Basics Of Web Interaction

Created On 23. Feb 2020

Updated: 2023-02-17 01:29:33.107416000 +0000

Created By: acidghost

A URL is composed from more parts. Following this a request is formed which delivers what is requested in the URL. There are multiple tools and ways to send and change requests. I advise to look up here into an explanation what different parts of an URL mean.

netcat

Netcat can send web requests by having the method, request-uri and HTTP-Version passed in.

POST / HTTP/1.1
Host: 127.0.0.1
Content-Length: 78
Content-Type: application/x-www-form-urlencoded

Other parameters have to been passed in manually as well. In such case, curl can be helpful in parsing it correctly. Netcat also requires for the URL parameters to be URL encoded.

curl

Composing web requests through terminal is in most with curl as first choice. Unlike with netcat, curl doesn't require for such parameters as Content-Length or HTTP-Version to be hardcoded. With the flag -v it will disclose information on a current request.

A curl request with some JSON data might look like this:

curl -H "Content-Type: application/json" -d '{"key a":"value", "key b":{"key c": "value", "key d": ["value", "value"]}}' http://127.0.0.1

python

With python a similar request can be crafted in such way:

newHeader={'Content-type': 'application/json', 'Accept': 'text/plain'}
requests.get("http://127.0.0.1/", data=[('key a', 'value'), ('key b', 'value')], headers-newHeader).text

This was possible with the requests library. Let's take a look at another python library, Urllib2:

import urllib2
body = urllib2.urlopen("http://example.com")
print body.read()

We are sending a simple get request to our website. However this is just a raw request, which means nothing on the side like JavaScript will be executed.
We can modify the request headers with urllib2 as follows:

 headers = {
 'User-Agent' : 'Mozilla/5.0 (X11; Kali; Linux x86_64;
 rv:41.0) Gecko/20100101 Firefox/41.0'
 }
 request = urllib2.Request("http://example.com",
 headers=headers)
 url = urllib2.urlopen(request)
 response = url.read()

We pass additional parameters this way:

import urllib
 fields = {
 'name' : 'Jon',
 'email' : 'Jon@example.com'
 }
 parms = urllib.urlencode(fields)
 u = urllib.urlopen("http://example.com/login?"+parms)
 data = u.read()
 print data

You see above a GET request by just appending +params
Send a POST by separating it:

import urllib
 fields = {
 'name' : 'Jon',
 'email' : 'Jon@example.com'
 }
 parms = urllib.urlencode(fields)
 u = urllib.urlopen("http://example.com/login", parms)
 data = u.read()
 print data

Here we create a custom opener with cookies enabled:

 opener = urllib2.build_opener(
 urllib2.HTTPCookieProcessor()
 )

and create the request:

 request = urllib2.Request(
 "http://example.com/login",
 urllib.urlencode(fields))

Send a login request:

 url = opener.open(request)
 response = url.read()

Now we can access the private pages with the cookie we got from the above login request:

 url = opener.open("http://example.com/dashboard")
 response = url.read()

Section: Web

Back

'Only the madman is absolutely sure.' - Robert Anton Wilson

Basics Of Web Interaction

netcat

curl

python