-1

A script to authenticate to a Cisco Systems firewall needs to be converted from perl to Python.

This perl script needs to be converted to a python equivalent.

#!/usr/bin/perl

$login=$ARGV[0];
$pass=$ARGV[1];

# load necessary perl modules
use HTTP::Request::Common;
use LWP::UserAgent;

$url="https://<ip>/netaccess/loginuser.html";

my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });

# POST credentials

my $res = $ua->request(POST "$url", [username => "$login", password => "$pass", sid => "0"]);
$res->is_success or die "Failed to POST credentials to '$url': ", $res->status_line;

#!/bin/python
import requests
import urllib3
import sys

from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

session = requests.Session()

payload = {'sid' : '0', "username" : sys.argv[1], "password" : sys.argv[2]}

r_post = session.post("https://<ip>/netaccess/loginuser.html",
   data=payload,
   verify=False,
   )

print(r_post.text)

The result is actually not the same. I looks like python is sending this as a parameters in the URL, while with perl this is in the form.

UPDATE :

The page that I try to use is :

</style>
</head>
<body bgcolor=white alink="#333366" vlink="#333366" link="#333366">

<script language="JavaScript1.1">
function doRefresh()
{
    location.replace("/netaccess/connstatus.html");
}
</script>

<FORM method=post ACTION="/netaccess/connstatus.html">

<INPUT type=hidden name=sid VALUE="0">



<h3>Network User Authentication</h3><p><p>Network User Authentication is <i>required</i>.</p> <table border cellpadding=5><tr><td><input type=submit width=120 style="width:120" name=login value="Log In Now"></td><td><b>You are not logged in.</b><br>User IP: <br></td></tr></table><script language="JavaScript">document.forms[0].login.focus()</script>

</FORM>
</body>
</html>
Tom Van de Velde
  • 41
  • 6
  • 1
    Tip: It's not safe to pass passwords as arguments. Other users on the machine can see them. – ikegami Jul 17 '19 at 08:25
  • Please elaborate on "The result is actually not the same." The code looks okay but perhaps you need some special form encoding or something. – ivan_pozdeev Jul 17 '19 at 08:32
  • Possible duplicate of [How to send a "multipart/form-data" with requests in python?](https://stackoverflow.com/questions/12385179/how-to-send-a-multipart-form-data-with-requests-in-python) – ivan_pozdeev Jul 17 '19 at 08:33
  • Both `LWP::UserAgent` and `requests` use the `application/x-www-form-urlencoded` MIME by default. So I've no idea what is "not the same". – ivan_pozdeev Jul 17 '19 at 08:39
  • Re "*I looks like python is sending this as a parameters in the URL*", For a POST request? I don't know Python, much less this particular module (or whatever Python calls them), but that seems unlikely. How did you reach that conclusion? – ikegami Jul 17 '19 at 09:53
  • It is a authentication page against a firewall. The pages a very simple form that is posted to the URL. Difficult to explain what is the difference against a working and none working page, the logic is on the firewall I can only see the HTML. – Tom Van de Velde Jul 17 '19 at 09:59
  • @ikegami when doing the debug it displays send: 'POST /netaccess/loginuser.html HTTP/1.1\r\nHost:\r\nContent-Length: 47\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-862.14.4.el7.x86_64\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\nusername=me&password=there&sid=0' – Tom Van de Velde Jul 17 '19 at 10:04
  • That shows the parameters in the body where they should be, not in the URL. – ikegami Jul 17 '19 at 10:08

2 Answers2

1

I was trying to do the same from similar perl script to Python . In the end , I managed to get it to work by first doing GET and then POST 

url = "https://ip_address/netaccess/loginuser.html"

auth = {"username":user ,"password": passw, "sid": 0}

login = requests.Session()

req_login = login.get(url, verify=False)
send_login = login.post(url, data=auth, verify=False)

If you want to authenticate periodically before session timeout , you need to add this before req_login :

 status_url = "https://ip_address/netaccess/connstatus.html"
 logout = {"sid": 0, "logout": "Log+Out+Now"}
 req_logout = login.post(status_url, data=logout, verify=False)
Arthur
  • 11
  • 1
0

The python program works fine. I tested on requestbin, have a look at results here, by creating a bin on request bin, and looking at the results of both programs.

On the other hand, the form you pasted has a different URL for the form submit (/netaccess/connstatus.html).

tripleee
  • 175,061
  • 34
  • 275
  • 318
aod
  • 155
  • 1
  • 5