HTTP POSTusing sockets - python

Question

Ive made a single POST request using sockets in python and it worked fine, but since trying to iterate username and passwords it just is not working, i have been trying for hours if not all day trying to figure out what is the problem.

...i just don't get this at all, code will be below(have tried many different versions of what i have now). Thanks, would really love to know were i have gone wrong with this, i do not think i am too far off?

#!/usr/bin/python
#-*- coding: utf8 -*-

#imports
import socket



users = ['bill','ted','sally','sue']

num_00_09 = ['00','01','02','03','04','05','06','07','08','09']
num_10_100 = [x for x in range(10,101)]
pwd = num_00_09 + num_10_100

for user in users:
    for x in range(1,101):
        length = len(str(user)) + len(str(pwd[x]))

        req = '''POST /python/login2r.php HTTP/1.1
        Host: ad.samsclass.info
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Accept-Language: en-US,en;q=0.5
        Accept-Encoding: deflate
        Content-Type: application/x-www-form-urlencoded
        Content-Length: %s''' % (length)

        req1 = '''
Cookie: __cfduid=d97d8c22217a6727cbe1a7d222f5f27ec1531510998
        DNT: 1
        Connection: keep-alive
        Upgrade-Insecure-Requests: 1

        u=%s&p=%s''' % (user,pwd[x])

        s = socket.socket()
        socket.setdefaulttimeout(2)

        s.connect(('ad.samsclass.info',80))
        s.send(bytes(req + req1,'utf8'))
        r = s.recv(1024)
        print(r.decode('utf8'))
        s.close()

And here is the error code(obviously there is this code for each post iteration done)

HTTP/1.1 400 Bad Request
Date: Sun, 15 Jul 2018 22:41:36 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 313
Connection: close
Content-Type: text/html; charset=iso-8859-1



400 Bad Request

Bad Request
Your browser sent a request that this server could not understand.



Apache/2.4.18 (Ubuntu) Server at attack.samsclass.info Port 80

have added +5 too length variable but am now getting another error

HTTP/1.1 400 Bad Request
Date: Sun, 15 Jul 2018 22:56:49 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 313
Connection: close
Content-Type: text/html; charset=iso-8859-1



400 Bad Request

Bad Request
Your browser sent a request that this server could not understand.



Apache/2.4.18 (Ubuntu) Server at attack.samsclass.info Port 80


Traceback (most recent call last):
  File "file02.py", line 42, in 
    s.send(bytes(req + req1,'utf8'))
OSError: [WinError 10038] An operation was attempted on something that is not a socket

Martijn Pieters · Accepted Answer

Your content length is incorrect. Your POST body is longer than you claim it to be:

length = len(str(user)) + len(str(pwd[x]))

That only counts the user and password string lengths, but your content body consists of more characters still:

u=%s&p=%s

The u= and &p= characters also are part of the POST body, so your content length is at least 5 bytes longer than you told the server to expect.

Next, you are sending headers with a lot of leading whitespace. The indentation on the req = '''...''' and req1 = '''...''' strings is part of the string value, but HTTP headers should be sent without indentation. Remove that whitespace.

Next, HTTP requires that you send headers with both a carriage return and a newline between them. You are sending just separators, not separators.

You'd be much better off using the http.client library that comes with Python. At the very least, try to study it's source code so you can learn what that library does, if you must try to do this the hard way with a socket.

If you don't need to go this low-level, just install requests and let it do all the heavy lifting.

HTTP POSTusing sockets - python

Answers (1)

Related Questions