WEBVTT 00:01.240 --> 00:01.760 Okay. 00:01.760 --> 00:07.920 In the previous lecture, we completed the crawler that we just created, and now it is time to create 00:07.920 --> 00:12.240 a program to guess the login page information. 00:12.320 --> 00:16.880 Okay, here you see we have dv w that is here right now. 00:16.960 --> 00:28.080 We need to, uh, write a program that uh, gives or even we provide the username and also the password. 00:28.680 --> 00:32.440 So it needs to handle this. 00:32.440 --> 00:32.880 Okay. 00:33.840 --> 00:37.600 Um, add the username here and then enter the password here. 00:37.600 --> 00:39.080 And then hit the login button. 00:39.080 --> 00:43.280 And then go inside and log in. 00:43.280 --> 00:54.960 So here you see when we try to see the information or the details the code that is here, you see we 00:54.960 --> 00:57.320 have a form and it has an action. 00:57.320 --> 00:58.640 It is login dot php. 00:58.680 --> 01:03.880 That means when we provide the username and password it will redirect us to Login.php. 01:03.880 --> 01:05.280 And also it has a method. 01:05.280 --> 01:06.320 It is post. 01:06.600 --> 01:13.200 But before you know that we were handling the request in the get method, sorry. 01:13.200 --> 01:17.960 And now we have something else and that is the method which is called post. 01:17.960 --> 01:18.480 Okay. 01:18.520 --> 01:21.960 You're going to handle the post method which is very secure. 01:22.000 --> 01:25.400 And in here now you see we have a user okay. 01:26.520 --> 01:27.440 We don't need that. 01:27.440 --> 01:28.680 We have an input here. 01:28.840 --> 01:30.240 It has a name okay. 01:30.280 --> 01:33.880 Name for username is equal to username. 01:33.880 --> 01:36.200 And also we have a password. 01:36.240 --> 01:39.120 Name for password is equal to password. 01:39.120 --> 01:42.920 And also we may have an input button. 01:43.320 --> 01:46.400 The input button a value for this is login. 01:46.400 --> 01:48.040 And also name for this is login. 01:48.040 --> 01:49.560 And also we need type. 01:49.600 --> 01:51.240 Type is equal to submit. 01:51.960 --> 01:56.080 So we can handle this very very easy in here. 01:56.080 --> 01:58.600 You see I created a program called login. 01:58.680 --> 02:01.080 In here again we are going to use the request. 02:01.240 --> 02:03.680 So first I'm going to Import 02:05.640 --> 02:06.800 requests. 02:07.240 --> 02:12.600 And in here, the first thing we need to provide is the target URL. 02:12.640 --> 02:12.960 Okay. 02:13.040 --> 02:14.520 Target URL. 02:14.840 --> 02:19.960 It is going to be equal to the URL that I am going to just give it to. 02:20.000 --> 02:20.920 That is here. 02:21.000 --> 02:25.080 So I use copy and then paste it here. 02:25.680 --> 02:26.320 Perfect. 02:26.360 --> 02:28.160 Now we have the target URL. 02:28.200 --> 02:29.120 Okay. 02:29.120 --> 02:32.040 The next thing is to have those data. 02:32.080 --> 02:38.800 Okay I am going to name it Data dictionary because we are going to store this as dictionary. 02:38.880 --> 02:42.560 The first thing is I think it was username. 02:42.600 --> 02:42.880 Okay. 02:42.920 --> 02:44.000 The key is username. 02:44.000 --> 02:47.800 And here I need to provide one more thing. 02:49.800 --> 02:53.480 You see we have name which is username. 02:53.480 --> 02:55.960 And we need to give it a value. 02:56.040 --> 02:59.600 The second thing that we are providing here in dictionary is the value. 03:01.280 --> 03:07.720 Uh here for example I example, I am going to give this test. 03:07.800 --> 03:14.920 So right now when we execute this, the test will be writing to username and then go to the next one 03:14.920 --> 03:17.880 which is going to be password. 03:18.440 --> 03:22.160 And it's going to be for example. 03:22.240 --> 03:27.320 It's also going to be test now which is not true. 03:27.360 --> 03:28.120 Okay. 03:28.160 --> 03:32.240 And the next one is login okay. 03:32.240 --> 03:36.440 Value for login is submit. 