Created
June 26, 2021 11:35
-
-
Save 0xsan-z/0cd8068b3329ca95e62ebd7603ef7db7 to your computer and use it in GitHub Desktop.
AutoLogon to a Website and send request defeating CSRF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# Author: 0xsanz | |
import re | |
import sys | |
import time | |
import requests | |
import datetime | |
import argparse | |
from bs4 import BeautifulSoup | |
def main(): | |
parser = argparse.ArgumentParser() | |
parser.add_argument('-i', action='store', dest='ipaddress', help='The IP Address of server where the Web App is running.', required=True) | |
parser.add_argument('-s', action='store', dest='id', help='WebApp specfic ID', required=True, type=int) | |
parser.add_argument('-u', action='store', dest='username', help='The username to login in to Web App', default='admin', required=False) | |
parser.add_argument('-p', action='store', dest='password', help='The password to login in to Web App', default='password', required=False) | |
parser.add_argument('-t', action='store', dest='timeperiod', help='Time in seconds between subsequent requests. Default is 300 seconds.', required=False, type=int,default=300) | |
parser.add_argument('-l', action='store', dest='port', help='The port where the Web App is running. Default is 8080.', required=False, type=int,default=8080) | |
args = parser.parse_args() | |
host = args.ipaddress | |
if not re.match(r'[0-9]+(?:\.[0-9]+){3}', host): | |
print('Invalid IP Address.Try again..') | |
exit(-1) | |
id = args.id | |
username = args.username | |
password = args.password | |
timeperiod = args.timeperiod | |
port = args.port | |
headers = { | |
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0' | |
} | |
login_data = { | |
'url': '/index.jsp', | |
'login': 'true', | |
'csrf' :"rVvCInOA7tNPlh", | |
'username' : username, | |
'password' : password | |
} | |
myURL = "http://" + str(host) + ":" + str(port) + "/login.jsp?url=%2Findex.jsp" | |
myRefreshURL = "http://" + str(host) + ":" + str(port) + "/plugins/refresh" | |
try: | |
while (True): | |
try: | |
with requests.Session() as s: | |
url = myURL | |
r = s.get(url, headers=headers) | |
soup = BeautifulSoup(r.content, 'lxml') | |
login_data['csrf'] = soup.find('input', attrs={'name': 'csrf'})['value'] | |
r = s.post(url, data=login_data, headers=headers) | |
if "Logout" in r.text: | |
now = datetime.datetime.now() | |
print(" Refresh Request sent at: " + str(now) + " to WebApp: " + str(host)) | |
refresh_payload = {'id':id,'action':'ldapRefresh'} | |
refresh_url = myRefreshURL | |
refresh_request = s.post(refresh_url, data=refresh_payload, headers=headers) | |
time.sleep(timeperiod) | |
else: | |
print("Authentication Failed..Use Correct Username or Password") | |
exit(-1) | |
except requests.exceptions.ConnectionError as e: | |
print(e) | |
exit(-1) | |
except requests.exceptions.TooManyRedirects as e: | |
print(e) | |
exit(-1) | |
except (KeyboardInterrupt, SystemExit): | |
print("Refresh program Exiting....") | |
time.sleep(2) | |
sys.exit(0) | |
if __name__ == '__main__': main() | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment