Proj 2: HTTP Requests with Python (15 pts.)

What You Need

A Kali Linux machine, real or virtual. You could use Windows with Python installed, but it's easier to just use Linux.

Purpose

Learn Python HTTP Methods.

Using HEAD to Grab HTTP Banners

In Kali Linux, in a Terminal window, execute this command: 
nano http1.py
In nano, enter the code shown below:

Save the file with Ctrl+X, Y, Enter.

Explanation

This code connects on TCP port 80 just like the scanner you made in a previous project, but once it connects, it sends an HTTP request like this: 
HEAD / HTTP/1.1
Host: www.ccsf.edu
The HEAD method grabs only the banner, without getting any pages from the server.

Running the Grabber

In a Terminal window, execute this command: 
python http1.py
Enter a target host of www.google.com.

You should see the banner, as shown below:

Grabbing the Attack Server Banner

Use your program to grab the banner from attackdirect.samsclass.info. It should show a banner like that shown below:

Capturing a Screen Image

Make sure the Server: string is visible, as grayed out in the image above.

Click on the host system's taskbar, at the bottom of the screen.

Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.

Save the image as "Proj 2a from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Simple POST Login

This is a simple login form. Test it with any username and password you like.

Username:      

Password:      

Now run Wireshark, and start it sniffing traffic. At the top left of the Wireshark window, in the Filter box, type http and press Enter.

Try to log in with a username of a and a password of b

In Wireshark, stop the capture.

Find the packet in Wireshark with an "Info" column of "POST /python/login1.php HTTP/1.1", as shown below:

Right-click the "POST /python/login1.php HTTP/1.1" line and click "Follow TCP Stream".

The POST request appears, as shown below. The red text shows the HTTP request your browser sent to the server, and the blue text shows the server's reply.

With the mouse, highlight the entire red request, right-click it, and click Copy, as shown below.

Making a Python Login Script

In Kali Linux, in a Terminal window, execute this command: 
nano http2.py
Right-click in the nano window and click Paste. The HTTP request text appears, as shown below.

Enclose the entire request in triple quotation marks, and add "req = " to the start of it, as shown below.

The text turns green--it is a multi-line text string, a handy Python feature.

Add two lines above the "req" variable, as shown below.

Add four lines below the "req" variable, as shown below.

Save the file with Ctrl+X, Y, Enter.

Running the Login Script

In a Terminal window, execute this command: 
python http2.py
You should see an "HTTP 1.1 200 OK" message, followed by some readable text, and some unreadable garbage, as shown below.

The unreadable stuff is binary zipped content, which the request permits because of the "Content-Encoding: gzip" header in the request.

Edit the program and carefully remove that header, as shown below.

Running the Login Script Again

In a Terminal window, execute this command: 
python http2.py
You should see an "HTTP 1.1 200 OK" message, and all the text below it should be readable, as shown below.

Making the Username and Password Variable

In a Terminal window, execute this command, to copy the file to http3.py. 
cp http2.py http3.py
Edit the http3.py file. Break the "req" variable into two parts: "req1" and "req2", and delete the "u=a&p=b" at the end, as shown below.

Change the rest of the code to take user input for the username and password, as shown below.

Enter a Username of a and a Password of b

You should see the message "Credentials rejected!", as shown below:

Troubleshooting

If your script doesn't work, use Wireshark to capture the request so you can see mistakes in it.
Now run the login script again, with the correct username of root and a password of password

You should see the message "Successful login!", as shown below:

Capturing a Screen Image

Make sure the "Successful login!" message is visible, as shown above.

Save a whole-desktop image as "Proj 2b from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Python Loops: String Values

In Kali Linux, in a Terminal window, execute this command: 
nano loop1.py
In nano, enter the code shown below. Do NOT omit the indentation--in Python, indentation is required to indicate what code is inside a loop:

Save the file with Ctrl+X, Y, Enter.

Execute this command to run the script: 

python loop1.py
As you can see below, the code loops through all the listed fruits.

Python Loops: Numerical Values

In Kali Linux, in a Terminal window, execute this command: 
nano loop2.py
In nano, enter the code shown below. Do NOT omit the indentation--in Python, indentation is required to indicate what code is inside a loop:

Save the file with Ctrl+X, Y, Enter.

Execute this command to run the script: 

python loop2.py
As you can see, the code loops through all the numbers to the one before the last one, that is, one through four:

Turning in Your Project

Send the images to cnit.124@gmail.com with a subject of "Proj 2 from YOUR NAME".

Sources

Python Network Programming
17.2. socket -- Low-level networking interface
How can I make a time delay in Python?

Last revised: 9-14-17