脚本访问WebGoat网址?
我最近在做一些WebGoat的例子,作为大学实验的一部分。在其中一个练习中,我尝试用Python脚本和urllib2来做自动化的“测试”,这样我就不用手动去用ascii(substr(first_name,3,1)) > 97之类的代码了。
但是我发现无论我用不同的URL,使用urllib2脚本时总是得到同样的页面,比如f2、f3和f4.html都显示的是基本的首页,而不是像在浏览器中访问时那样的不同页面:
import urllib2
import urllib
import cookielib
import sys
myjar = cookielib.FileCookieJar("cookies.txt");
cookieHandler = urllib2.HTTPCookieProcessor(myjar)
password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
tlurl="http://localhost:8081/webgoat/attack"
password_mgr.add_password(None,tlurl,user="guest",passwd="guest")
authhandler = urllib2.HTTPBasicAuthHandler(password_mgr)
opener = urllib2.build_opener(cookieHandler, authhandler)
data = [('Connection','keep-alive'),('User-Agent', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; da; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7')]
def write_f_to_f(fname,f):
f1 = open(fname,"w")
f1.write(f.read())
f1.close()
def gen_req(url,referer=None):
req = urllib2.Request(url)
print "url: %s"%url
mydata = data
if referer != None:
mydata.append( ('Referer',referer) )
[ req.add_header(k,v) for k,v in mydata ]
return req
sys.stdout.flush()
url = "http://localhost:8081/webgoat/attack"
req = gen_req(url)
f = opener.open(req)
write_f_to_f("f1.html",f)
f.close()
params = urllib.urlencode({'start':'Start WebGoat'})
qs = urllib.urlencode( {'Screen':107, 'menu':1200 } )
url = "http://localhost:8081/webgoat/attack"
req = gen_req(url,url)
f = opener.open(req, params)
write_f_to_f("f2.html",f)
f.close()
ourl = url
url = "http://localhost:8081/webgoat/attack?%s"%qs
req = gen_req(url,ourl)
f = opener.open(req)
write_f_to_f("f3.html",f)
f.close()
ourl = url
url = "http://localhost:8081/webgoat/attack?%s"%qs
req = gen_req(url,ourl)
f = opener.open(req)
write_f_to_f("f4.html",f)
f.close()
顺便说一下,我是用“比较难的方法”完成了作业并提交了。现在我只是好奇是什么机制阻止了urllib脚本访问内容。
我尝试访问本地的Tomcat服务器和WebGoat,WebGoat控制台显示:
Sat Feb 13 12:31:14 CET 2010 | 127.0.0.1:127.0.0.1 | org.owasp.webgoat.session.ErrorScreen | [Screen=107,menu=1200]
errorscreen createContent Error:null message:Invalid screen requested. Try: http://localhost/WebGoat/attack
- WebGoat: Sat Feb 13 12:31:14 CET 2010 | 127.0.0.1:127.0.0.1 | org.owasp.webgoat.session.ErrorScreen | [Screen=107,menu=1200]
Sat Feb 13 12:31:14 CET 2010 | 127.0.0.1:127.0.0.1 | org.owasp.webgoat.session.ErrorScreen | [Screen=107,menu=1200]
就我所知,这对我并没有什么帮助。
2 个回答
2
你有没有检查用户代理?我之前为了通过这种检查,必须为一个普通浏览器指定一个用户代理。你在“data”变量里列出了一个,但看起来你并没有实际使用它。
1
太棒了!
我发现我想要找的页面的ID在每次会话中都会重新生成。所以在选择screenId之前,我需要先查看返回的数据:
import urllib2
import urllib
import cookielib
import re
def write_f_to_f(fname,f):
f1 = open(fname,"w")
f1.write(f.read())
f1.close()
def gen_req(url,referer=None):
req = urllib2.Request(url)
return req
myjar = cookielib.FileCookieJar("cookies.txt");
cookieHandler = urllib2.HTTPCookieProcessor(myjar)
password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
tlurl="http://127.0.0.1:8081/webgoat/attack"
password_mgr.add_password(None,tlurl,user="guest",passwd="guest")
find = "Blind Numeric."
authhandler = urllib2.HTTPBasicAuthHandler(password_mgr)
opener = urllib2.build_opener(authhandler,cookieHandler)
url = "http://127.0.0.1:8081/webgoat/attack"
req = gen_req(url,url)
f = opener.open(req)# Setup session and login.
params = urllib.urlencode({'start':'Start WebGoat'})
url = "http://127.0.0.1:8081/webgoat/attack"
req = gen_req(url,url)
f = opener.open(req,params) # Submit the "Start" form
dat = f.read() # Get the menu html from the firstpage.
f.close()
m = re.search("attack\?Screen=(\d+).*%s"%find,dat) # Try to find screen id for what i want
if not m is None:
scr= m.group(1)
qs = urllib.urlencode( {'Screen':scr, 'menu':1200 } )
ourl = url
url = "http://127.0.0.1:8081/webgoat/attack?%s"%qs
req = gen_req(url,ourl)
f = opener.open(req)
write_f_to_f("f4.html",f)
f.close()
print "Found the page and saved it to f4.html"
else:
print "Didnt find screen id for %s"%find