I'm wondering if anyone has tried that with the Robot class, having it bruteforce a web sign in forum. I've looked through the documentation and it seems one could do it with the robot just checking the resulting page against the known, incorrect password page.
Has anyone tried that? It looks possible.
edit: 300th post!
> I thought of using Robot because it can be dynamic,
> if you can select where the forms are you can use it
> on any website. Of course it's going to be slow, not
> only because it has to try everything it'll have to
> wait for the whole page to return to compare it to
> the others.
what do you mean by "dynamic"? why are you here trying to get help cracking websites, anyway? if you were up to the job, you wouldn't need help, and you'd realise java isn't the best way to go about it, let alone using Robot. you won't get any help with this here
dynamic as in you can select where the forms are for name and password. No I'm not asking for help, I'm not a hacker (never have been). I was just wanting to know if it could be done and if anyone had done it. If I wanted to be a hacker (and in my pre-teens I did) I would have learned C/C++ instead of Java..
> dynamic as in you can select where the forms are for
> name and password
what alternative did you reject because it couldn't do all that?
. No I'm not asking for help, I'm
> not a hacker (never have been). I was just wanting to
> know if it could be done and if anyone had done it.
> If I wanted to be a hacker (and in my pre-teens I
> did) I would have learned C/C++ instead of Java..
heh heh if only there was some way to learn more than one language.....
How the he|| would you use Java and Robot on a webpage?
What does Robot have anything to do with anything at all?
Are you saying that you want to use Robot mouse presses to get
into a textfield and use Robot key presses to enter the text?
Wouldnt the browser then get focus and the Java Robot stop
working?
Regardless.....
If you put even TWO MINUTES of thought into this problem youd realize
that password information like ALL other web information is sent
through some web protocol - and therefore the most elementary
step of this problem is disregarding the GUI input.
After all, what does Java excel at? <ahem>
You could probably hack up 20 lines of code to hit a website with:
http:\\www.godforbidyourethisdumb.GOV\&password=qwerty
or whatever the protocol is.
But then regardless of even that...
Im sure most servers will lock you out if you are posting requests
more than even once a second for too long.
Brute force would take forever.
> > You can easily use Java to generate a POST request
> > also.
>
> Would you not have to do that with a servlet
No, most definitely not needed.
You can synthesize a POST request, and the other side
can be a PHP script, JSP page, ASP page, or anything.
In fact, there are commandline utilities that allow you to synthesize POST requests,
eg. curl, lynx, etc.
http://curl.haxx.se/
People also routinely code it up in PERL, and use it to automatically
login to an email website, or a stock-ticker website,
and retrieve the latest stock ticker value, for example.
