WEBVTT 00:01.400 --> 00:10.120 Okay, now we have done almost one of the one section or one part of creating our vulnerability scanner 00:10.840 --> 00:15.800 and 3 or 4 section or four part of it still not completed. 00:15.840 --> 00:16.640 Okay. 00:16.680 --> 00:25.360 So now that we have created this program that is extracting links, and the next thing is something 00:25.360 --> 00:34.640 that we create and we need to create a program or this part is going to be about extracting forms, 00:34.680 --> 00:35.040 okay. 00:35.080 --> 00:37.040 From the web page that we want. 00:37.320 --> 00:46.280 And then uh, executing or putting some data to the form so we can see the result. 00:46.960 --> 00:47.360 Okay. 00:47.720 --> 00:54.320 So here we have some thing or some part that was doing the extraction form for me, for us. 00:54.320 --> 00:57.000 Okay I'm going to use this code. 00:57.000 --> 01:03.940 Just copy and paste it and then modify it to Uh, user here, so let me. 01:08.060 --> 01:09.180 Just a moment. 01:11.300 --> 01:12.420 I have this method. 01:12.420 --> 01:12.820 Okay. 01:14.100 --> 01:16.100 And let's create another method. 01:16.100 --> 01:21.220 This method is going to be extract arms okay. 01:22.780 --> 01:28.620 In here we are going to give this the URL. 01:28.620 --> 01:33.340 So it will get the URL and then extract the form for me. 01:33.900 --> 01:35.900 So how can I do that. 01:36.660 --> 01:40.340 Very easy I can copy that uh, from here. 01:40.420 --> 01:42.580 Or I can create it myself. 01:43.860 --> 01:45.260 Uh, let me see this part. 01:45.300 --> 01:45.580 Okay. 01:45.580 --> 01:47.260 We use the request method. 01:47.300 --> 01:50.220 Then we have the beautiful soap here. 01:50.500 --> 01:51.420 Okay. 01:51.420 --> 01:53.460 That needs to be imported first. 01:53.460 --> 01:58.660 And then we have first HTML point all. 01:58.700 --> 02:03.730 Okay, let's copy three line from here and then modify it here. 02:09.490 --> 02:10.250 Okay. 02:10.290 --> 02:13.810 The first thing is we need to import beautifulsoup. 02:14.090 --> 02:14.450 Okay. 02:15.730 --> 02:22.570 Uh, we can use from BS4 import. 02:23.810 --> 02:25.010 Beautiful. 02:27.290 --> 02:31.970 Soup from base form all the time. 02:31.970 --> 02:33.730 I'm writing this form. 02:33.730 --> 02:34.810 I don't know why. 02:34.850 --> 02:38.450 Okay, so from BS4 input Beautifulsoup. 02:38.490 --> 02:41.370 When we import that then we can use it here. 02:41.930 --> 02:51.570 So we have the response and the response is equal to right now you see we use the request here that 02:51.610 --> 02:56.330 when it's not exist here okay I need to remove this. 02:56.330 --> 02:58.690 Instead of that I'm going to use session. 02:58.730 --> 03:01.230 So self love that station. 03:01.590 --> 03:02.070 Okay. 03:04.310 --> 03:06.630 Uh, dot get. 03:08.110 --> 03:15.390 And instead of target URL in here, I'm just going to provide the URL that we are giving that as argument 03:15.390 --> 03:17.030 to extract form method. 03:17.950 --> 03:19.630 So that is that was it okay. 03:19.670 --> 03:21.630 And the next thing is beautifulsoup. 03:21.670 --> 03:23.190 We have post HTML. 03:25.310 --> 03:29.750 Uh it is equal to Beautifulsoup dot response dot content okay. 03:29.790 --> 03:31.310 Response dot content. 03:31.310 --> 03:39.430 And the next thing we are storing this data, uh, the form into something here, uh, from the list. 03:39.470 --> 03:45.030 Now instead of storing this into something, I'm going to return it. 03:45.030 --> 03:45.670 Okay. 03:45.710 --> 03:52.430 So return past HTML first HTML that find all and then the form. 03:52.430 --> 03:55.790 So this will extract the form for me and then it will return it. 03:55.790 --> 03:58.190 And then I can use it somewhere. 03:58.270 --> 04:00.890 The next thing is going to going to be another method. 04:00.890 --> 04:07.490 This method is going to be submit a form maybe. 04:08.450 --> 04:14.250 So the first thing that I am going to give to this is going to be the form okay. 04:14.290 --> 04:17.010 Because this is going to extract the form. 04:17.010 --> 04:19.770 So I have the form from here from this method. 