无法从存储在网站中的字符串中可靠地匹配 Base 64 加密字符串:Python 程序
Unable to reliabily Match Base 64 encrypted String from strings stored in a Website: Python Program
我是 Rishabh,是 Python 编程语言的初学者。我试图使用 Python 编写一种身份验证程序。
这是我在程序中所做的:
- 我得到用户名和密码
- 我连接两个字符串,如:###Username:::Password
- 然后我用网上看到的base64编码程序对上面的拼接字符串进行了加密。(我对base64编码不熟悉,我在下面Python程序中使用的所有工具都是初学者)
- 现在你得到一个加密的字符串。
- 我在为此目的创建的博客 html 中隐藏了相同的加密字符串:https://pastarchive.blogspot.in
加密字符串作为隐藏文本存储在页面的 html 代码中:
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">IIKTxK6FBJC+or4JPyQqSI0BrAevMJix//LSgGyoiETg=</span><br />
<span style="background-color: white; display: none;">4M3CXPZGRKUsQRqbaOPd/gajp6XD9irrM2pQ8N9MHyM=</span><br />
<span style="background-color: white; display: none;">F5uxniPOSEiU2h/v1QreAx1+hXzW7GRRcJS15kYE/EM=</span><br />
<span style="background-color: white; display: none;">mAHuxBo7URh0QcRswXTccxq/sMTUNfbqmSaiopZxzuA=</span><br />
您在上面html代码中看到的随机字符来自网站:
- 所以我所做的是.. 我在程序中创建了一个加密字符串,如前所述,我只是检查网站中是否存在确切的字符串。如果是,我只显示 "Successfully Logged in message",如果不是,我只显示 "Login Failed."
问题:
我遇到的问题是,奇怪的是,这种方法只对少数用户有效,其余用户无法从网站源代码中找到准确的字符串,即使网站中存在准确的加密字符串。
请下载代码并运行以便您理解
1.登录成功的账号:
用户名是:USER
密码是:TEMPPASS
这个账户和我想的一样完美
2。奇怪地不起作用的帐户:
用户名是 : user2
密码是:CLR
谁能告诉我为什么第一个帐户工作得很好而第二个却失败了?我该如何解决这个问题?请指导我解决这个问题,因为我是初学者。
不要被管理员帐户弄糊涂了..它只是一个本地验证的帐户..
代码:
import requests
from getpass import getpass
from bs4 import BeautifulSoup
import re
import csv
import time
from Crypto.Cipher import AES
import base64
counter =1
counter2=1
import requests
import urllib2
from bs4 import BeautifulSoup
import re
print("\nPlease Authenticate Yourself:")
#print("Welcome to Mantis\n")
user = raw_input("\nEnter Username:")
password= getpass("\nEnter Password:")
print "\n...................................................................."
matchstring="###"+user+":::"+password
matches=""
chkstr=matchstring
print chkstr
###Encryption
msg_text = chkstr.rjust(32)
secret_key = '1234567890123456'
cipher = AES.new(secret_key,AES.MODE_ECB)
encoded = base64.b64encode(cipher.encrypt(msg_text))
#encoded = encoded.encode('string-escape')
print "Encrypted Text: \n"+encoded
##print matchstring #data sent for Authentication
if encoded == "OiKUr4N8ZT7V7hZlwvnXP2d0F1I4xtktNbZSpNotJh0=":
print "\nHello Rishabh !! Is the Login Portal Locked ?"
print "\n\nAdministrator Access Granted"
counter2=2
if counter2==1:
###https://pastarchive.blogspot.in
###https://pastarchive.wordpress.com/2016/10/08/hello/
html_content = urllib2.urlopen('https://pastarchive.blogspot.in').read()
rematchstring=re.compile(encoded)
matches = re.findall(encoded, html_content);
if len(matches) != 0 or counter2==2:
print 'Sucessfully Logged in\n'
print 'Hello '+user.upper()+" !\n"
if user.upper()!="ADMINISTRATOR":
print "Thanks in Advance for using Eagle, the Advanced Data Parsing Algorithm."
print "\nCreator - Rishabh Raghunath, Electrical Engineering Student, MVIT\n"
time.sleep(1)
print "Let's Start !\n"
print ".....................................................................\n"
if len(matches) == 0:
print '\nUserName or Password is Incorrect\n'
print "Please Check Your mail in case your Password has been Changed"
print "Log in failed.\n"
time.sleep(5)
请帮我解决这个奇怪的问题。我不知道如何解决这个问题。
谢谢
问题是因为您使用了 re 而 + 在 encodec 中。 re 以特殊方式对待 +,即。 1+2 正在搜索 12 or 112 or 1112 etc.
使用html_content.find(encoded)encodec在html_content或-1
中的returns位置
现在您将不得不使用 if matched != -1 or counter2 = 2 和 if matched == -1:
顺便说一句: 你的代码乱七八糟。它可能看起来像这样。
from getpass import getpass
from Crypto.Cipher import AES
import base64
import urllib2
import time
# --- constants ---
SECRET_KEY = '1234567890123456'
# --- classes ---
# empty
# --- functions ---
# empty
# --- main ---
loggedin = False
# ------ input
print("\nPlease Authenticate Yourself:")
#print("Welcome to Mantis\n")
user = raw_input("\nEnter Username:")
password = getpass("\nEnter Password:")
print "\n...................................................................."
# ------ encrypting
matchstring = "###{}:::{}".format(user, password)
cipher = AES.new(SECRET_KEY, AES.MODE_ECB)
encoded = base64.b64encode(cipher.encrypt(matchstring.rjust(32)))
print "Encrypted Text: \n", encoded
# ------ checking
# print matchstring #data sent for Authentication
if encoded == "eiKUr3N8ZT7V7RZlwvnXW2F0F1I4xtktNZZSpNotDh0=":
print "\nHello Rishabh !! Is the Login Portal Locked ?"
print "\n\nAdministrator Access Granted"
loggedin = True
else:
html = urllib2.urlopen('https://passarchive.blogspot.in').read()
loggedin = (html.find(encoded) != 1) # True or False
# ------ info
if loggedin:
user = user.upper()
print 'Sucessfully Logged in\n'
print 'Hello', user, "!\n"
if user != "ADMINISTRATOR":
print "Thanks in Advance for using Eagle, the Advanced Data Parsing Algorithm."
print "\nCreator - Rishabh Raghunath, Electrical Engineering Student, MVIT\n"
time.sleep(1)
print "Let's Start !\n"
print ".....................................................................\n"
else:
print '\nUserName or Password is Incorrect\n'
print "Please Check Your mail in case your Password has been Changed"
print "Log in failed.\n"
time.sleep(5)
# ------ end
我是 Rishabh,是 Python 编程语言的初学者。我试图使用 Python 编写一种身份验证程序。
这是我在程序中所做的:
- 我得到用户名和密码
- 我连接两个字符串,如:###Username:::Password
- 然后我用网上看到的base64编码程序对上面的拼接字符串进行了加密。(我对base64编码不熟悉,我在下面Python程序中使用的所有工具都是初学者)
- 现在你得到一个加密的字符串。
- 我在为此目的创建的博客 html 中隐藏了相同的加密字符串:https://pastarchive.blogspot.in
加密字符串作为隐藏文本存储在页面的 html 代码中:
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">IIKTxK6FBJC+or4JPyQqSI0BrAevMJix//LSgGyoiETg=</span><br />
<span style="background-color: white; display: none;">4M3CXPZGRKUsQRqbaOPd/gajp6XD9irrM2pQ8N9MHyM=</span><br />
<span style="background-color: white; display: none;">F5uxniPOSEiU2h/v1QreAx1+hXzW7GRRcJS15kYE/EM=</span><br />
<span style="background-color: white; display: none;">mAHuxBo7URh0QcRswXTccxq/sMTUNfbqmSaiopZxzuA=</span><br />
您在上面html代码中看到的随机字符来自网站:
- 所以我所做的是.. 我在程序中创建了一个加密字符串,如前所述,我只是检查网站中是否存在确切的字符串。如果是,我只显示 "Successfully Logged in message",如果不是,我只显示 "Login Failed."
问题:
我遇到的问题是,奇怪的是,这种方法只对少数用户有效,其余用户无法从网站源代码中找到准确的字符串,即使网站中存在准确的加密字符串。
请下载代码并运行以便您理解
1.登录成功的账号:
用户名是:USER
密码是:TEMPPASS
这个账户和我想的一样完美
2。奇怪地不起作用的帐户:
用户名是 : user2
密码是:CLR
谁能告诉我为什么第一个帐户工作得很好而第二个却失败了?我该如何解决这个问题?请指导我解决这个问题,因为我是初学者。
不要被管理员帐户弄糊涂了..它只是一个本地验证的帐户..
