 What's up guys, this is John Hammond continuing on the Natus War game from over the wire I just got the password for Natus level 4, so we've got that going in our script Let's actually print out the content of the web page as we connect to it Make sure we update the path or the folder the file that we're actually retrieving And we want to just go ahead and get the page Let's set the syntax to HTML to get that nice color coding and sublime text and the content of this web page It says access disallowed. You're visiting from empty string. Well authorized users should only come from HTTP Natus 5 At Natus.labs and over the wire.org. Okay, so Well What do we what do we need to do here? I Am curious how it's determining where we are visiting from and I think it has something to do with HTTP headers So HTTP headers are carried with every single request that you end up passing the server And typically they can come with a get or a post or any other HTTP verb or what you're trying to do so come on some of the common ones are like ex forwarded for or Accept the kind of file that you're looking for even though it'll carry the cookies with you etc etc And you can continue through these etc. And to examine some of them but they are like a dictionary value and key pair of of things that you're giving to the web server so headers can have specific values and One of the most common ones that we'll see At least when we're making a request with a get request or a get verb that we're doing at least in Python and through our web browser is with the referer or HTTP header and that's I think what they're examining to see where we are coming from This from one up here typically contains internet email address Host says the domain name of the server that's actually really crucial for virtual hosting and virtual host routing You'll see that a ton and a lot of hack the box Vulnerable machines and other practice you may do with that hack the box training platform But referer is what I think what we're going to be checking out right now User agents is all about your browser and maybe we'll get into some of that in a later Level and at us and maybe later video. Let's check out referer though. So we can add HTTP headers like Kind of how we're doing a keyword argument here in our get request In using the request module in Python and we can do that with a dictionary data type So I'm gonna call this headers and in Python. We'll just have a string for the key that we're trying to use refer and We'll give it a value that we want. So let's say just to test it out. We'll be like a Subscribe lol's Shameless plug there and let's pass that in to our while I've been calling this variable reponse For all of these videos. Holy cow. Why didn't you guys tell me? That's so funny. I gotta fix gotta fix all those other scripts. All right Let's pass in this this argument law as a keyword keyword variable and keyword argument Headers equals headers here. I that's probably confusing because I'm just using This variable named headers to refer to this keyword argument, but I promise it's doing what we want it to do Even though it sounds pretty silly and repetitive now. Let's run this script and see what happens Checking out the response. It says access disallowed you're visiting from subscribe lol's. Okay, so that clearly did work Well authorized users should only come from this string that is five the net as five URL So let's use that as the value for our refer header Paste that right here and now we can run this script check out the response It says awesome access granted the password for net as five is this let's totally steal that and Use that for our regular expressions scraper Do we Get the password that we want we do perfect. All right Let's go ahead and save this This is the correct net as for script now. Let's create a new one for net as five changing the Changing the username and the password. We probably don't need these headers anymore So let's just go ahead and create a new line where we aren't passing those in and we don't need to see the Password we just want to see the content because we are making a new request to jump into this next level from the script It says access disallowed you are not logged in hmm Okay That might be Working with cookies, right? typically If you want to log into a website or a web application They store your login in in a cookie or say that you over authenticated with a cookie. So Let's check out what we can see with our cookies Since we're making a standalone request with requests dot get we Probably won't keep track of cookies in an easy way. All we're doing is a single request here It's not keeping our our session or our cookies alive in repeated connections so let's actually move to a new object a session and That can be recreated with just a request module requests session And that will return an object for us that we can work with and create other Create other requests with that keep their state or they keep the session that they're working with You can see it actually we're turned out here. Okay. It is a session object. Oh, I printed it twice. I'm a fool So, okay now we can make requests with that Not using just the request module as the scope we can say response equals Session dot get or the name of our object what we created here. So Now we can still get the same content and everything back, but now we're using the request object Or the session object for us cool So the same response we'd seen before but now that we have a session object We can check out what our session cookies are after we've viewed this web page because this web page probably set a cookie for us let's print out session and The variable that we want to check out to see what cookies have been set for us is just cookies And again, if you don't know any of this stuff or you aren't familiar with this syntax You can just go and check out the documentation on the Request online website it kind of goes through in the quick start how you can move into some cookies here I just control F for cookies and it will go through an example here. Oh, I guess it does set It does it does store cookies in this Response object cool good to know I guess for moving on we can keep the session variable session object Let's try it. I guess when we run the script we can check out what cookies we have here Sessions is not a thing We do want session. Okay, cool. So now we have a new object request cookie jar and We can see this cookie logged in is set to zero so we can index this kind of just like a dictionary here We can say logged in Just like that and you can see it's set to zero if we set that to one That will I don't know get a Getter get us logged in maybe they get us that that'll get us the password. So since cookies also work like headers in that they Use a dictionary data type in Python we can say a new Dictionary object a new dictionary variable cookies equals the syntax for a dictionary with the key being logged in And we'll set the password. We'll set the value to to one And I'm using that as a string here because all of that stuff that when it makes connection to a website has to be a string so Now we can use the same it get function. We've been using before but we can pass in cookies equals cookies kind of just like we did earlier with headers equals headers and That will pass that dictionary along to our our get request so now we can totally check out what the content is and We're it easy as that Access granted the password for net of six is this stuff. So I Want to just drive this point home here if we were to check out again session dot cookies You can see okay. Now the request cookie jar has the cookie logged in set to one because we've set that with our request and The web server just must be testing what the value of that cookie is and it's letting us move so In the content that we're getting as our response. We can give this string to our We'll take the div with it to Give that to our regular expression Hunter and let's see what went wrong or anything. Nothing cool. We got the password So let's go ahead and save this script. This will remain as our natus 5 script But we want to create a new natus 6 script with updating the username and giving it the The new password here. We don't need to pass in the cookies anymore At least we don't think we do so We can take that out of the get request and we should be ready to move on for the next level once we get moving in I'll I'll actually end this video now because I think it's going on for long enough But I hope you guys are enjoying these again Hopefully the style isn't too bad and you're showcasing some some cool things to do in sublime text and Python and Running through these natus levels. So thanks again guys. I'll see you in a later video