Menu
Home
Log in / Register
 
Home arrow Computer Science arrow Understanding Network Hacks
< Prev   CONTENTS   Next >

7.2 Web Services

For some years now, web services have become a big trend. A web service is a service that allows machine-to-machine communication. A few new standards and protocols were developed for this purpose like REST, that uses the HTTP methods GET, PUT and DELETE to implement a CRUD (Create, Read, Update, Delete) API, XML-RPC, that allows remote procedure calls encoded in XML over HTTP and SOAP, which makes it possible to transfer whole objects over the network. SOAP defines another XML format called WSDL (Webservice Description Language), that describes a web service and how a remote computer can automatically generate stub code to communicate with it.

This book cannot go into too much detail about specific web service protocols, because this chapter should merely cover HTTP-based attacks, but interested readers can adopt the described methods to attack web services. Often it is not necessary to attack web services at all, because their services are completely unprotected. If an attack is needed, full blown and complex protocols like the so called Simple Object Access Protocol SOAP should revel enough possibilities.

7.3 Required Modules

Most examples in this chapter don't use the urllib2 module, which is integrated into the Python distribution, but the httplib2 module, because it provides such additional nice features as caching, redirection and compression.

Furthermore we will apply BeautifulSoup to parse HTML code as well as mitmproxy for implementing HTTP man in the middle attacks.

All modules are quickly installed by executing

pip install httplib2

pip install BeautifulSoup pip install mitmproxy

And now let's hack some source code!

7.4 HTTP Header Dumper

Let us start with a simple warm-up and just dump all HTTP header options received by a web server onto the screen.

1 #!/usr/bin/python

2

3 import sys

4 import httplib2

5

6 if len(sys.argv) < 2:

7 print sys.argv[0] + ": <url>"

8 sys.exit(1)

9

10 webclient = httplib2.Http()

11 header, content = webclient.request(sys.argv[1], "GET")

12

13 for field, value in header.items():

14 print field + ": " + value

You can optionally submit a directory to the constructor Http() in order to activate caching to it. The real work is done by the function request(), which takes the HTTP method beside the URL parameter. It returns two values: a dictionary containing the header data, that we will output later, and the content such as the HTML page of the URL, which we will ignore in this first example.

 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Philosophy
Political science
Psychology
Religion
Sociology
Travel