04:19.850 --> 04:22.650 And then I will give the form to this. 04:22.810 --> 04:26.650 And the next one we need to give a value okay. 04:26.690 --> 04:28.490 So I will let her explain it. 04:28.490 --> 04:36.570 And then the URL that is going to be necessary URL to the specific form okay. 04:37.210 --> 04:42.570 Now also we have done this into this part okay. 04:42.610 --> 04:47.970 We have action is equal to something blah blah blah that is here. 04:47.970 --> 04:55.050 So let's use it here and then select this part. 04:55.090 --> 04:59.010 Hit tab once and we are done okay. 05:01.880 --> 05:04.040 Action is equal to formula. 05:04.080 --> 05:04.680 Get. 05:05.880 --> 05:06.640 Okay. 05:06.680 --> 05:07.280 Action. 05:08.040 --> 05:10.400 So we are searching for action. 05:10.400 --> 05:14.720 If the action is, um. 05:14.760 --> 05:15.800 Do something okay. 05:16.040 --> 05:19.200 And then we are joining these two URL okay. 05:19.240 --> 05:21.960 One of them is target URL with the action. 05:22.200 --> 05:23.720 So we are parsing that. 05:24.280 --> 05:32.320 So in here now instead of giving this target URL I am just going to give the URL that is coming from 05:32.320 --> 05:32.760 here. 05:33.360 --> 05:39.160 So and then print our post URL. 05:41.120 --> 05:45.400 Um uh okay. 05:47.200 --> 05:50.400 And next thing we need actually I don't need this. 05:50.400 --> 05:51.440 I can remove it. 05:53.080 --> 05:54.040 Not necessary. 05:56.520 --> 05:59.280 The next thing is going to be a method. 05:59.280 --> 06:02.900 The method is going to be equal to form that is here. 06:02.940 --> 06:03.140 Okay. 06:03.180 --> 06:05.700 It will come that get dot get method. 06:05.820 --> 06:06.900 It will get the method. 06:07.260 --> 06:11.460 Maybe it is uh post or get or something. 06:11.500 --> 06:11.900 Okay. 06:12.500 --> 06:16.580 Now I am going to remove this print from here as well. 06:18.380 --> 06:18.780 Okay. 06:19.020 --> 06:21.060 And then we have the input list. 06:21.060 --> 06:22.740 We will get all the input. 06:22.780 --> 06:23.020 Okay. 06:23.020 --> 06:25.660 We have found all the input. 06:26.940 --> 06:27.540 That is okay. 06:27.700 --> 06:29.300 And also we have post data. 06:29.300 --> 06:30.580 It is a dictionary. 06:30.980 --> 06:36.940 And then I want to iterate through the all inputs. 06:37.260 --> 06:42.380 So for input in inputs uh input list. 06:42.780 --> 06:47.300 So in here I'm going to uh you see we are capturing three things here. 06:47.340 --> 06:50.860 Name type and also value. 06:50.860 --> 06:54.180 And I'm checking if input type is text. 06:54.540 --> 07:01.440 Then enter or change the input value that is here and to name it. 07:01.600 --> 07:04.400 So you see that we are changing this to name it. 07:04.480 --> 07:12.320 And now this time I'm going to change it to something else that is going to be value. 07:12.360 --> 07:13.280 What is the value. 07:13.320 --> 07:14.720 Value comes here. 07:14.760 --> 07:15.240 Okay. 07:16.440 --> 07:22.120 And then we have post data input. 07:22.240 --> 07:23.280 Input value. 07:23.400 --> 07:24.200 That is okay. 07:24.400 --> 07:34.600 And also you see that maybe or sometime or all the time here right now here we are checking that request 07:34.600 --> 07:35.080 dot post. 07:35.080 --> 07:38.880 That means we are just using the post method not get method. 07:38.880 --> 07:40.880 So we need to check that here. 07:41.120 --> 07:44.800 If the method is post then do this. 07:44.800 --> 07:49.000 If it is not post then we need to handle this in another way okay. 07:50.400 --> 07:53.760 So before that let me. 07:56.080 --> 08:07.310 Write in here and I am going to check if the method is going to be equal to if the method. 08:07.790 --> 08:08.270 Okay. 08:10.910 --> 08:13.590 Uh, if the method. 08:13.630 --> 08:15.310 Let me see where the method is. 08:15.310 --> 08:15.550 Okay. 08:15.550 --> 08:16.230 That is here. 08:16.470 --> 08:18.270 If the method is equal to. 08:20.670 --> 08:21.390 Post. 08:24.790 --> 08:30.910 Then let's return this thing okay. 08:35.750 --> 08:41.350 And also let me hit this that in here right now. 08:41.350 --> 08:43.670 You see we are using request. 