-
-
Save msummers42/af1e02cef81142d28655fded2eb0f764 to your computer and use it in GitHub Desktop.
Calculate Session Identifier entropy with Claude Shannon formula.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # calc_entropy.py | |
| # Calculate Session Identifier entropy with Claude Shannon formula. | |
| # https://github.com/4k1 | |
| import math | |
| import sys | |
| import time | |
| import urllib.request | |
| # Check params | |
| if (len(sys.argv) != 3): | |
| print ('Usage: python3 %s url cookie' % sys.argv[0]) | |
| quit() | |
| p_url = sys.argv[1] | |
| p_target = sys.argv[2] | |
| # Initialize | |
| charlist = [] | |
| maxlength = 0 | |
| def addcharlist(cl, v): | |
| ncl = list(set(cl + list(v))) | |
| return ncl | |
| # SessionID collection | |
| print ("[ ] Collecting " + p_target + "...") | |
| for i in range(0, 10000): | |
| time.sleep(0.1) | |
| headers = { "User-Agent" : "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)" } # | |
| req = urllib.request.Request(p_url, None, headers) | |
| response = urllib.request.urlopen(req) | |
| for h, v in response.headers.items(): | |
| if h.lower() == "set-cookie": | |
| r = v.split(';')[0].strip() | |
| n = r.find('=') | |
| if p_target == r[:n]: | |
| charlist = addcharlist(charlist, r[n+1:]) | |
| if len(r[n+1:]) > maxlength: | |
| maxlength = len(r[n+1:]) | |
| break | |
| print ("[+] Collected.") | |
| # Calculation | |
| fb = len(charlist) | |
| fl = maxlength | |
| fbl = math.pow(fb, fl) | |
| fH = math.log2(fbl) | |
| # Report | |
| print (" Length : " + str(fl)) | |
| print (" Charlist : " + str(fb)) | |
| print (" Strength : " + str(fH) + " bit(s).") | |
| print ("[+] Ok.") | |
| exit() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment