Arkhota is a web (HTTP/S) brute forcer for Android.

Overview

Arkhota, a web brute forcer for Android

Banner

What?

Arkhota is a web (HTTP/S) brute forcer for Android.

Why?

A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations here's Arkhota.

Download

You can download APK from there.

Usage

Explanation is in order of objects in the APK from top to bottom.

Banner

  • Banner, version & author

You can long click to version to see about page.

Connection

  • URL (required)

An URL to make request.

  • Body

You need to specify a body if you are going to make a POST request.

Userlist / Wordlist

  • Userlist selector

Single: Sets a single username

Generate: Generates runtime with given options

Wordlists: Sets prepared wordlist

Custom wordlist: You can place your custom wordlist to /sdcard/ABF/

Then this selector will have it (if required permissions given.).

  • Username box

You need to specify a username if you selected Single.

  • Charset selectors

[W] You need to specify charset, min & max length to generate runtime.

If you selected Generate, checkboxes will help you to select._

  • Prefix & Suffix

You can specify prefix & suffix to be added to your username

It's same for the password part too.

Configuration

  • Beep switch

Beeps if attack success.

  • Fail/Success switch

Decides how to react connection response

  • POST/GET switch

Decides type of connection

  • User-Agent

_Sets user-agent for connection.

if "Original UA" set, then original user-agent set

Othervise given text will set to user-agent_

tip: It has autocomplete for several user-agents, all of them starts with "Mozilla", type and select one if you don't want to expose your original ua, but you don't know what to set
  • Timeout

Sets timeout for connection, in milliseconds

  • Cookie

Sets cookie value for connection

  • Regex (required)

Determines what to look in connection response

  • Empty box

Tried username:password pairs & result will shown there.

  • [W] Start

Starts attack!

Important

URL & Body: ^USER^ & ^PASS^ are placeholders for username and password. You need to place them in url or the body (depends what type you choose to connection)

Regex & Fail/Success switch: These two determines the result of the attack.

If switch points to "Fail", and if given regex found in the response, this means, this is a fail, continue to attack.

if switch points to "Success", and if given regex found in response, this means this is a success!, write result to empty box (in format "FOUND: username:password") and stop the attack.

Copying: Long click on the empty box will copy the content. if password found, it copies in username:password format Otherwise copies whole content.

If attack is over and unsuccessful, it just stops at the last user:password.

Screenshots & Videos

1 2 3 4 5 6 7 8 9 10 From server's side

ABF Demo

[W]arning

Runtime changeable parameters

Every parameter editable during attack, but none of the parameters will changeable during attack, except two. "Fail/Success" and "Beep" switch.

This means: If you started the attack, and want to change a parameter (e.g charset), editing will not change anything, this changes applies after pressing start button. BUT If you started the attack with beep option on, and you want to change it. You don't need to re-start attack, just click on switch and it won't beep when attack success.

About "Generate" & Custom wordlists

The Generate option is NOT recommended Runtime generating & parsing is a really hard work for a phone. Also it's not stable, all possible words will be generated, but may not be sequential. If you really need to select it, keep everything minimum. If your phone freezes or crashes, you know selected options is not suitable your phone's processor.

Do NOT place big wordlists to /ABF/ directory. This will cause freezing & crashing.

And do NOT forget standard smartphones have far less processor power rather than a computer, this project is for small and quick attacks.

About speed

Depends on your speed of network & remote host.

How to stop the attack

This version of Arkhota doesn't support "stopping the attack". BUT that doesn't mean you cannot stop. Just change "Fail/Success" switch to opposite direction and wait one more request. This will cause a false-positive on purpose to stop. Or You can simply close and re-open the application.

PS: I know.. I know... This project gave me a headache, I didn't even try to put a stop button there.
You might also like...
Monitoring water tanker level using NodeMCU ESP8266 and HC-SR04P Ultrasonic Sensor and broadcasting it using a simple HTTP server inside NodeMCU ESP8266 and show data in an Android App
Monitoring water tanker level using NodeMCU ESP8266 and HC-SR04P Ultrasonic Sensor and broadcasting it using a simple HTTP server inside NodeMCU ESP8266 and show data in an Android App

WaterLevel Preface This project aims to finding a tanker water level using NodeMCU with ESP8266 core and HC-SR04P Ultrasonic sensor and broadcasting i

Volley is an HTTP library that makes networking for Android apps easier and, most importantly, faster.

