Project 13: Automating Web Requests with Python (15 pts.)

What You Need for This Project

Purpose

To practice automting Web requests, which makes it much more efficient to hack into websites.

Starting a Web Browser

From your Linux desktop, launch Firefox. In Firefox, go to:

http://attackdirect.samsclass.info/blind.htm

Scroll down to item "2. Time-Based", as shown below.

Getting Wireshark

Open a Terminal window and execute these commands. Enter your password when you are prompted to.
sudo apt-get update
sudo apt-get install wireshark -y
A window apears, titled "Configuring wireshark-common", as shown below.

Press Tab to highlight Yes and press the SPACEBAR.

Starting Wireshark Capturing

In a Terminal window, execute this command.
sudo wirehark
Enter your password if you are prompted to.

If a "Lua: Error during loading" box appears, click OK.

Wireshark opens, as shown below.

Double-click any.

In Firefox, highlight the third example injection string, as shown below.

Right-click the highlighted text and click Copy.

Select all the text in the Target field, right-click it, and click Paste.

Right-click the highlighted text and click Copy.

Select all the text in the Target field, right-click it, and click Paste.

Your Firefox window should look like the image below.

In Firefox, click the Test! button.

In Wireshark, click the red square Stop button.

In Wireshark, in the "Apply a display filter" bar, type:

http
Press Enter.

Click the "POST blind2.php" line, as shown below.

From the Wireshark menu bar, click Analyze, Follow, "TCP Stream".

A box pops up showing the raw HTTP request in red letters. Highlight the red text, as shown below.

Right-click the highlighted text and click Copy.

Making a Python HTTP Script

Open a new Terminal window, and execute this command.
sudo apt-get install leafpad -y
Enter your password if you are prompted to.

Execute this command.

leafpad http
An empty window titled (http) opens. Right-click inside this window and click Paste.

Resize the window so you can see the entire HTTP request, as shown below.

Add this text at the top of the file, as shown below.

#!/usr/bin/env python

req="""

Add this text at the end of the file, as shown below.

""";
import socket
s = socket.socket()
s.connect (("attackdirect.samsclass.info",80))
s.send(req)
print s.recv(1024)
s.close()

Click in the Leafpad window. At the top of the Linux window, click File, Save.

Running the Python HTTP Script

Open a new Terminal window, and execute these commands.
chmod +x http
./http
You get a response, but part of it is compressed and unreadable, as shown below.

In Leafpad, delete this line, as shown below:

Accept-Encoding: gzip, deflate

Click in the Leafpad window. At the top of the Linux window, click File, Save.

Running the Modified Python HTTP Script

Open a new Terminal window, and execute this command.
./http
You get a readable response, containing the title Time-Based, as shown below.

Saving a Screen Image

Click the taskbar at the bottom of your host desktop, to make the host machine listen to the keyboard, instead of the virtual machine.

Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole desktop to the clipboard.

YOU MUST SUBMIT A FULL-DESKTOP IMAGE FOR FULL CREDIT!

Paste the image into Paint and save it with the filename "YOUR NAME Proj 13", replacing "YOUR NAME" with your real name.

Doing the Challenges

You have now completed the required portion of this project. But I recommend continuing to do the Challenges shown below.

You may find this link helpful.

Iterating over a string

Turning In Your Project

Email the images to me as an attachments to an e-mail message. Send it to: cnit.129S@gmail.com with a subject line of "Proj 13 From YOUR NAME", replacing "YOUR NAME" with your real name.

If you completed the Challenges, just put the answers in the email's body.

Send a Cc to yourself.


Last updated 11-14-16