Well as mentioned in my earlier post, it’s really difficult to have focus when self learning to program. So I make a huge effort not to be swayed into the grooviest new language or framework and even though I have been aware of Python for a while, I’ve always stayed away from it for this reason – the fear of losing focus!
However, recently I’ve been getting increasingly interested in security, especially with the recent cyberattacks (wannacry) and also terror attacks that are happening more and more frequently. With this in mind, I browsed reddit and someone reccomended the book violent python a book detailing penetration testing using Python. The book doesn’t mess about, within the first few pages we are shown how to write useful programs, such as an UNIX password cracker by using specified salt values and comparing a ‘password’ file with a dictionary and using the UNIX command crypt().
I will talk about the book and the programs in it in another post. In this blog post I wanted to talk about a custom password generator script I made which is very basic and taught me about collecting data from the web in the form of JSON. I have made a web scraper in JAVA using jsoup so am familiar with the idea of web scraping and know one of Pythons main strengths is its ability to do this very well.
Anyway, I was looking for JSON data I could use to test my script and came across this link:
From working with node.js i could see that the ? symbol is a query and the word after text= is the plain-text to be encrypted. This particular md5 JSON example appealed to me, as mentioned before I have an interest in security. So I knew that to make the query custom we should use a variable for the text following the equals sign.
The purpose of this is to encrypt plain-text using a md5 hashing algorithm. A quick google search signifies that md5 password generators are fairly common and I would like to work on this further – perhaps by adding a GUI to this code and also experimenting with encrypting files instead of only plain-text.
Basically an md5 hash output is a 32 character hexadecimal string. I am planning to do a dedicated blog post on hashing algorithms and for now I want to walk through the code that I wrote for this password generator:
import urllib2 import json def printResults(data): theJSON = json.loads(data) print "your encrypted password is" + theJSON['md5'] def main(): plaintext = raw_input("enter plaintext to encrypt") print plaintext urlData ="http://md5.jsontest.com/?text=" + plaintext webUrl = urllib2.urlopen(urlData) print webUrl.getcode() if(webUrl.getcode() == 200): data = webUrl.read() printResults(data) else: print "Recirved an error from server, cannot read data" + str(webUrl.getcode()) if __name__ == "__main__": main()
Our program basically stores the plain-text to be encrypted which will be user generated by calling the raw_input() inbuilt Python function. This variable is then added to the urlData. We then use this urlData to obtain our encrypted password by opening the custom url location. A good practice that can be seen in this code is to include the getcode() function, just to make sure the data was read successfully. This 200 is a HTTP status code and signifies that everything is read correctly. Other examples include 400 for a bad request (something I’ve experienced frequently!), 500 for internal server error and 511 for network authentication required.
I really hope this blog post was interesting and please get in touch if you would like to know more 🙂