Volley Volley is an HTTP library that makes networking for Android apps easier and, most importantly, faster. For more information about Volley and ho

Ktorfit - a HTTP client/Kotlin Symbol Processor for Kotlin Multiplatform (Js, Jvm, Android, iOS, Linux) using KSP and Ktor clients inspired by Retrofit
Ktorfit - a HTTP client/Kotlin Symbol Processor for Kotlin Multiplatform (Js, Jvm, Android, iOS, Linux) using KSP and Ktor clients inspired by Retrofit

Ktorfit is a HTTP client/Kotlin Symbol Processor for Kotlin Multiplatform (Js, Jvm, Android, iOS, Linux) using KSP and Ktor clients inspired by Retrofit

Asynchronous Http and WebSocket Client library for Java

Async Http Client Follow @AsyncHttpClient on Twitter. The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and a

Multiplatform coroutine-based HTTP client wrapper for Kotlin

networkinkt This is a lightweight HTTP client for Kotlin. It relies on coroutines on both JS & JVM platforms. Here is a simple GET request: val text =

HttpMocker is a simple HTTP mocking library written in Kotlin to quickly and easily handle offline modes in your apps

HttpMocker HttpMocker is a very lightweight Kotlin library that allows to mock HTTP calls relying on either OkHttp or the Ktor client libraries. It ca

Kotlin HTTP requests library. Similar to Python requests.

khttp khttp is a simple library for HTTP requests in Kotlin. It functions similarly to Python's requests module. import khttp.get fun main(args: Arra

Kotlin DSL http client
Kotlin DSL http client

Introduction Kotlin DSL http client Features 🔹 Developers Experience-driven library without verbosity. 🔹 Native way to use http client in Kotlin. 🔹

Java HTTP Request Library

Http Request A simple convenience library for using a HttpURLConnection to make requests and access the response. This library is available under the

Comments
  • We need a better tutorial

    We need a better tutorial

    I'm not all the way into coding and understand half of what was said can we get a better tutorial more with simpler words for the dumber ones who are not super into coding like that

    opened by cornerboy26 0
Releases(v2.0)
Owner
ALW1EZ
Just someone you don't know.
ALW1EZ
LiteHttp is a simple, intelligent and flexible HTTP framework for Android. With LiteHttp you can make HTTP request with only one line of code! It could convert a java model to the parameter and rander the response JSON as a java model intelligently.

Android network framework: LiteHttp Tags : litehttp2.x-tutorials Website : http://litesuits.com QQgroup : 42960650 , 47357508 Android网络通信为啥子选 lite-htt

马天宇 829 Dec 29, 2022
Square’s meticulous HTTP client for the JVM, Android, and GraalVM.

OkHttp See the project website for documentation and APIs. HTTP is the way modern applications network. It’s how we exchange data & media. Doing HTTP

Square 43.4k Jan 5, 2023
A type-safe HTTP client for Android and the JVM

Retrofit A type-safe HTTP client for Android and Java. For more information please see the website. Download Download the latest JAR or grab from Mave

Square 41k Jan 5, 2023
HTTP Server for Android Instrumentation tests

RESTMock REST API mocking made easy. RESTMock is a library working on top of Square's okhttp/MockWebServer. It allows you to specify Hamcrest matchers

Andrzej Chmielewski 750 Dec 29, 2022
🚀 A Complete Fast Android Networking Library that also supports HTTP/2 🚀

Fast Android Networking Library About Fast Android Networking Library Fast Android Networking Library is a powerful library for doing any type of netw

AMIT SHEKHAR 5.5k Dec 27, 2022
The easiest HTTP networking library for Kotlin/Android

Fuel The easiest HTTP networking library for Kotlin/Android. You are looking at the documentation for 2.x.y.. If you are looking for the documentation

Kittinun Vantasin 4.3k Jan 8, 2023
Asynchronous socket, http(s) (client+server) and websocket library for android. Based on nio, not threads.

AndroidAsync AndroidAsync is a low level network protocol library. If you are looking for an easy to use, higher level, Android aware, http request li

Koushik Dutta 7.3k Jan 2, 2023
An android asynchronous http client built on top of HttpURLConnection.

Versions 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 Version 1.0.6 Description An android asynchronous http client based on HttpURLConnection. Updates U

David 15 Mar 29, 2020
🚀 A Complete Fast Android Networking Library that also supports HTTP/2 🚀

Fast Android Networking Library About Fast Android Networking Library Fast Android Networking Library is a powerful library for doing any type of netw

AMIT SHEKHAR 5.5k Jan 3, 2023
Pluto is a on-device debugger for Android applications, which helps in inspection of HTTP requests/responses, capture Crashes and ANRs and manipulating application data on-the-go.

Pluto Pluto is a on-device debugger for Android applications, which helps in inspection of HTTP requests/responses, capture Crashes and ANRs and manip

Mocklets 8 Aug 22, 2022