Python has a library that allows you to browse and interact with web applications at the source level. After installing the library, you either import the library or use the twill
shell, called twill-sh
.
You can then load the target website and review the page's source with the following commands:
go http://192.168.195.159/dvwa/index.php show
This simply shows the source code of the site, which allows you to further interact with the site.
This allows you to interact directly with the components of the site and identify what needs to be submitted. The twill-sh
library has help support when run in interactive mode, but it is a limited tool. What twill is good for is interacting with the source and identifying potentially interesting areas of a site. It is not good for sites that have significant dynamic content or extensive pages. As an example, I ran the info
command to try and identify anything particular about the site, like this:
At this basic level, you can understand the content types, data formats and other details that can be manipulated within the application, but there are better libraries in Python that can be used to achieve the same results as described following: