Came across this great YouTube channel by @tjc_, where he step through the process of writng python scripts to automate the exploitation of the PortSwigger labs.
I followed his videos and reproduced the python scripts but credit goes to @tjc_
The utils and other pythons scripts imported into each vulnerability catagory lab is reference with symbolic link, under each sub folder. In below example in the XSS folder there is symbolic link to ../utils folder.
cd xss/
ln -s ../utils utilsThis create uniform import standard in all scripts.
The is my explanation of the code structure developed by @tjc_.
- site.py contain the class, super-class, attributes, objects and functions reused between the tipe of targets, if it is blog or site, these include the common objects.
- utils.py is the commong python functions reused in the main program.
- blog.py is functions used only on targets of a web app of blog purpose.
- shop.py is the ecommerce web app common python functions.
- Vulnerable_lab_name.py this is the main app to target the specific type of lab.
The image below show the payload executed by the python domxss script in an attempt to steal victim cookie. The cookie is secure with HttpOnly flag set.
Script used in above DOMXSS example
This is simple example of the HTTP request smuggling basic CL.TE lab solved using python script.
Smuggle CL.TE basic Python code
Scripts in python to perform SSRF filter bypass via open redirection vulnerability.
SSRF Open Redirect lab solved using Python
