1

I am running a website on an internal network using Python 2.7 on Windows 7. I have a simple text form (with one hidden value: question number) where users submit their answers for a CTF competition. To prevent multiple responses from the same computer, I need to collect the client's IPv6 or MAC address. How should I accomplish that? It does not matter whether I use GET or POST method.

Here is my current script to accept responses. It is located in the cgi-bin directory.

import cgi

form = cgi.FieldStorage() 

p_number = form.getvalue('problem')
answer = form.getvalue('answer')

And here is my script to host the server.

import BaseHTTPServer
import CGIHTTPServer
import cgitb; cgitb.enable()

def server(port):
    server = BaseHTTPServer.HTTPServer
    handler = CGIHTTPServer.CGIHTTPRequestHandler
    server_address = ("", port)
    httpd = server(server_address, handler)
    httpd.serve_forever()

While running the server, I can see everything that clients access and their IPs in the terminal. Is there a way to log this in a .txt file and then extract the needed values? (I know how to extract them if I would have the log) Here is the image, as you can see, I have been using bootstrap for the website. terminal
(source: googledrive.com)

I didn't want to ask too many questions, so here are some other things I would like to know: What is the best way to set and read cookies in Python CGI? Is it to use "Set cookie: x=y" or to import a Cookie module? Is there any other way?

Is there a way to block certain users? Lastly, I am not allowed to use any other modules that are not already included in Python 2.7.

Community
  • 1
  • 1
Electron
  • 308
  • 4
  • 13
  • IPv6 addresses won't be helpful for that. Any device can give itself an arbitrary number of IPv6 addresses in a subnet, simultaneously (unless prevented by upstream switches or routers). In addition, your log file shows access only by IPv4, not IPv6. – Dubu May 12 '14 at 07:39
  • @Dubu, in the above image, what is displayed is an IPv6 for a fact. My IPv4 is 24.131.___.___. – Electron May 12 '14 at 22:13
  • 3
    Those are not IPv6 addresses; they are RFC 1918 addresses. – Michael Hampton May 12 '14 at 22:36

1 Answers1

2

When using CGI, the web server will pass the user's IP address to your script in the REMOTE_ADDR environment variable. So you can simply check this variable.

    remote_ip_address = os.environ['REMOTE_ADDR']

A tuple containing the remote IP address and port can also be obtained from the CGIHTTPRequestHandler that you created.

    remote_ip_address_and_port = handler.client_address
Community
  • 1
  • 1
Michael Hampton
  • 9,737
  • 4
  • 55
  • 96
  • I've checked and it works. Are there any other environmental variables that can be useful? – Electron May 12 '14 at 22:21
  • @Electron1 See [Wikipedia](https://en.wikipedia.org/wiki/Common_Gateway_Interface) or the [CGI standard](http://www.w3.org/CGI/) for a list. – Michael Hampton May 12 '14 at 22:34