“Disclaimer: This is not Hacking Tutorial, this just for fun and educational only. Any violence because of this, is beyond my responsibility”
Let me tell you again, this perhaps not the brute force hacking tutorial you want to search. This tutorial is just for fun and educational purpose only. Instagram is a great platform, why you still trying to find a password by using brute force. Instead of using it, why not try social engineering attack that more realistic.
This article is just for fun, I don’t want to exploit Instagram, I just want to help you amuse your friend using this tutorial that somehow will be like an Instagram brute force attack.
This is the reason, why I can build this article?
Instagram will always take your password input if the length is below of six
If you ask me “is it vulnerable?” I said totally no, I think the developer of Instagram was so smart to build this login feature. So when the input is more than six-character, the login page will process it to check whether the password is true or not. And if you false inputting a password about three or five times, we need to wait several minutes to input it again.
Nah, we see that if we can input passwords below six-character, we can do it more and more, as many as we want without waiting for several minutes. This is the big reason, the article is built — for making your friend amused by your program. 😏
Firstly, we need to install webbot and pynput module using pip. The webbot module is to trigger a web automation program. It used to activate the web browser environment. Pynput module is used for controlling the input using python.
I have to make a GitHub repository to make it easier for installing it. Here is the source code
After downloading it, follow this step
1) Install the module from requirements.txt by writing this command
pip install -r requirements.txt
or
pip3 install -r requirements.txt
The output will be like this
This output means, I already installed the module
2) Launch the attack
python instagram-brute-force.py
3) Input the username
Put your username Instagram, just like this
This is the real username of Instagram
4) Input the dictionary txt
Choose the .txt file that works as a dictionary (One of the Brute force method). For example, here is my dictionary file
As you can see, all of the text, except the last one only has a length under six characters. Put your real password in the last line. After that fill in the command line, dictionary
. As the file is dictionary.txt. You can name it as you want, but I made default the file is .txt. So you only can use the .txt file.
Choose dictionary file
5) Hit enter and wait several times, until you successfully log in
Successfully login into Instagram
Login Success — Don’t forget to change the last line of dictionary.txt
As you can see that, the Instagram login is taking all the character inside the dictionary.txt. Because all input below six characters is means nothing by the system. It can work, although you put it 1000 line.
Lastly, I think it this not right if I not explaining the source code. Here is the source code
As you can see, in lines 4 and 5 we ask the user to input the username and the file for doing the dictionary attack. The file is accessed line by line so it can be used as bruteforce variable. After that, in lines 14 and 15 we use the module that we install in the first step. As for the rest, I believe you can read it easily.
I hope you successfully trick your friend, for not just common automation login Instagram, but add a brute force attack feature to the automation.
Have a Nice Code.