Skip to content

Instantly share code, notes, and snippets.

@0xsan-z
Created June 26, 2021 11:35
Show Gist options
  • Save 0xsan-z/0cd8068b3329ca95e62ebd7603ef7db7 to your computer and use it in GitHub Desktop.
Save 0xsan-z/0cd8068b3329ca95e62ebd7603ef7db7 to your computer and use it in GitHub Desktop.
AutoLogon to a Website and send request defeating CSRF
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Author: 0xsanz
import re
import sys
import time
import requests
import datetime
import argparse
from bs4 import BeautifulSoup
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-i', action='store', dest='ipaddress', help='The IP Address of server where the Web App is running.', required=True)
parser.add_argument('-s', action='store', dest='id', help='WebApp specfic ID', required=True, type=int)
parser.add_argument('-u', action='store', dest='username', help='The username to login in to Web App', default='admin', required=False)
parser.add_argument('-p', action='store', dest='password', help='The password to login in to Web App', default='password', required=False)
parser.add_argument('-t', action='store', dest='timeperiod', help='Time in seconds between subsequent requests. Default is 300 seconds.', required=False, type=int,default=300)
parser.add_argument('-l', action='store', dest='port', help='The port where the Web App is running. Default is 8080.', required=False, type=int,default=8080)
args = parser.parse_args()
host = args.ipaddress
if not re.match(r'[0-9]+(?:\.[0-9]+){3}', host):
print('Invalid IP Address.Try again..')
exit(-1)
id = args.id
username = args.username
password = args.password
timeperiod = args.timeperiod
port = args.port
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0'
}
login_data = {
'url': '/index.jsp',
'login': 'true',
'csrf' :"rVvCInOA7tNPlh",
'username' : username,
'password' : password
}
myURL = "http://" + str(host) + ":" + str(port) + "/login.jsp?url=%2Findex.jsp"
myRefreshURL = "http://" + str(host) + ":" + str(port) + "/plugins/refresh"
try:
while (True):
try:
with requests.Session() as s:
url = myURL
r = s.get(url, headers=headers)
soup = BeautifulSoup(r.content, 'lxml')
login_data['csrf'] = soup.find('input', attrs={'name': 'csrf'})['value']
r = s.post(url, data=login_data, headers=headers)
if "Logout" in r.text:
now = datetime.datetime.now()
print(" Refresh Request sent at: " + str(now) + " to WebApp: " + str(host))
refresh_payload = {'id':id,'action':'ldapRefresh'}
refresh_url = myRefreshURL
refresh_request = s.post(refresh_url, data=refresh_payload, headers=headers)
time.sleep(timeperiod)
else:
print("Authentication Failed..Use Correct Username or Password")
exit(-1)
except requests.exceptions.ConnectionError as e:
print(e)
exit(-1)
except requests.exceptions.TooManyRedirects as e:
print(e)
exit(-1)
except (KeyboardInterrupt, SystemExit):
print("Refresh program Exiting....")
time.sleep(2)
sys.exit(0)
if __name__ == '__main__': main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment