如何获取 post 请求的密码哈希值的随机数？

发布于 2025-01-15 18:41:50 字数 1104 浏览 3 评论 0原文

我正在尝试使用 BS4 和 Python 从路由器（型号 BGW-210）收集信息以实现自动化。 Wi-Fi 信息页面需要我提供的设备访问代码。但是，访问代码通过使用 md5 的随机数进行哈希处理，格式为：md5('访问代码' + '随机数')。帖子表单如下所示：

payload = {
   'nonce': '',
   'password': 'access code',
   'hashpassword': '',
   'Continue': 'Continue'
}

当我从浏览器中检查“网络”选项卡中的“有效负载”时，路由器还将哈希后字段中每个字母的密码中的每个字母更改为“*”。

这是我到目前为止所拥有的，

    s = requests.Session()
    res = s.get(bgw_210['login_url'], headers=headers)
    cookies = dict(res.cookies)

    headers['Content-Type']= 'application/x-www-form-urlencoded'
    res = s.post(bgw_210['login_url'], headers=headers, cookies=cookies)
    html = res.text
    soup = BeautifulSoup(html,'html.parser')

    # I can get the nonce value from here
    print(soup.find('input', {"name":"nonce"}).attrs['value'])
    payload = {
            'nonce': '',
            'password': 'access code',
            #'password': '**********',
            'hashpassword': '',
            'Continue': 'Continue',
            }

如果我使用哈希密码更新有效负载，则随机数会发生变化，并且不再有效。我尝试过使用我监控的有效负载中的固定值进行发布请求，并通过浏览器手动输入。

原文

I'm trying to gather information from a router (model BGW-210) with BS4 and Python for automation. The Wi-Fi information page requires a device access code which I have available. However, the access code is hashed with a nonce using md5 in the format of: md5('access code' + 'nonce'). The post form looks like this:

payload = {
   'nonce': '',
   'password': 'access code',
   'hashpassword': '',
   'Continue': 'Continue'
}

The router also changes each of the letter of the password into '*' for each letter in the field after hashing when I inspected the Payload in the Network tab from my browser.

Here's what I have so far

    s = requests.Session()
    res = s.get(bgw_210['login_url'], headers=headers)
    cookies = dict(res.cookies)

    headers['Content-Type']= 'application/x-www-form-urlencoded'
    res = s.post(bgw_210['login_url'], headers=headers, cookies=cookies)
    html = res.text
    soup = BeautifulSoup(html,'html.parser')

    # I can get the nonce value from here
    print(soup.find('input', {"name":"nonce"}).attrs['value'])
    payload = {
            'nonce': '',
            'password': 'access code',
            #'password': '**********',
            'hashpassword': '',
            'Continue': 'Continue',
            }

The nonce would change if I update the payload with the hash password and would no longer be valid. I've tried post requesting with fixed values from the payload that I monitored and input manually via the browser.

分享到QQ

分享到微博