Rishi Menon Rishi Menon - 1 month ago 14
Python Question

Unable to reliabily Match Base 64 encrypted String from strings stored in a Website: Python Program

I am Rishabh and am a beginner in Python Programming Language.. I have attempted to write a sort of an Authentication Program using Python.

Here's What I am doing in my Program:


  1. I get the Username and Password

  2. I concatenate the two strings like : ###Username:::Password

  3. Then I encrypt the above concatenated string using a base64 encoding program that I saw online.(I am unfamiliar with base64 encoding and I a beginner in all the tools I have used in the below Python Program)

  4. Now you get an encrypted String.

  5. I have the same encrypted string hidden within the html of the blog that I created for this purpose : https://pastarchive.blogspot.in



The Encrypted Strings are stored as hidden text in the html code of the page:

<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">HELLO !! POST</span><br />
<span style="background-color: white; display: none;">IIKTxK6FBJC+or4JPyQqSI0BrAevMJix//LSgGyoiETg=</span><br />
<span style="background-color: white; display: none;">4M3CXPZGRKUsQRqbaOPd/gajp6XD9irrM2pQ8N9MHyM=</span><br />
<span style="background-color: white; display: none;">F5uxniPOSEiU2h/v1QreAx1+hXzW7GRRcJS15kYE/EM=</span><br />
<span style="background-color: white; display: none;">mAHuxBo7URh0QcRswXTccxq/sMTUNfbqmSaiopZxzuA=</span><br />


The random characters you see in the above html code is from the website:


  1. So What I do is.. I make an encrypted string in the program as said before and I just check if the exact string exists in the website. If it is, I just display the "Successfully Logged in message" and if not I just display "Login Failed."



The Problem:

The problem I have is that, This method strangely works only for a few users and the rest don't succeed in finding the exact string from the website source code even though the exact encrypted string is present in the website.

Please Download the Code and run it so that you can Understand

1. The Account which Sucessfully Logs in:

Username is : USER

Password is : TEMPPASS

This account works perfectly as I thought

2. The Accounts which strangely doesn't work:

Username is : user2

Password is : CLR

Can someone tell me why the first account works perfectly fine and the later fails ? And how do I Fix this issue ? Please guide me to fix this issue as I am a beginner.

Don't get confused by the Administrator Account.. Its just a Locally verified Account..

The Code:

import requests
from getpass import getpass
from bs4 import BeautifulSoup
import re
import csv
import time
from Crypto.Cipher import AES
import base64

counter =1
counter2=1
import requests
import urllib2
from bs4 import BeautifulSoup
import re

print("\nPlease Authenticate Yourself:")
#print("Welcome to Mantis\n")
user = raw_input("\nEnter Username:")
password= getpass("\nEnter Password:")
print "\n...................................................................."

matchstring="###"+user+":::"+password
matches=""
chkstr=matchstring
print chkstr
###Encryption
msg_text = chkstr.rjust(32)
secret_key = '1234567890123456'
cipher = AES.new(secret_key,AES.MODE_ECB)
encoded = base64.b64encode(cipher.encrypt(msg_text))
#encoded = encoded.encode('string-escape')
print "Encrypted Text: \n"+encoded




##print matchstring #data sent for Authentication
if encoded == "OiKUr4N8ZT7V7hZlwvnXP2d0F1I4xtktNbZSpNotJh0=":
print "\nHello Rishabh !! Is the Login Portal Locked ?"
print "\n\nAdministrator Access Granted"
counter2=2
if counter2==1:

###https://pastarchive.blogspot.in
###https://pastarchive.wordpress.com/2016/10/08/hello/
html_content = urllib2.urlopen('https://pastarchive.blogspot.in').read()
rematchstring=re.compile(encoded)
matches = re.findall(encoded, html_content);


if len(matches) != 0 or counter2==2:
print 'Sucessfully Logged in\n'
print 'Hello '+user.upper()+" !\n"
if user.upper()!="ADMINISTRATOR":
print "Thanks in Advance for using Eagle, the Advanced Data Parsing Algorithm."
print "\nCreator - Rishabh Raghunath, Electrical Engineering Student, MVIT\n"
time.sleep(1)
print "Let's Start !\n"
print ".....................................................................\n"
if len(matches) == 0:
print '\nUserName or Password is Incorrect\n'
print "Please Check Your mail in case your Password has been Changed"
print "Log in failed.\n"
time.sleep(5)


Please Try to help me out with this Strange Problem.. I don't have a clue how to solve this..
Thanks.

Answer

The problem is because you use re and you have + in encodec. re treats + in special way so ie. 1+2 is searching 12 or 112 or 1112 etc.

Use html_content.find(encoded) which returns position of encodec in html_content or -1

Now you will have to use if matched != -1 or counter2 = 2 and if matched == -1:


BTW: you have mess in code. It could look like this.

from getpass import getpass
from Crypto.Cipher import AES
import base64
import urllib2
import time

# --- constants ---

SECRET_KEY = '1234567890123456'

# --- classes ---

    # empty

# --- functions ---

    # empty

# --- main ---

loggedin = False

# ------ input

print("\nPlease Authenticate Yourself:")
#print("Welcome to Mantis\n")
user = raw_input("\nEnter Username:")
password = getpass("\nEnter Password:")

print "\n...................................................................."

# ------ encrypting

matchstring = "###{}:::{}".format(user, password)

cipher = AES.new(SECRET_KEY, AES.MODE_ECB)
encoded = base64.b64encode(cipher.encrypt(matchstring.rjust(32)))

print "Encrypted Text: \n", encoded

# ------ checking

# print matchstring #data sent for Authentication
if encoded == "eiKUr3N8ZT7V7RZlwvnXW2F0F1I4xtktNZZSpNotDh0=":
    print "\nHello Rishabh !! Is the Login Portal Locked ?"
    print "\n\nAdministrator Access Granted"
    loggedin = True
else:        
    html = urllib2.urlopen('https://passarchive.blogspot.in').read()
    loggedin = (html.find(encoded) != 1) # True or False

# ------ info

if loggedin:
    user = user.upper()
    print 'Sucessfully Logged in\n'
    print 'Hello', user, "!\n"

    if user != "ADMINISTRATOR":
        print "Thanks in Advance for using Eagle, the Advanced Data Parsing Algorithm."
        print "\nCreator - Rishabh Raghunath, Electrical Engineering Student, MVIT\n"
        time.sleep(1)
        print "Let's Start !\n"
        print ".....................................................................\n"
else:
   print '\nUserName or Password is Incorrect\n'
   print "Please Check Your mail in case your Password has been Changed"
   print "Log in failed.\n"
   time.sleep(5)

# ------ end