Post

Python Web Exploit Boilerplate

Posted
By Dan Fedele 2 min read

If I find a potential attack vector in which I can use Burpsuite Repeater or something, and I just generally want to work with the command line, I typically will code up a quick python script to interact with the vulnerable code. I just wanted to put a little boilerplate script that I can copy from so I don’t have to start over from scratch every time. I expect that this will be a living document that I will modify as I learn new things.

Execute from command line per execution

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

#!/usr/bin/env python3

import requests
import sys

URL = "http://path/to/vulnerable/code.php"
PROXIES = { # For burpsuite
           "http": "http://localhost:8080",
           "https": "http://localhost:8080"
          }

def make_request(item):
    data = {
        "foo": item,
        "bar": "baz",
    }

    # or if doing json, make sure to import json above if you
    # need to read json data, otherwise this should be fine
    #
    # json = {
    #     "foo": item,
    #     "bar": "baz",
    # }
    # Then set json=json in below
    r = requests.post(URL, proxies=PROXIES, data=data)
    
    # you can add an if statement to check if a value will be
    # present in the response data
    # if "foo bar baz" in r.text:
    #     return r.text

    return r.text

if __name__ == "__main__":
    print(make_request(sys.argv[1]))

Execute from Command Loop

Make your own little command loop. I’ll even make a neato prompt that I like to use. When this program executes, it will take every line sent to it and pass it through the remote endpoint.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

#!/usr/bin/env python3

import cmd
import requests
import base64
import sys

URL = "http://path/to/vulnerable/code"
PROXIES = { # for Burpsuite
    "http": "http://localhost:8080",
    "https": "http://localhost:8080",
}

class Terminal(cmd.Cmd):
    prompt = "Agr0 => "
    def default(self, args):
        out = sendReq(args)
        print(f"Got: {out.decode('utf-8')}")

    def do_exit(self, args):
        print("Bye!")
        sys.exit(0)

def sendReq(command):
    """
    sends a request to the endpoint. this needs to be b64 encoded first
    """
    # Base64 encoded just for fun
    out_data = base64.b64encode(command.encode()).decode("utf-8")
    data = {"cmd": out_data} # Whatever you want to put here

    r = requests.post(url=URL, proxies=PROXIES, data=data)

    return r.text

term = Terminal()
term.cmdloop()

Hopefully you find this as useful as I do.

Python
python boilerplate requests hacking web
This post is licensed under CC BY 4.0 by the author.