A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to mess about duplicating an applications functionality at the protocol level.. Yesterday i had need to brute-force a web application which tried hard to be difficult and annoying..
(click for full-size)
This was quick and dirty, if i had more time i would have chosen to read the results and only screenshot results that didnt match “your credentials are invalid”.. ahh.. for another day..
*** a word of warning.. AppleScript is described as “an English-like language used to create script files that control the actions of the computer and the applications that run on it.” This english-like-ness makes it extremely obtuse at times..
In a subsequent version of the brute force, i wished to use the username from my list, and the users First Name as his password. Now this is an obvious call for a hash/dictionary/associative array.. The sparse documentation that i was able to find on AppleScript records did not appear to help me a jot (but this could just be poor google skills).
Instead i opted for saving the username and password as a “:” delimited string. I then split the string at runtime and submit as before.. ugly, but effective..
its not perfect, but its neat and a nice tool to keep in your arsenal..