03:37.880 --> 03:40.680 Let's see if it is submit or not. 03:42.240 --> 03:44.120 Username password. 03:44.120 --> 03:48.920 And also we have login and the type is submit. 03:48.920 --> 03:51.120 That means the value is submit. 03:51.160 --> 03:53.680 We hit submit button now. 03:56.120 --> 03:58.920 Now we have this dictionary okay. 04:00.240 --> 04:05.800 The next thing is to use the request dot post or dot get or something. 04:06.520 --> 04:10.080 So I'm going to name it response. 04:10.080 --> 04:12.720 It is equal to request dot. 04:12.760 --> 04:16.640 Before we were using git but now it is time to use post. 04:16.680 --> 04:16.880 Okay. 04:16.920 --> 04:22.040 Because the method is post here the first argument is going to be the URL. 04:23.760 --> 04:29.320 The second argument is going to be the data which is equal to data dictionary. 04:29.920 --> 04:39.480 Okay, now I have the response if I print the response and not just the response okay, I want to print 04:39.480 --> 04:43.240 the content of the response. 04:43.240 --> 04:47.840 Now if I save it, let me show you in the real website here. 04:48.280 --> 04:58.400 Now if I provide test and test and then hit the login, nothing happens because login failed, because 04:58.680 --> 05:02.520 that is not the real information that I provide. 05:02.640 --> 05:05.880 I think the username for this is username. 05:09.330 --> 05:20.050 And this one is password login, failed username and password. 05:21.490 --> 05:25.090 Okay, I will find the real username and password. 05:29.250 --> 05:34.170 Let's try admin and then password. 05:34.970 --> 05:39.730 Okay so you see now that when we log in we have this URL. 05:39.730 --> 05:42.770 And also we have welcome to dam vulnerable web page. 05:43.170 --> 05:45.130 And we are logged in. 05:45.250 --> 05:49.170 So okay here now. 05:51.930 --> 05:53.690 You see that we are in this page. 05:53.730 --> 05:55.090 Okay. 05:55.330 --> 05:58.330 Let me come right here and save this. 05:58.930 --> 06:04.490 Let's open the terminal I'm going to clear this city. 06:06.410 --> 06:12.490 City login In and then python login.py hit enter. 06:12.930 --> 06:19.970 Now you see an HTML web page that it is giving me something. 06:20.010 --> 06:23.490 Let's see if anything readable. 06:27.570 --> 06:28.530 Login. 06:28.970 --> 06:32.370 Logo message. 06:38.650 --> 06:42.970 Some web application with password. 06:45.210 --> 06:49.410 Okay, so now we have this thing okay. 06:49.450 --> 06:52.850 Which is very little information that is here now. 06:53.170 --> 06:55.290 And I'm sure we are not logged in. 06:55.290 --> 07:00.010 You see we are just, uh, capturing this data, which is the form. 07:00.050 --> 07:00.490 Okay. 07:01.930 --> 07:06.890 It is printing me the data. 07:06.930 --> 07:13.010 Now if I just use instead of username, I use admin and instead of password. 07:13.010 --> 07:18.250 If I use password and I am going to save it. 07:20.210 --> 07:22.570 The data dictionary looks good. 07:22.890 --> 07:28.010 Now if I hit login now you see that we have a lot of information here. 07:28.010 --> 07:33.770 That means we are logged in and in here you see we have. 07:33.810 --> 07:36.490 Welcome to this application. 07:36.490 --> 07:37.730 What does that means. 07:37.730 --> 07:40.330 That means we are logged in. 07:40.330 --> 07:45.210 Let me show you in the, uh, web page that is here. 07:45.330 --> 07:45.810 Okay. 07:46.850 --> 07:51.250 In here you see we have this information here, this text here. 07:51.650 --> 07:53.930 And you see that text here. 07:54.410 --> 07:56.170 That means you are logged in. 07:56.170 --> 08:02.010 So now in here you learn how to handle the post method using request. 08:02.050 --> 08:02.610 Okay. 08:02.650 --> 08:07.450 Before you learn how to handle git method now you learn how to handle post method. 08:07.770 --> 08:08.970 So perfect. 08:08.970 --> 08:11.250 Thanks for watching and I will see you in the next lecture.