most appropriate testing method is employed for different scenarios.
  3. Enhanced Interaction with Web Forms:

    • With Selenium, the script can now interact with web forms directly, simulating user input of usernames and passwords.
    • It locates form elements (username and password fields) using Selenium's WebDriver, fills them with appropriate credentials, and submits the form for testing.
    • This capability allows for more realistic testing of authentication systems, as it closely mimics user behavior.
  4. Improved Error Handling and Output:

    • Error handling has been refined to better manage exceptions, especially when using Selenium.
    • The script provides informative error messages to aid in troubleshooting and debugging.
    • Output messages have been enhanced to provide clearer indications of the current testing status, such as displaying the number of combinations tested and any encountered errors.
  5. Expanded Testing Capabilities:

    • By incorporating Selenium, the script gains access to a wider range of testing scenarios, including those involving JavaScript-heavy applications or complex authentication mechanisms.
    • This expansion in testing capabilities enables more comprehensive security assessments, allowing for the identification of vulnerabilities that may not be detectable through simple HTTP requests alone.

Improvements made from mfs-browser-beta.py to mfs-browser.py:

  1. Code Refactoring for Readability and Maintainability:

    • The code has been refactored to improve readability and maintainability.
    • Constants such as URL and EXPRESSIONS are now defined at the top of the script, making them easier to locate and modify.
  2. Modularization of Brute Force Methods:

    • Brute force methods have been modularized into separate functions: brute_with_selenium and brute_with_requests.
    • This separation of concerns improves code organization and allows for easier testing and maintenance of each method individually.
  3. Simplified Main Loop:

    • The main loop has been simplified for clarity.
    • Each combination of usernames and passwords is now tested sequentially, with the total number of combinations tested displayed in real-time.
    • The loop now directly calls the appropriate brute force method based on the condition that either Selenium is being used (use_selenium) or any expression is found in the response.
  4. Improved Error Handling:

    • Error handling has been enhanced for SSL errors.
    • SSL errors are now caught and displayed, with the script exiting gracefully if encountered.
  5. Optimized Selenium Usage:

    • Selenium usage has been optimized to only start the WebDriver when necessary (i.e., when use_selenium is True).
    • This optimization reduces resource usage and improves script efficiency.
  6. Enhanced KeyboardInterrupt Handling:

    • KeyboardInterrupt handling has been improved for better user experience.
    • The script now catches KeyboardInterrupt exceptions and exits gracefully, displaying a message to indicate that the program is terminating.

Note -These improvements in mfs-browser.py result in a cleaner, more organized codebase with better error handling and user interaction. The script is now more efficient and easier to maintain, making it a more robust tool for web applica tion testing.

-Now, for wfs-browsers.py files , new requests are necessary: selenium and requests-html