Friday, February 15, 2013

Python Script to Connect to and Start Web Goat: article 201302

This is a simple script that uses Mechanize to connect to Web Goat, Log In, and Start Web Goat

If you want to connect to Web Goat remotely will need to modify the server_80.xml file (or server_8080.xml based on your config) to allow remote connections. DOING THIS INCREASES RISK TO YOUR SYSTEM.
To modify the xml file navigate to your Web Goat folder. In my case
Select the appropriate file for editing; in my case server_80.xml.  Change the line:
Start the Web Goat listener.
I ran the below script from one system to connect to the system where Web Goat was listening.


import mechanize

browser = mechanize.Browser()

browser.add_password("", "guest", "guest")'')

for form in browser.forms():
print "form is: ", form



for link in browser.links():
print link.text + ' : ' + link.url

Of course the IP address of where your Web Goat will most likely vary.  So what is going on in the above is:
1. I imported mechanize (this needs to be installed onto your system)
2. I created a browser instance
3. I added the default username and password of Web Goat to browser instance 'guest' and 'guest'
4. I opened a session with the Web Goat listener
5. I print the available forms (there really is no need to do this)
6. I select the form (there is only one on this page)
7. I submit the form
8. I print the links' text and url's just to verify that I have successfully logged in and started the Web Goat

Next steps for me to practice are attacking Web Goat with Mechanize.

No comments:

Post a Comment