08:43.670 --> 08:54.230 But instead of request I am going to use self dot session okay self dot session dot post. 08:54.750 --> 08:56.710 And then I have the post URL. 08:56.750 --> 08:59.570 And then data is equal to post data. 08:59.850 --> 09:01.490 So this is the if part. 09:02.090 --> 09:04.770 If it is not then it is good. 09:04.810 --> 09:05.210 Okay. 09:06.050 --> 09:09.450 So when it is gate come on. 09:10.290 --> 09:13.290 When it is gate we need to return something else. 09:13.370 --> 09:22.690 And that is going to be return um self dot session dot get. 09:22.730 --> 09:25.170 And we have the post URL. 09:25.850 --> 09:29.170 And the next one is going to be params. 09:30.010 --> 09:35.170 And this one is going to be post data. 09:35.210 --> 09:35.610 Okay. 09:35.810 --> 09:36.130 So. 09:38.170 --> 09:39.250 Uh perfect. 09:39.850 --> 09:45.770 I will show you now something about the links, the forms that some forms may use git. 09:45.970 --> 09:48.850 Some forms may use post as method okay. 09:50.130 --> 09:55.370 So and here also we need to handle this thing. 09:55.570 --> 09:59.520 So right now you see we are using this travel method. 10:00.400 --> 10:07.160 Let me comment that and use another method that we just created. 10:07.600 --> 10:10.240 The first thing is to extract something. 10:10.280 --> 10:16.360 Okay, so let's call that method uh I have the forms. 10:16.360 --> 10:20.800 For example, it is going to be forms that I that I'm extracting. 10:20.800 --> 10:25.960 So I use the object dot extract form. 10:26.240 --> 10:30.040 And you see in here we need to give a URL okay. 10:35.680 --> 10:36.160 Okay. 10:36.200 --> 10:39.880 It is only asking for one URL and no more thing okay. 10:40.280 --> 10:45.120 So here we need to provide a URL for this. 10:45.160 --> 10:47.640 And let's see for some URL here. 10:50.200 --> 10:56.360 Uh let's go to Access Reflected I'm going to give this okay. 10:56.400 --> 10:57.560 Let me use copy. 10:57.560 --> 11:00.260 P and then I'm going to paste that here. 11:00.260 --> 11:02.060 Use Ctrl V to paste it. 11:02.340 --> 11:08.540 And let's print this form once to see what do we have here. 11:08.820 --> 11:11.060 And then let's see. 11:17.020 --> 11:20.220 And right now you see it is giving me a form okay. 11:20.700 --> 11:22.420 It's action nothing. 11:22.420 --> 11:23.180 It's method. 11:23.180 --> 11:26.700 You see right now it is get okay and name. 11:26.820 --> 11:29.940 And also we have what is your what's your name. 11:29.940 --> 11:32.260 And then we have input type is text. 11:32.740 --> 11:35.140 And also we have something like that. 11:35.140 --> 11:35.380 So. 11:37.660 --> 11:48.460 Also if you want to see that detail into the browser you will be able to see that too like here on the 11:48.460 --> 11:48.900 mouse. 11:48.900 --> 11:50.140 And then select that. 11:50.420 --> 11:53.500 So you see we have a form name is this action. 11:53.620 --> 11:56.740 And then we have the method which is get here okay. 11:57.220 --> 11:57.860 Perfect. 11:58.680 --> 12:01.200 So what is the next part? 12:01.240 --> 12:08.040 The next part is to use or call the other method that was to execute something. 12:08.080 --> 12:08.320 Okay. 12:08.360 --> 12:09.200 Submitform. 12:09.200 --> 12:10.920 So I want to submit something. 12:11.160 --> 12:17.240 The first one I want to give the form that we just get it, okay, that we extracted using this one. 12:17.240 --> 12:22.520 And then I want to give a value and then I need to give it a URL. 12:22.720 --> 12:22.960 So. 12:25.120 --> 12:31.000 We are going to call it here I'm going to restore it into something called response. 12:32.200 --> 12:36.560 So this response is going to be equal to the same thing. 12:36.840 --> 12:38.240 Here goes here okay. 12:39.160 --> 12:42.320 And we have what was the name of that. 12:43.080 --> 12:44.720 This one was extract form. 12:44.720 --> 12:47.600 The other one was submit forms. 12:48.000 --> 12:52.320 And here it gives you the first thing which is going to be. 12:54.840 --> 12:57.910 Uh form value and then URL. 12:58.230 --> 13:01.030 So the first one is going to be farms. 13:01.150 --> 13:03.310 So we have our farms here. 13:04.110 --> 13:04.510 Okay. 13:05.070 --> 13:07.510 The next one is going to be a value. 13:07.990 --> 13:12.110 So as you see this form is a list. 13:12.110 --> 13:16.550 So I want this to be the first uh element. 13:16.550 --> 13:18.470 And then you need to give it a value. 13:18.470 --> 13:23.910 For example I'm going to give it test test for just hello world. 13:24.150 --> 13:25.630 Let's see. 13:25.670 --> 13:26.310 Hello. 13:29.870 --> 13:30.630 Hello world. 13:30.630 --> 13:33.030 As or as a value. 13:33.030 --> 13:36.670 And then you need to give the link or the URL. 13:36.990 --> 13:42.750 So the URL is going to be the same thing as goes here. 13:46.910 --> 13:48.150 So I paste it. 13:48.150 --> 13:56.790 And then I'm going to print this response and then use Ctrl s. 13:56.790 --> 13:57.050 Is. 13:59.250 --> 14:01.290 Now it will come first. 14:01.290 --> 14:04.250 It will extract the form and then it will. 14:04.250 --> 14:11.770 After it's extracted, it will come and use Hello World to execute that or on the form and then give 14:11.770 --> 14:12.810 me the result. 14:13.250 --> 14:14.170 So let's see. 14:16.970 --> 14:18.010 What is going on. 14:19.450 --> 14:19.850 Okay. 14:20.170 --> 14:23.210 So right now you see that we have code 200. 14:23.250 --> 14:26.010 That means it is happened successfully. 14:26.250 --> 14:28.330 So let's print the content of this. 14:30.930 --> 14:35.770 When I save it coming back here heading enter. 14:35.770 --> 14:39.530 You see the first thing we use we get is a form. 14:39.530 --> 14:41.970 And then we have this thing. 14:42.010 --> 14:47.090 And then it will give you hello world here somewhere in here. 14:49.770 --> 14:50.810 Okay. 14:50.810 --> 14:54.650 You may be able to find that, but I'm not able to find it again. 14:55.890 --> 14:59.470 You see, we have home and then. 15:04.350 --> 15:04.590 Okay. 15:04.590 --> 15:05.830 I'm not able to find it. 15:05.830 --> 15:08.630 You may be able to find it if you search it. 15:08.630 --> 15:09.150 Okay. 15:09.190 --> 15:12.910 So by the way, that means we have some kind of result. 15:12.950 --> 15:20.430 Uh, here, if I search for hello world, not search, enter the hello World here and then hit the submit, 15:22.270 --> 15:25.030 you will see that we get a Hello world here. 15:25.470 --> 15:27.910 That means it is vulnerable for XSS. 15:27.950 --> 15:29.110 Okay, attack. 15:29.470 --> 15:30.990 We get the hello world here. 15:31.430 --> 15:32.510 So you need to. 15:32.550 --> 15:35.990 You must be able to find this hello world in your result. 15:36.590 --> 15:37.590 If you're. 15:37.630 --> 15:41.830 If you don't believe me that you're you have that kind of result. 15:41.830 --> 15:47.030 So I will just copy this and then paste it here. 15:50.150 --> 15:54.430 And then control F it. 15:54.430 --> 15:55.630 And then we have. 15:56.340 --> 15:56.820 Hello. 15:57.300 --> 15:59.460 You see that here? 16:00.860 --> 16:01.340 You see? 16:01.380 --> 16:01.780 Hello. 16:01.780 --> 16:03.740 Hello, world. 16:04.420 --> 16:04.700 Hello. 16:04.700 --> 16:05.660 Hello, world. 16:05.780 --> 16:07.060 Okay, I think that is it. 16:09.620 --> 16:10.860 And hello. 16:10.860 --> 16:11.380 Hello, world. 16:11.420 --> 16:12.700 Okay, that is the same thing. 16:12.700 --> 16:17.740 When you see when you give the hello world, you will get one extra. 16:17.780 --> 16:18.100 Hello. 16:18.100 --> 16:18.460 Here. 16:18.740 --> 16:19.140 Okay. 16:20.700 --> 16:25.380 If you, uh, test something else. 16:25.700 --> 16:26.300 Let's see. 16:28.020 --> 16:30.140 For example, I search for test. 16:30.780 --> 16:32.700 Let's admit it will give you hello test. 16:32.700 --> 16:32.940 Okay. 16:32.980 --> 16:35.140 And this hello comes from the website. 16:35.260 --> 16:35.620 So. 16:36.900 --> 16:37.940 And that is it. 16:37.940 --> 16:38.380 Okay. 16:38.420 --> 16:42.140 Now you're able to do two more things. 16:42.260 --> 16:50.220 One of them is to extract the form to execute something on the form. 16:50.460 --> 16:53.460 And still we have a lot of things to do with this. 16:53.500 --> 16:53.780 Okay. 16:53.820 --> 16:56.820 So thanks for watching and I will see you in the next lecture.