66 lines
1.5 KiB
Plaintext
66 lines
1.5 KiB
Plaintext
meta {
|
|
name: Search password by range
|
|
type: http
|
|
seq: 2
|
|
}
|
|
|
|
get {
|
|
url: https://api.pwnedpasswords.com/range/{{password_hashed_prefix}}
|
|
body: none
|
|
auth: inherit
|
|
}
|
|
|
|
headers {
|
|
hibp-api-key: {{hibp-api-key}}
|
|
}
|
|
|
|
vars:pre-request {
|
|
password: 123456
|
|
}
|
|
|
|
script:pre-request {
|
|
const CryptoJS = require('crypto-js');
|
|
|
|
const password = bru.interpolate("{{password}}");
|
|
const password_hashed = CryptoJS.SHA1(password).toString().toUpperCase();
|
|
const password_hashed_prefix = password_hashed.substring(0,5);
|
|
const password_hashed_suffix = password_hashed.substring(5);
|
|
|
|
bru.setVar("password_hashed_prefix", password_hashed_prefix)
|
|
bru.setVar("password_hashed_suffix", password_hashed_suffix)
|
|
}
|
|
|
|
script:post-response {
|
|
let data = res.getBody();
|
|
|
|
const suffix = bru.getVar("password_hashed_suffix")
|
|
const password = bru.interpolate("{{password}}");
|
|
|
|
const regex = new RegExp(`^(?<hash>${suffix}):(?<occurrences>\\d*)`, "m");
|
|
|
|
const match = data.match(regex)
|
|
|
|
const result = match ? {
|
|
password: password,
|
|
found: true,
|
|
occurrences: Number(match.groups.occurrences)
|
|
}
|
|
: {
|
|
password: password,
|
|
found: false,
|
|
occurrences: 0
|
|
};
|
|
|
|
res.setBody(JSON.stringify(result, null, 4)) // Bug: https://github.com/usebruno/bruno/issues/4748
|
|
}
|
|
|
|
settings {
|
|
encodeUrl: true
|
|
}
|
|
|
|
docs {
|
|
**The password is not sent to the server!** It is hashed locally and part of the hash is sent to HIBP.
|
|
|
|
See: [Searching by Range](https://haveibeenpwned.com/API/v3#SearchingPwnedPasswordsByRange)
|
|
}
|