Proj 2: HTTP Requests with Python (NETLAB)

Purpose

Learn Python HTTP Methods.

Using HEAD to Grab HTTP Banners

In Kali Linux, in a Terminal window, execute this command: 
nano http1.py
In nano, enter the code shown below:

Save the file with Ctrl+X, Y, Enter.

Explanation

This code connects on TCP port 80 just like the scanner you made in a previous project, but once it connects, it sends an HTTP request like this: 
HEAD / HTTP/1.1
Host: www.ccsf.edu
The HEAD method grabs only the banner, without getting any pages from the server.

Running the Grabber

In a Terminal window, execute this command: 
python http1.py
Enter a target host of www.ccsf.edu.

You should see the banner, as shown below:

Grabbing the Attack Server Banner

Use your program to grab the banner from attack.samsclass.info. It should show a banner like that shown below:

Simple POST Login

This is a simple login form. Test it with any username and password you like.

Username:      

Password:      

Now run Wireshark, and start it sniffing traffic. At the top left of the Wireshark window, in the Filter box, type http and press Enter.

Try to log in with a username of a and a password of b

In Wireshark, stop the capture.

Find the packet in Wireshark with an "Info" column of "POST /python/login1.php HTTP/1.1", as shown below:

Right-click the "POST /python/login1.php HTTP/1.1" line and click "Follow TCP Stream".

The POST request appears, as shown below. Notice the portions outlined in red--they are the essential lines in the request.

Making a Python Login Script

In Kali Linux, in a Terminal window, execute this command: 
nano http2.py
In nano, enter the code shown below:

Save the file with Ctrl+X, Y, Enter.

Explanation

This code sends an HTTP POST request like this: 
POST /python/login1.php HTTP/1.1
Host: attack.samsclass.info
Content-Type: Application/x-www-form-urlencoded
u=a&p=b

Running the Login Script

In a Terminal window, execute this command: 
python http2.py
Enter a Username of a and a Password of b

You should see the message "Credentials rejected!", as shown below:

Now run the login script again, with the correct username of root and a password of password

You should see the message "Successful login!", as shown below:

Python Loops: String Values

In Kali Linux, in a Terminal window, execute this command: 
nano loop1.py
In nano, enter the code shown below. Do NOT omit the indentation--in Python, indentation is required to indicate what code is inside a loop:

Save the file with Ctrl+X, Y, Enter.

Execute this command to run the script: 

python loop1.py
As you can see below, the code loops through all the listed fruits.

Python Loops: Numerical Values

In Kali Linux, in a Terminal window, execute this command: 
nano loop2.py
In nano, enter the code shown below. Do NOT omit the indentation--in Python, indentation is required to indicate what code is inside a loop:

Save the file with Ctrl+X, Y, Enter.

Execute this command to run the script: 

python loop2.py
As you can see, the code loops through all the numbers to the one before the last one, that is, one through four:

Sources

Python Network Programming
17.2. socket -- Low-level networking interface
How can I make a time delay in Python?

Last revised: 8-17-15
Revised for NETLAB 6-8-16