def edit_cookie(host):
"""
This function allows you to both view and edit cookies for a web page and to view the effects in the html once the
cookie has been altered.
:param host: (string) url
:return: None
"""
# Display cookies for target
view_cookies(session.target)
while True:
# The user chooses a cookie to edit
index = InputNFileIO.int_input_getter(
"Which cookie would you like to edit?: ",
range(1,
len(session.cookies) + 1))
# Parse the cookie to only show the name of the cookie
cookie_name = session.cookies[index -
1][:session.cookies[index -
1].index("=")]
print("Chosen cookie:", cookie_name)
# Allow the user to assign the cookie a value of their choice
new_value = input("What do want to change that cookie's value to?: ")
break
# Craft the new cookie
cookie = {cookie_name: new_value}
# Send a post request to the web page with the new cookie
r = requests.post(host, cookies=cookie)
# Display the content of the web page with the cookie change
print(str(r.content).replace('<', "\n<"))
# Close the connection
r.close()
def form():
"""
This function develops a login form template for the cracker to use during the attack.
:return:
"""
# Creates a list of variables in POST form
values = input("Enter form variable names(ex: user pass): ").split()
# Create a dictionary and assign all of the previously defined variables as empty strings
form_values = {value: "" for value in values}
# This loop establishes static variables
while True:
InputNFileIO.clear()
while True:
response = InputNFileIO.yes_or_no_handler(
"Do you need to assign any static values? (y/n): ")
# If the form has static variables
if response == "y":
InputNFileIO.clear()
# Display a list of the variables
for i, key in enumerate(form_values.items()):
print(f"{i + 1}. {key[0]} = {key[1]}")
choice = InputNFileIO.int_input_getter(
"Which one?: ", range(1,
len(values) + 1))
new_val = input(
"What value would you like to assign to this variable?: ")
form_values[values[choice - 1]] = new_val
# Once the user is finished configuring static variables, return the form
elif response == "n":
return form_values
def get_password_list():
"""
This function creates a list of passwords from a wordlist.
:return: (list) List of passwords
"""
passwords = []
while True:
InputNFileIO.clear()
# Enter the path to the wordlist
password_file = input("Enter the password file path: ")
try:
my_file = open(password_file)
# If there is a file not found error, let the user know, and try again
except FileNotFoundError:
input("This is not a valid path! Press enter to try again...")
else:
break
# Assigns each element of the list as a line in the wordlist
all_the_lines = my_file.readlines()
for i in all_the_lines:
passwords.append(i.strip())
return passwords
def select_var():
"""
This function creates a test form and also gets the index of the variable the user is cracking.
:return: (dict, string) Returns the temp form and the name of the variable we are cracking
"""
# List of variables in order
options = []
# Lists the variables in a format the user can select from
for i, key in enumerate(crack_session.form_data.items()):
print(f"{i + 1}. {key[0]} = {key[1]}")
options.append(key[0])
# Gets the variable we will be cracking
var = InputNFileIO.int_input_getter(
"Which variable are you cracking?: ",
range(1,
len(crack_session.form_data) + 1))
# Assign test_form to be a copy of the currently generated POST form
test_form = crack_session.form_data.copy()
# In the test form, replace the value of the target variable with a replaceable string
test_form[options[var - 1]] = "<val>"
return test_form, options[var - 1]
def analyze():
"""
This function handles what to do with user input for the cookie manipulator.
:return: None
"""
while True:
InputNFileIO.clear()
print("Current Target:", session.target, end="")
# Gets users input from the menu and manages errors
user_choice = InputNFileIO.int_input_getter(session.menu, range(1, 8))
InputNFileIO.clear()
# If they choose to "Set target host"
if user_choice == 1:
# Clear cookies
session.cookies = []
# Get target from the get_target() function
session.target = get_target()
# Set the global variable "target_selected" to True, this stops people from breaking the script by trying
# access features that they can't without a valid target
session.target_selected = True
# If they choose to "View cookies"
elif user_choice == 2:
# If target is selected then view the cookie data for the target
if session.target_selected is True:
session.cookie_data = view_cookies(session.target)
# Otherwise, tell the user that they need to select a target
else:
print("No target selected!")
elif user_choice == 3:
# If target is selected then allow the user to edit the cookie data for the target
if session.target_selected is True:
edit_cookie(session.target)
# Otherwise, tell the user that they need to select a target
else:
print("No target selected!")
elif user_choice == 4:
# If target is selected then allow the user to view the web page
if session.target_selected is True:
view_web_page(session.target)
# Otherwise, tell the user that they need to select a target
else:
print("No target selected!")
elif user_choice == 5:
# If target is selected then save web page and it's default cookie data
if session.target_selected is True:
InputNFileIO.website_saver(session.target, session.cookies,
session.file_name)
# Otherwise, tell the user that they need to select a target
else:
print("No target selected!")
elif user_choice == 6:
# Assign new_web to a line from the save file
new_web = InputNFileIO.load_from_file(session.file_name)
if new_web is None:
pass
else:
# The line is then parsed and redistributed across the global variables
session.target = list(new_web.keys())[0]
session.cookies = list(new_web.values())[0]
# Reminds the script that a target has now been selected
session.target_selected = True
else:
# If the user chose 7 (the only other possible input) then quit out of the script
break
input("Press enter to continue...")
def set_threads():
"""
This function gets the number of threads the user wishes to use.
"""
return InputNFileIO.int_input_getter("How many threads(1-16): ",
range(1, 17))
def setup():
"""
This function organizes input from the menu and directs the user accordingly.
"""
while True:
InputNFileIO.clear()
print("Current Target:", crack_session.url, end="")
user_choice = InputNFileIO.int_input_getter(crack_session.menu,
range(1, 6))
InputNFileIO.clear()
if user_choice == 1: # Configure target
# Assign primary target details
crack_session.url = assign_host()
crack_session.form_data = form()
InputNFileIO.clear()
crack_session.num_threads = set_threads()
elif user_choice == 2: # Crack
# If there isn't form data, continue
if not crack_session.form_data or not crack_session.target_selected:
print("No form data configured!")
# Otherwise, crack the target
else:
new_form, var = select_var()
passwords = get_password_list()
InputNFileIO.clear()
fail_message = input("Enter the fail message: ")
InputNFileIO.clear()
crack(new_form, var, passwords, fail_message)
elif user_choice == 3: # Cracked passwords
# Show the cracked passwords
show_cracked()
elif user_choice == 4: # Brute force
pass
else: # Back
# If the user chooses back, go back to the main menu
break
input("Press enter to continue...")