Need help with python3
by JustForCases - November 20, 2021 at 11:02 PM
#1
Hello all, i need add some function to this https://www.exploit-db.com/exploits/49424 exploit. I have faced website with this vuln, but website have custom but simple waf. Then you open page, you have to wait 5 sec, then page make auto restriction using POST with few words ( change every time ) then you get cookie, but if you use them directly, you get block. So i need add delay function to this script and accept follow request, then set cookie and try exploit.

Thanks every one for help Smile

Sorry for bad English.
Reply
#2
Do you know if the redirect is done client side or server side? Asking because if it is client side, you're going to need something to render the JavaScript on the page once hitting the landing page. Something like Selenium WebDriver.

Grabbing the cookies and attaching it to your requests is easy, just do s = requests.Session() before any of your requests, then use s.post("url", data=post_dictionary) after generating your cookie to make your post request again.

The delay part sounds like it is being calculated client side and maybe verified server side. Hency why if you use your cookie "directly" you get blocked.
Reply
#3
(November 21, 2021 at 12:51 AM)Intravert Wrote: Do you know if the redirect is done client side or server side? Asking because if it is client side, you're going to need something to render the JavaScript on the page once hitting the landing page. Something like Selenium WebDriver.

Grabbing the cookies and attaching it to your requests is easy, just do s = requests.Session()  before any of your requests, then use s.post("url", data=post_dictionary) after generating your cookie to make your post request again.

The delay part sounds like it is being calculated client side and maybe verified server side. Hency why if you use your cookie "directly" you get blocked.

Thanks for information, but this waf works with post, not get. redirect its client side and verify with cookie and some post data. Any idea, just how store first request, and just collect all data ( like browser ) after redirect?
Reply
#4
(November 21, 2021 at 02:13 PM)JustForCases Wrote:
(November 21, 2021 at 12:51 AM)Intravert Wrote: Do you know if the redirect is done client side or server side? Asking because if it is client side, you're going to need something to render the JavaScript on the page once hitting the landing page. Something like Selenium WebDriver.

Grabbing the cookies and attaching it to your requests is easy, just do s = requests.Session()  before any of your requests, then use s.post("url", data=post_dictionary) after generating your cookie to make your post request again.

The delay part sounds like it is being calculated client side and maybe verified server side. Hency why if you use your cookie "directly" you get blocked.

Thanks for information, but this waf works with post, not get. redirect its client side and verify with cookie and some post data. Any idea, just how store first request, and just collect all data ( like browser ) after redirect?

The info I gave you is for a post request not get. After your post request, you can retrieve the cookie data using s.cookies.get_dict(). Since you know the redirect is client-side, do you have the JavaScript for it? It can either be there or in the HTTP response headers.
Reply
#5
(November 21, 2021 at 05:32 PM)Intravert Wrote:
(November 21, 2021 at 02:13 PM)JustForCases Wrote:
(November 21, 2021 at 12:51 AM)Intravert Wrote: Do you know if the redirect is done client side or server side? Asking because if it is client side, you're going to need something to render the JavaScript on the page once hitting the landing page. Something like Selenium WebDriver.

Grabbing the cookies and attaching it to your requests is easy, just do s = requests.Session()  before any of your requests, then use s.post("url", data=post_dictionary) after generating your cookie to make your post request again.

The delay part sounds like it is being calculated client side and maybe verified server side. Hency why if you use your cookie "directly" you get blocked.

Thanks for information, but this waf works with post, not get. redirect its client side and verify with cookie and some post data. Any idea, just how store first request, and just collect all data ( like browser ) after redirect?

The info I gave you is for a post request not get. After your post request, you can retrieve the cookie data using s.cookies.get_dict(). Since you know the redirect is client-side, do you have the JavaScript for it? It can either be there or in the HTTP response headers.

I'm totally noob in python, I will check, every your information Smile
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
need help cracking these hashes maxxam1 0 374 October 30, 2021 at 02:47 PM
Last Post: maxxam1
I need help. NhanAZ 0 543 September 18, 2021 at 04:18 AM
Last Post: NhanAZ
[PAYING] NEED HELP CRACKING THESE HASHES FuckDaOppz 1 807 August 30, 2021 at 07:25 PM
Last Post: machia

 Users browsing this thread: 1 Guest(s)