For a four-digit code and submit data to the server only error correct code will not fail, that is what we call usually within five minutes which means that this failure within five minutes we can try these to 1000-9999 data, all input submitted to the server for authentication,
Well, to understand the relevant principles, and now I'll teach you how to crack,
The following operations on JMeter needs a little foundation on the basis of recommendations JMeter tool did not look under the foundation
Use tools: JMeter
1. Download JMete archive, open jmeter.bat batch file, first of all I want to say is, JMeter must run on java environment, so before that you have to configure the java environment
2. New - "thread group / http request / view the results tree, CSV Data Set Config, the number of threads open on 1, then the number of cycles equal to the number below the number of data you txt file
a) then the protocol parameter in the http request for the interface into the fill, and the ip address corresponding to the server, taking the path, a method, as shown below (body code value is read .txt document)
b. then create a new text document, the document data of which all possible input codes, of course, where only small series and entered in the Save As 1000-2999, encoding format must be changed utf-8, and then
CSV Data Set Config, fill in the relevant diagram parameters
c. Click the run, this time, the program mad gogogo result tree is run down in the brush brush gogogo
Before long two thousand data to finish the time difference will observe the following two minutes to solve two thousand exhaustive data
3. After the program finish, no need to return the data to see the response, I directly use the new password 654321 to log in and found not log on,
So small series codes are not excluded this interval 1000-2999
But this time, I believe we all have felt it a small series of threads 2000 to submit data as long as two minutes twice that rate
If open five threads 1000-9999 This data has been estimated at less than two minutes exhaustive finished, right?
So there is always a request will be successful means I always have a verification code data is correct, it can change the password for the account swap
Of course, such resource-consuming operation course, this multi-threaded high-speed naturally requires a PC with the brute force but this is such a principle
There are a few points to remind you that, before initiating a request for data, that is, before you run JMeter, nature is the need to manually touch the hair under this code issued under this code and then we were in for his exhaustive verification, and if the response is returned wrong, you may try to add cookie manager
Of course, this paper reflects a brute of a small flow
