Just Another Blog!: Getting HTTP headers and searching for X pattern in the body content with Python

I've done this small script to get the HTTP headers, get the server response and then look for x text:

#!/usr/bin/python

import sys

import httplib

from urlparse import urlparse



#Initializing some vars

target_address=""

resource = ""

conn = ""

res = ""





def UserInput():

    global target_address

    global resource

    i = 0

    

    while True:

        if i >= 2:

            print "[-] Don't try to be sneaky if you want to test, provide a valid URL, I'm exiting..."

            sys.exit();

            

        url = raw_input("Enter a valid URL to Test: ")

        if url and "http://" not in url:

            print "[-] you need to follow RFC 1808 when working with URLs, but not worries, I've corrected it for you"

            url = "http://" + url

            o = urlparse(url)

            #Validating that user's input has a resource to GET /something.some

            if not o.path or o.path == "/":

                print "[-] Nothing to do, you need to provide a valid URL and RESOURCE to test i.e http://www.test.com/resource.htm,  I'm exiting..."

                sys.exit()

            #all good and set so lets assign them

            target_address = o.netloc

            resource = o.path

            break

        i +=1

            

        

def Connection():

    global conn

    global res

    print "\n[?] Trying to connect to: " + target_address

    print "[?] Trying to GET: " + resource

    conn = httplib.HTTPConnection(target_address,timeout=5)

    conn.request("GET", resource)

    res = conn.getresponse()

    #Goal 1: Print the response of the server:

    print "[*] Server Response: " + str(res.status) + " Details: " +res.reason    

    #Goal 2: Print the response of the server:

    print "\n[*] Server HEADER Response:"

    for i, (header, value) in enumerate(res.getheaders()):

        print "%s: %s" % (header.capitalize(), value.capitalize())



def CheckXSS():

    #Goal 3: check if there is an XSS in the body

    xss = "alert---document.cookie---" # <- i had to modify the actual text since it seems blogger doesn't like script tags

    if xss in res.read():

        print "\n[*] WARNING: XSS detected in HTTP response body!, this guy knows to how to get it done!"

    else:

        print "\n[*] XSS was not found in the body. "

  

try:

    UserInput()

    Connection()

    #if there is a valid resource and exists, we check it.

    if res.status == 200:

        CheckXSS()

    else:

        print "\n[-] Nothing to do, you need to provide a valid URL and RESOURCE to test i.e http://www.test.com/resource.htm, exiting"

    conn.close()

    print "[*] Done!"    

except Exception as msg:

    print ("\n[-] There is a Problem, Check OSI tier 8 and try again\n[-] Error Details: %s" % msg)

As always, feedback is appreciate, cut me some slack though, I dont code everyday just from time to time.

Just Another Blog!

Tuesday, August 16, 2011

Getting HTTP headers and searching for X pattern in the body content with Python

No comments:

Post a Comment