Garage4hackers Forum - Tip | Trick of the Day

Using Beautiful Soup Library for Parsing HTML in python

D4rk357 — Wed, 22 May 2013 11:27:21 GMT

This is a code which downloads a html page and then parses a table from it to display output . Without Beautiful Soup it would require a lot of work and a lot of exception handling but Beautiful Soup makes the work lot

Code:

#!/usr/bin/python



# D4rk-Parser-- A small code for parsing HTML tables in python using Beautiful Soup 

# Coded By D4rk357[2013]





import os , sys, urllib2 ,re

from bs4 import BeautifulSoup

response = urllib2.urlopen('https://urlquery.net/report.php?id=2602506')

html1 = response.read()



soup = BeautifulSoup(html1)



table = soup.find(lambda tag: tag.name=='table' ) 

rows = table.findAll('tr')



for x in rows:

 print '|'.join(x.stripped_strings) # important thing to note is the usage of stripped_strings function . This function is important in cases where there are some other HTML tags inside the table like  etc . In that case normal strip functions won't function properly . It is true in this particular case as well

Output

Attached Images

Crack passwords using John the Ripper (JTR) using multiple CPU cores

b0nd — Wed, 22 May 2013 10:06:58 GMT

oclhashcat, cudahashcat etc. have capability to exploit the power of GPU for cracking. I am not sure whether JTR too possess the same. Anyway, my requirement was to use all 8 cores of my machine, which doesn't have GPU, while running JTR.

Earlier, what I was aware of till date, was MPI patch for JTR for the same purpose. But with the latest releases of JTR, it has got built-in feature for it.

Following snippet is the work around taken from Crack Passwords using John the Ripper with Multiple CPU Cores (OpenMP) � Thireus' Bl0g

Quote:

Johncan break many password hashes, but one of the primary missing feature was the CPU multiple core support. But today, John the Ripper 1.7.9 supports OpenMP which brings Multi-Processing. Of course this feature was present on some patched versions of John, but since the 1.7.9 version it is officially integrated.One of the best platform where you should use John the Ripper is UNIX, I personally prefer using john on Debian x86_64.Let�s try some simple steps to enable and illustrate the new feature

First go to John the Ripper password cracker, and download the latest version. When I write this article the latest stable release was 1.7.9.

$ wget http://www.openwall.com/john/g/john-1.7.9.tar.gz
$ tar -xvzf john-1.7.9.tar.gz

Now let�s make some changes into the Makefile to enable the use of OpenMP

$ cd john-1.7.9/src/
john-1.7.9/src$ nano Makefile

Locate the following lines

# gcc with OpenMP
#OMPFLAGS = -fopenmp
#OMPFLAGS = -fopenmp -msse2

Uncomment OMPFLAGS

# gcc with OpenMP
OMPFLAGS = -fopenmp
OMPFLAGS = -fopenmp -msse2

Before compiling john, make sure you have gcc installed! Now, let�s compile john.

john-1.7.9/src$ make

This command will list all the systems where john can be compiled on. As I�m running Debian x86_64, I will choose linux-x86-64.
john-1.7.9/src$ make linux-x86-64

John should be located in the ../run folder.
Let�s try John

john-1.7.9/src$ cd ../run/
john-1.7.9/run$ ./john --test

Some benches should appear�
Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
Many salts: 7651K c/s real, 3872K c/s virtual
Only one salt: 6876K c/s real, 3487K c/s virtual

And John might use all your CPU cores.
Now let�s do something fun, if you want John to use a certain amount of cores you can adjust it with the environment variable OMP_NUM_THREADS:

john-1.7.9/run$ OMP_NUM_THREADS=1 ./john --test

Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
Many salts: 3982K c/s real, 3990K c/s virtual
Only one salt: 3770K c/s real, 3770K c/s virtual

Python SSl connections.

fb1h2s — Fri, 10 May 2013 06:06:11 GMT

Last day we were stuck with an error in a python program of ours . The code was working fine on our dev environment, but when it was moved to production, we were getting the following error [ even when we had the same python virtual environment as that of production ] for a particular domain/server.

Error:

: [Errno 104] Connection reset by peer)

A sample code to make a python Https request [something we used].

Code:

import httplib h = httplib.HTTPSConnection(host, port) headers = { 'User-Agent': 'trap', 'Content-Type': content_type } h.request('POST', uri, body, headers) res = h.getresponse() return res.status, res.reason, res.read()

Python handles https communication by using Openssl lib [ Python openssl lib ] . Actually many apps out there use openssl libs for there https communication.

Even Wget was failing

So for debugging an htpps /ssl issue you can use the openssl client to directly connect to our target the following way.

openssl s_client -connect Google -verify -debug -ssl3

And this should give back the server Cert, tokens and necessary info for the communication .

But when we tried to connect to our faulting server we were getting .

openssl s_client -connect target-server.com:443 -verify -debug -ssl3
verify depth is 0
CONNECTED(00000003)
52709:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:1102:SSL alert number 40
52709:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:539:

Based on Openssl documentation the faulting function is used to initiate the ssl connection |ssl handshake http://www.openssl.org/docs/ssl/SSL_do_handshake.html

So from this it is clear that the ssl handshake failed and that's the reason why the server closed the connection. So I tried to changing from ssl3 to tls1

openssl s_client -connect Google -verify -debug -tls1

and the connection was successful. So this solution was to force tls1 when making the request. And later I found that the current issue was a bug in openssl https://bugs.launchpad.net/ubuntu/+s...sl/+bug/965371 . And why it was working on dev server was it was running an updated version of openssl, and the production had an outdated openssl.

Fix is you can upgrade openssl [fekd up thing to do ] or force tls1 on your programs when dealing with such servers.

You can also patch httplib in python

Forcing TLSv1 on python:

sock = socket.create_connection(host, port),
self.timeout, self.source_address)

self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
ssl_version=ssl.PROTOCOL_TLSv1)
httplib.HTTPSConnection.connect = connect

Forcing tls in perl:

my $thing = whatever->new(
ssl_opts => { SSL_version => 'TLSv1' },
);

Forcing TLS in Wget and Curl

wget --secure-protocol=TLSv1 ...

curl --tlsv1

Ref: Python HTTPS requests (urllib2) to some sites fail on Ubuntu 12.04 without proxy - Ask Ubuntu
https://bugs.launchpad.net/ubuntu/+s...sl/+bug/965371
ssl - Is there a difference between SSLv3 and TLS1.0? - Stack Overflow
pyOpenSSL - Python interface to the OpenSSL library