Reputation:
Getting Forms on Page in Python
I'm working on a web vulnerability scanner. I have completed 30% of the program, in that it can scan only HTTP GET methods. But I've hit a snag now: I have no idea how I shall make the program pentest the POST method.
I had the idea to make it extract the form data/names from all the pages on the website, but I have no idea how I should do that. Any ideas?
Upvotes: 0
Views: 222
Answers (3)
Reputation: 1217
If you know how to collect the data/names from the form, you just need a way to deal with http POST method. I guess you will need a solution for sending multipart form-data.
You should look at the MultipartPostHandler:
http://odin.himinbi.org/MultipartPostHandler.py
And if you need to support unicode file names , see a fix at: http://peerit.blogspot.com/2007/07/multipartposthandler-doesnt-work-for.html
Upvotes: 0
Reputation: 86472
Use BeautifulSoup for screen scraping.
For heavier scripting, use twill :
twill is a simple language that allows users to browse the Web from a command-line interface. With twill, you can navigate through Web sites that use forms, cookies, and most standard Web features.
With twill, you can easily fill forms and POST them back to a server. Twill has a Python API. A from-filling example:
from twill.commands import go, showforms, formclear, fv, submit
go('http://issola.caltech.edu/~t/qwsgi/qwsgi-demo.cgi/')
go('./widgets')
showforms()
formclear('1')
fv("1", "name", "test")
fv("1", "password", "testpass")
fv("1", "confirm", "yes")
showforms()
submit('0')
Upvotes: 3
Related Questions
- Python - get values from forms
- retrieve local html form
- Get data from an html form with python without cgi
- How to get next form content in python
- Form inside page in Django
- Handle HTML Form Data with Python?
- Get form data using python
- How to submit form on webpage in PYTHON?
- HTML forms not working with python
- Screen Scrape Form Results