代码:
import requests
from getpass import getpass
from bs4 import BeautifulSoup
import re
import csv
import time
from Crypto.Cipher import AES
import base64
counter =1
counter2=1
import requests
import urllib2
from bs4 import BeautifulSoup
import re
print("\nPlease Authenticate Yourself:")
#print("Welcome to Mantis\n")
user = raw_input("\nEnter Username:")
password= getpass("\nEnter Password:")
print "\n...................................................................."
matchstring="###"+user+":::"+password
matches=""
chkstr=matchstring
print chkstr
###Encryption
msg_text = chkstr.rjust(32)
secret_key = '1234567890123456'
cipher = AES.new(secret_key,AES.MODE_ECB)
encoded = base64.b64encode(cipher.encrypt(msg_text))
#encoded = encoded.encode('string-escape')
print "Encrypted Text: \n"+encoded
##print matchstring #data sent for Authentication
if encoded == "OiKUr4N8ZT7V7hZlwvnXP2d0F1I4xtktNbZSpNotJh0=":
print "\nHello Rishabh !! Is the Login Portal Locked ?"
print "\n\nAdministrator Access Granted"
counter2=2
if counter2==1:
###https://pastarchive.blogspot.in
###https://pastarchive.wordpress.com/2016/10/08/hello/
html_content = urllib2.urlopen('https://pastarchive.blogspot.in').read()
rematchstring=re.compile(encoded)
matches = re.findall(encoded, html_content);
if len(matches) != 0 or counter2==2:
print 'Sucessfully Logged in\n'
print 'Hello '+user.upper()+" !\n"
if user.upper()!="ADMINISTRATOR":
print "Thanks in Advance for using Eagle, the Advanced Data Parsing Algorithm."
print "\nCreator - Rishabh Raghunath, Electrical Engineering Student, MVIT\n"
time.sleep(1)
print "Let's Start !\n"
print ".....................................................................\n"
if len(matches) == 0:
print '\nUserName or Password is Incorrect\n'
print "Please Check Your mail in case your Password has been Changed"
print "Log in failed.\n"
time.sleep(5)
请帮我解决这个奇怪的问题。我不知道如何解决这个问题。 谢谢
问题是因为您使用了 re 而 + 在 encodec 中。 re 以特殊方式对待 +,即。 1+2 正在搜索 12 or 112 or 1112 etc.
使用html_content.find(encoded)encodec在html_content或-1
现在您将不得不使用 if matched != -1 or counter2 = 2 和 if matched == -1:
顺便说一句: 你的代码乱七八糟。它可能看起来像这样。
from getpass import getpass
from Crypto.Cipher import AES
import base64
import urllib2
import time
# --- constants ---
SECRET_KEY = '1234567890123456'
# --- classes ---
# empty
# --- functions ---
# empty
# --- main ---
loggedin = False
# ------ input
print("\nPlease Authenticate Yourself:")
#print("Welcome to Mantis\n")
user = raw_input("\nEnter Username:")
password = getpass("\nEnter Password:")
print "\n...................................................................."
# ------ encrypting
matchstring = "###{}:::{}".format(user, password)
cipher = AES.new(SECRET_KEY, AES.MODE_ECB)
encoded = base64.b64encode(cipher.encrypt(matchstring.rjust(32)))
print "Encrypted Text: \n", encoded
# ------ checking
# print matchstring #data sent for Authentication
if encoded == "eiKUr3N8ZT7V7RZlwvnXW2F0F1I4xtktNZZSpNotDh0=":
print "\nHello Rishabh !! Is the Login Portal Locked ?"
print "\n\nAdministrator Access Granted"
loggedin = True
else:
html = urllib2.urlopen('https://passarchive.blogspot.in').read()
loggedin = (html.find(encoded) != 1) # True or False
# ------ info
if loggedin:
user = user.upper()
print 'Sucessfully Logged in\n'
print 'Hello', user, "!\n"
if user != "ADMINISTRATOR":
print "Thanks in Advance for using Eagle, the Advanced Data Parsing Algorithm."
print "\nCreator - Rishabh Raghunath, Electrical Engineering Student, MVIT\n"
time.sleep(1)
print "Let's Start !\n"
print ".....................................................................\n"
else:
print '\nUserName or Password is Incorrect\n'
print "Please Check Your mail in case your Password has been Changed"
print "Log in failed.\n"
time.sleep(5)
# ------ end