I have been looking for the syntax to redirect a special url to a remote server to do some XSS testing. Any ideas?
import SimpleHTTPServer
import SocketServer
class myHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
print self.path
if self.path == '/analog':
-------------------->return "http://12b.dk/analog"???
return SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)
theport = 1234
Handler = myHandler
pywebserver = SocketServer.TCPServer(("", theport), Handler)
print "Python based web server. Serving at port", theport
pywebserver.serve_forever()
For a redirect, you have to return a code 301, plus a Location
header. Probably you can try something like:
class myHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
self.send_response(301)
self.send_header('Location','http://www.example.com')
self.end_headers()
Python 3
In python3
it is done very similar to other answers, but different enough to justify demonstration.
This is a script that does nothing but listen on the port passed as argument 1 and send a 302 ("Found" aka Temporary) redirect to the URL passed as argument 2. (And it has a usage message.)
#!/usr/bin/env python3
import sys
from http.server import HTTPServer, BaseHTTPRequestHandler
if len(sys.argv)-1 != 2:
print("""
Usage: {} <port_number> <url>
""".format(sys.argv[0]))
sys.exit()
class Redirect(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(302)
self.send_header('Location', sys.argv[2])
self.end_headers()
HTTPServer(("", int(sys.argv[1])), Redirect).serve_forever()
You call it like:
sudo ./redirect.py 80 http://jenkins.example.com:8080/
That example ought to give you enough to write what ever kind of function you need.
This is a complete piece of code to redirect, save this file and run it as a python program. to terminate, ctrl + c.
import SimpleHTTPServer
import SocketServer
class myHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
print self.path
self.send_response(301)
new_path = '%s%s'%('http://newserver.com', self.path)
self.send_header('Location', new_path)
self.end_headers()
PORT = 8000
handler = SocketServer.TCPServer(("", PORT), myHandler)
print "serving at port 8000"
handler.serve_forever()
If you are trying to redirect other types of requests (eg. POST), you may need to use status code 307
instead of 301
.
301
will redirect with a GET request even if you sent a POST request
307
will use the same method you used for the initial request
Example code that redirects GET and POST requests:
class myHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
self.redirect()
def do_POST(self):
self.redirect()
def redirect(self):
self.send_response(307)
self.send_header('Location','http://www.example.com')
self.end_headers()
Note: using status code 307
is potentially unsafe, so using this status code for all incoming requests is not recommended. Ideally, you would want to restrict its usage only for requests you know are safe.
HTTP status code 301 has meaning of the request moved permanently and should be redirected to suggested URI which is set to response header field, location. However, the redirection happens depending on implementation of browsers.
Instead of 301, returning 303 tells the browser the response for the request can be found under other URI and effectively manages the browser to redirects the GET request to another URI. Hense, 303 is a better option.