This repository has been archived by the owner on May 6, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
fortilogin.py
executable file
·94 lines (77 loc) · 3.31 KB
/
fortilogin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/env python
# fortilogin.py
# Copyright (C) 2015 Stephane Lepin
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <https://www.gnu.org/licenses/>
import sys
import httplib
import urllib2
import ssl
import re
from urllib import urlencode
from urlparse import urlparse
from getpass import getpass
# Show usage info and exit if not arguments are given
if len(sys.argv) < 2:
print "Usage : " + __file__+ " username [password]"
exit()
username = sys.argv[1]
# Get the password from the arguments if specified, prompt for it otherwise
if len(sys.argv) >= 3:
password = sys.argv[2]
else:
password = getpass('Password for ' + username + ' :')
# The script will try to match testRegex against the data returned by testHost
testHost = "ipv4.icanhazip.com"
testRegex = "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$\n" # ICHI has a line return after the IP address
# Initial request to know if I'm behind a Fortinet captive portal
# I'm using httplib to detect and avoid the automatic redirection performed by urllib
conn = httplib.HTTPConnection(testHost)
conn.request('GET', '/')
rep = conn.getresponse()
# The captive portal responds with HTTP rep code 303
if rep.status == 303:
# So I can extract the magic token embedded in the value of the Location header.
# This value is something like this : http://10.151.0.1:1000/fgtauth?0004610d63757532
locationUrl = rep.getheader('Location')
portalUrl = urlparse(locationUrl)
magic = portalUrl.query
postUrl = portalUrl.scheme + "://" + portalUrl.netloc + "/"
ssl_ctx = ssl.create_default_context()
ssl_ctx.check_hostname = False
ssl_ctx.verify_mode = ssl.CERT_NONE
print "Not authenticated !"
print "Redirected to " + locationUrl
print "------"
print "Captive portal url : " + postUrl
print "Magic token : " + magic
print "------"
print "Authenticating as " + username
# Step 1 - call the full URL returned by the captive portal
rep = urllib2.urlopen(locationUrl, context=ssl_ctx)
print "Step 1 : " + str(rep.getcode())
# Step 2 - send a POST request to the "Yes, I agree" form
rep = urllib2.urlopen(postUrl, urlencode({'4Tredir': 'http://' + testHost, 'magic': magic, 'answer': 1}), context=ssl_ctx)
print "Step 2 : " + str(rep.getcode())
# Step 3 - send a POST request with your credentials to the Authentication form
rep = urllib2.urlopen(postUrl, urlencode({'4Tredir': 'http://' + testHost, 'magic': magic, 'username': username, 'password': password}), context=ssl_ctx)
print "Step 3 : " + str(rep.getcode())
testResponse = rep.read()
if re.compile(testRegex).match(testResponse) != None:
print "Authenticated !"
else:
print "Seems like something went wrong. Here's what I received :\n"
print testResponse
else:
print "Already authenticated"