Cookie brute-force with python

Asked Feb 20 '17 at 13:41

Active Feb 21 '17 at 01:13

Viewed 1,741 times

I need to write a loop to brute force a cookie on a website, and this is what I've got so far.

import urllib
import urllib2
opener = urllib2.build_opener()

i = 0
for i in range(75):
            opener.addheaders.append(('cookie',"cookie_name"+str(i)))
            REQ = opener.open("http://127.0.0.1:80/my_cookie")
            REQ.read()

It's actually changing the cookie, but it doesn't give the expected output. Any suggestions?

I tried a while loop and it's the same. I think that the problem is in sending the cookie as a cookie!

second try

import urllib2
opener = urllib2.build_opener()

i = 75
while i > 0:
            opener.addheaders.append(('cookie','alien_id='+str(i)))
            print opener.open("http://127.0.0.1:8082/cookiestore").read(2048)+str(i)
            i=i-1

edited Feb 21 '17 at 01:13

Jonathan Leffler

730,956
141
904
1,278

asked Feb 20 '17 at 13:41

user7451333

1

The format of a cookie is `cookie_name=cookie_value`. You're missing the `=`. – Barmar Feb 20 '17 at 13:49
i fixed that and it still not giving the expected response – user7451333 Feb 20 '17 at 14:17
1

How do you know it's changing the cookie if it's not giving the expected response? – Barmar Feb 20 '17 at 14:44
by adding a print i – user7451333 Feb 20 '17 at 14:46
1

That shows that the variable is changing, it doesn't show that it's changing the cookie. – Barmar Feb 20 '17 at 14:48
1

Your code is the same as http://stackoverflow.com/questions/3334809/python-urllib2-how-to-send-cookie-with-urlopen-request, I don't see why it doesn't work for you. Maybe the problem is with the `my_cookie` script? – Barmar Feb 20 '17 at 14:50
1

What is the expected output, what are you getting instead? – Barmar Feb 20 '17 at 14:51
1

Your script doesn't print the result of `REQ.read()`, how do you know the result is not what you expect? – Barmar Feb 20 '17 at 14:51
i changed the 'REQ.read()' with 'print 'REQ.read()' – user7451333 Feb 20 '17 at 14:55
i'm now printing 'i' and printing the output , the expected output is a html code with 'you got it' in it but i'm receiving html code with 'give me a cookie' in it – user7451333 Feb 20 '17 at 14:57
1

Post the code of `my_cookie`. – Barmar Feb 20 '17 at 15:11
i don't really have it – user7451333 Feb 20 '17 at 15:14
it's a web-based python challenges , a kind of CTF – user7451333 Feb 20 '17 at 15:18
1

Are you sure you're sending the cookie that it's looking for? – Barmar Feb 20 '17 at 15:18
i can give you all details privately – user7451333 Feb 20 '17 at 15:20
1

You're still missing the `=` in your cookie in both versions of the code. – Barmar Feb 20 '17 at 15:31
Why did you change from `cookie_name` to `alien_id`, and why did the URL change? – Barmar Feb 20 '17 at 15:32
opener.addheaders.append(('cookie','alien_id='+str(i)))<< its there – user7451333 Feb 20 '17 at 15:33
# Write a script that can guess cookie values # and send them to the url http://127.0.0.1:8082/cookiestore # Read the response from the right cookie value to get the flag. # The cookie id the aliens are using is alien_id # we believe the id is a number between 1 and 75 – user7451333 Feb 20 '17 at 15:34
that's the whole thing – user7451333 Feb 20 '17 at 15:35
The `for` version is trying cookies from 0 to 74, not 1 to 75. But the `while` version looks correct to me. – Barmar Feb 20 '17 at 15:37

Cookie brute-force with python

0 Answers0