Let's go back to our editor and open the back2digest.py file. We added a few lines to include support for digest authentication. First, we added this import:
from requests.auth import HTTPDigestAuth
The preceding code allows us to select the authentication. In a request_performer, we need to add a condition to check if the user chose to run a digest authentication attack or basic:
if self.method == "basic":
r = requests.get(self.url, auth=(self.username, self.password))
elif self.method == "digest":
r = requests.get(self.url, auth=HTTPDigestAuth(self.username, self.password))
We specify the different methods in the request instantiation. In the case of digest, it is slightly different as we need to specify HTTPDigestAuth in the auth parameter. Also, we need to add in the start function the handler of the new parameter, we add the -m in the getopt function, the new parameter that will manage the type of authentication method. And we'll add it to every function as a variable.
That's it. We should be able to test against the digest-protected resource. Let's do it.
Let's go back to the Terminal but first, let's check the resource backoffice that we found in the robot.txt. We can see that it needs authentication, and to the user it is exactly the same as basic authentication:
Let's look at the headers of the response that the server sent us. Click on the Open menu option on the right-hand side of the Mozilla browser, select Developer | Network, and then click on the Reload button. Cancel the Authentication Required window and select the row as shown in the following screenshot. We can see that there is a WWW- Authenticate header with a Digest realm parameter, the nonce, and the algorithm= MD5. So let's go to the console to run our script:
Let's run it against the directory back office. We run the back2digest.py with the same parameters as before, but we change the resource to /backoffice instead of /admin:
python back2digest.py -w http://www.scruffybank.com/backoffice -u administrator -t 5 -f pass.txt -m digest
We change the user to administrator, we keep 5 threads and the same dictionary, pass.text, and finally, a new parameter method indicating digest, and we run it:
No luck this time. None of the combinations were valid; maybe the user doesn't exist. Let's try another user, admin for example. Let's run it.
Great, we found the password for the user admin:
Let's try this in the browser now. Set the User Name as admin, and Password as admin123:
Perfect, we're in. Not much to see in here. Now you have your password BruteForcer that can do basic and digest authentication. Congratulations! Let's continue adding more functionalities.