What you need to run this Basic HTTP Requests lab:While you could probably do this better on a Kali Linux box,, I'm going to document this for a Windows platform running with an installation of Cygwin and Python 3.0. This lab can be run on a real or virtual machine.
PurposeLearn a Python networking Basic HTTP Requests methods and techniques.
Using HEAD to Grab HTTP BannersIn a Cygwin Terminal window, and CD to where you are saving your python files and create a new file httpRequest.py
cat > httpRequest.py
# python3 script to make a HTTP REquest
This will save a file. you can then open it in Notepad++ or VIM
s = socket.socket()
target = input('Input Target host URL: (like www.ccsf.edu):')
tport = 80
s.send(('HEAD / HTTP/1.1\nHost: ' + target + '\n\n').encode())
ExplanationThe first line imports the "socket" library, which contains networking functions.
The second line is to set a time out, so you don't hang if there is an issue with the connection
The third line prompts user for target URL
The forth line selects the target port
The fifth makes the connection request
The sixth line sends the HTTP header request
The seventh receives data from the server and prints it, up to a maximum of 1024 characters.
The eighth line closes the connection.
Running the HTTP Request python scriptIn the Cygwin Terminal window, execute this command:
You should see an HTTP banner request, as shown below:
Grabbing the Attack Server BannerUse your program to grab the banner from attackdirect.samsclass.info. It should show a banner like that shown below:
In another tab, open Sam's blog to just click on his form which I don't have working here... but will soon - https://samsclass.info/124/proj14/p2-http.htm
On his password form, about 1/3 down the page, enter a username of "a" and a password of "b"
Now run Wireshark, and start it sniffing traffic. At the top left of the Wireshark window, in the Filter box, type http and press Enter. (I know we have not really learned about WireShark, so we will walk through this in class)
Now gor back to Sam's blog and re=enter the User ID and Password form. Again log in with a username of "a" and a password of "b"
In Wireshark, stop the capture.
Find the packet in Wireshark with an "Info" column of "POST /python/login1.php HTTP/1.1", as shown below:
Right-click the "POST /python/login1.php HTTP/1.1" line and click "Follow TCP Stream".
The POST request appears, as shown below. The red text shows the HTTP request your browser sent to the server, and the blue text shows the server's reply.
Making a Python Login ScriptIn your Cygwin window copy the file you just created from httpRequest.py to httpPost.py
now you can open this in notepad++ or even VIM... but I would go with notepad++
With the mouse, highlight the entire red request, right-click it, and click Copy, as shown below.
PASTE this into your Notepad++ file as show below
Enclose the entire request in triple " " " quotation marks, and add "req = " to the start of it, as shown below. The text turns another color, maybe orange? --it is a multi-line text string, a handy Python feature.
Now make sure you also have code that looks like this:
s = socket.socket()
Note: to run this in Python 2.x edit the following lines
Running the Login Script
If you run this in python3, you still get an error, but that is because of the format that is returned with Encrypted data... and probably just that we don't have the encode/decode formatting right. If you run this with the python2.7 edits, it works, but returns some data that is not human readable.
in the wireshark TCP trace data that you pasted into the python script, delete the following line:
Accept-Encoding: gzip, deflate
This lets the data get returned with out gzip'ing it. Save your python script to a new name httpPost2.py (so you can see the before and after) and rerun it.
Running the Login Script Again
Making the Username and Password Variable
Now you will want to copy your httpPost.py to httpPostPass.py, and make the following edits
You will have some POST string that ends like this:
The Post parameter/value pairs donpt always have to be in the same order, and I have seen it chage, and the web server parameters are changed. In this case, the "Content-Length: 7" where the "7" is referring to the langth of the UserID and Password that is getting passed in "u=a&p=b". This would change if the userID and password was changed from say... u=bob&p=pa$$w0rd then the Length would change from 7 to 16. What is going on is that the "u=" and the "&p=" is = to 5 characters, plus the additional length of the UserID and Password character count.
Delete the the "7" and userID and Password line, to make it look like this:
Then add the following code to add variables for user, pw, and length
user = input("Username: ")
pw = input("Password: ")
length = len(user) + len(pw) + 5
Then edit the s.send((req),encode())To look like the following, where you are adding in your variables
s.send((req + str(length) + '\n\n' + "u=" + user + "&p=" + pw + '\n').encode())
and the result will be like the following:
If your script doesn't work, use Wireshark to capture the request so you can see mistakes in it.
Awesome... You now have a Python HTTP Post password scriptNow run the login script again, with the correct username of root and a password of password
You should see the message "Successful login!", as shown below:
jimTheSTEAMClown github Python-CyberSecurity-Code
Source: Sam Bowne, and AWESOME Cyber Security Instructor. I met him at the 2017 WIT Conference, and had to give him a hug, for all the cool Cyber Labs he has published on his site https://samsclass.info/ specifically the link to his WITC class Python Scripting for Cyber Security Professionals