Python for web application security professionals
by Chintan Dave - InfoSec Institute - Wednesday, 16 October 2013.
3. Send a HTTP request - So far no HTTP Request is sent on the wire. In order to do so, use the request() method. This is when the HTTP packet that we have created is sent out over the network to the target web server, using the method passed on as an argument (in our case GET).

4. Get a HTTP response - Now that we have sent a request, we can use getresponse() object to get serverís response. This method will return a HTTP response object back, which when read will send output generated by the server.

urllib2

urllib2 is a little different from the httplib library when it comes to creating and sending out HTTP requests. We donít have to open up a connection and instead after importing, we can make a request directly. This is much simpler when compared to httplib. It is suggested that users make use of urllib2 as it's recommended even by the Python community.

Readers should go through the Python documentation to understand what functions are supported by the urllib2 module to explore the full potential of this library and utilize it when creating their own tools or scripts.

What follows is a sample SQL injection tool that Iíve created only for demonstration purpose. It hits the login page of the website and injects single payload. The following is a simple script:

1. import urllib

2. import urllib2

3. location = "http://test_target.site/login.aspx"

4. values = {"username":"'","password":"password","btnSubmit":"Login"}

5. data = urllib.urlencode(values)

6. req = urllib2.Request(location,data)

7. response = urllib2.urlopen(req)

8. page_data = response.read()

9. print page_data

First we are importing the urllib and urllib2 libraries. We are then associating the target URL to the variable ďlocationĒ and assigning post data to the variable ďvaluesĒ. Once these steps are completed, we are encoding the URL data and then submitting the request to the server and reading the response received.

The above script is just to show how easily one can create custom tools. The above script is far from perfect and will need much modification before using in practice. It only fires one request, while in real life our tool should fire multiple requests by iterating over a list of payloads. Itís left as an exercise to readers to go through libraries and the functions it supports to understand how they can create their own tools. A real life tool will also have to take care of session management and hence needs to also deal with cookies and other HTTP headers like referrers, content type etc. Weíll also need to iterate over the a list of URLs repeatedly until all our payloads are fired one by one for each and every parameter in order to ensure coverage.

Conclusion

Python is an easy to learn language which can be helpful to penetration testers to create their custom tools which they can use to achieve coverage. Thus plugging in holes which are at times created by vulnerability scanners because they are unable to hit certain pages due to one or the other reason. Users can create reusable code by using Pythonís object orientation which can help them create classes that can be inherited and extended. Python can not only be used for quick and dirty scripting to achieve small automation tasks but also be used to create enterprise class vulnerability scanning routines.

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Aug 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //