{"id":1105,"date":"2018-11-27T17:10:19","date_gmt":"2018-11-27T16:10:19","guid":{"rendered":"http:\/\/www.floyd.ch\/?p=1105"},"modified":"2022-02-09T11:35:07","modified_gmt":"2022-02-09T10:35:07","slug":"python-sender","status":"publish","type":"post","link":"https:\/\/www.floyd.ch\/?p=1105","title":{"rendered":"Python Sender"},"content":{"rendered":"<p><span style=\"display: inline-block; width: 0px; overflow: hidden; line-height: 0;\" data-mce-type=\"bookmark\" class=\"mce_SELRES_start\">\ufeff<\/span>Last week I played my first Capture The Flag (CTF) where I really tried solving the challenges for a couple of hours. It was a regular jeopardy style CTF with binaries, web applications and other server ports. I don&#8217;t think CTFs are going to be my favourite hobby, as pentesting is similar but just a little bit more real life. However, CTFs are very nice for people who want to get into IT security, so I wanted to help a little bit in the team I joined. This particular CTF by Kaspersky really annoyed me though, as the servers were very often offline (HTTP 500 errors). Moreover, some challenges allowed <a href=\"https:\/\/infosecwriteups.com\/ctf-writeup-php-object-injection-in-kaspersky-ctf-28a68805610d?gif=true\" target=\"_blank\" rel=\"noopener\">easy Remote Command Execution (RCE)<\/a> and I guess some teams took the chance to prevent other teams from scoring flags. As I just said I&#8217;m not very experienced with CTFs, maybe that&#8217;s how it&#8217;s supposed to be, but for me that&#8217;s silly. Anyway, this post is about something more positive: A Python script to play CTFs, but can also be used during pentests. For those who play CTFs very often, it&#8217;s probably better to use a full library such as <a href=\"https:\/\/github.com\/Gallopsled\/pwntools\" target=\"_blank\" rel=\"noopener\">pwntools<\/a>, but if you just want a small script where you can delete whatever you don&#8217;t need and go with the POC||GTFO flow, you&#8217;ve come to the right place.<\/p>\n<p>I think two of the mostly presented CTF challenges often look the same. You either get a URL to a challenge website and you have to do some HTTP magic or you get something like &#8220;nc www.example.org 1337&#8221; where you are supposed to talk to a server with netcat. Now both challenges usually use TCP\/IP and maybe TLS. The website obviously uses HTTP(S) on top of that. So very often you find yourself sending a lot of HTTP requests or a lot of TCP packets to a certain port. Pentests also require the same sometimes.<\/p>\n<p>To make sure we don&#8217;t have to fight if Python 2.7 is better than Python 3.6, the script I wrote works on both versions. But even then, people might argue that python&#8217;s urllib or urllib2 is sufficient or that they rather use the non-standard requests library. And others will simply say that only asynchronous network IO is really fast enough, so they prefer to use Python Twisted (or treq). However, I got all of these cases covered in the script.<\/p>\n<p>The script allows arbitrary socket and HTTP(S) connections via:<\/p>\n<ul>\n<li>socket and ssl-wrapped sockets &#8211; when you need bare bone or non-HTTP(S)<\/li>\n<li>python urllib\/urllib2 HTTP(S) library &#8211; when you need HTTP(S) and a little bit more automated HTTP feature handling<\/li>\n<li>python requests HTTP(S) library &#8211; when you need HTTP(S) and full HTTP feature handling<\/li>\n<li>python treq (uses Python Twisted and therefore asynchronous IO) &#8211; when you need full HTTP(S) feature handling and speed is important<\/li>\n<\/ul>\n<p>The main features are:<\/p>\n<ul>\n<li>Works under python 2.7 and python 3 (although treq here is untested under python 2.7)<\/li>\n<li>You can just copy and paste an HTTP(S) request (e.g. from a proxy software) without worrying about the parsing and other details<\/li>\n<li>You can also use the sockets functions to do non-HTTP related things<\/li>\n<li>Ignores any certificate warnings for the server<\/li>\n<\/ul>\n<p>It should be helpful when:<\/p>\n<ul>\n<li>You want to script HTTP(S) requests (e.g. just copy-paste from a proxy like Burp), for example during a pentest or CTF<\/li>\n<li>When you encounter a CTF challenge running on a server (like &#8220;nc example.org 1234&#8221;) or a proprietary TCP protocol during pentests<\/li>\n<\/ul>\n<p>Howto:<\/p>\n<ul>\n<li>Change the variables START, END and TLS<\/li>\n<li>Optional: Change further configuration options, such as sending the HTTP(S) requests through a proxy<\/li>\n<li>Change the &#8216;main&#8217; function to send the request you would like to. By default it will send 3 HTTP requests to www.example.org with every library.<\/li>\n<\/ul>\n<p>Enough words, head over to github to download the <a href=\"https:\/\/github.com\/floyd-fuh\/PythonSender\" target=\"_blank\" rel=\"noopener\">Python Sender<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ufeffLast week I played my first Capture The Flag (CTF) where I really tried solving the challenges for a couple of hours. It was a regular jeopardy style CTF with binaries, web applications and other server ports. I don&#8217;t think &hellip; <a href=\"https:\/\/www.floyd.ch\/?p=1105\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19,3],"tags":[212,21,213,20,214,215,14],"class_list":["post-1105","post","type-post","status-publish","format-standard","hentry","category-useful-scripts","category-web-penetration-testing","tag-ctf","tag-http","tag-pentesting","tag-python","tag-script","tag-sockets","tag-webserver-testing"],"_links":{"self":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/1105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1105"}],"version-history":[{"count":9,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/1105\/revisions"}],"predecessor-version":[{"id":1301,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/1105\/revisions\/1301"}],"wp:attachment":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}