伪造http请求救急

有些意外情况可能到导致正常提交行为无法执行,如提交按钮不见了,有时候即使用一些手段找出来了发现也执行不了提交,怎么办呢?

我常用的一招,伪造http请求,拿到正常的请求头信息,进行部分修改,对应到你需要处理的那条数据(或者说页面),通过一些工具(如fiddler)提交之,搞定。

例子:

某个正常的http request header:

GET http://mis.b.baidu.com:8900/auditdeny?versionid=39822181&forbidflag=206_3&auditarea=diff_edit HTTP/1.1 Host: mis.b.baidu.com:8900 Proxy-Connection: keep-alive Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 Referer: http://mis.b.baidu.com:8900/auditpageedit?word=%D1%C5%D7%CC%C3%C0%CC%D8&editflag=0 Accept-Encoding: gzip,deflate,sdch Accept-Language: zh-CN,zh;q=0.8 Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3 Cookie: SWNR=0; fm_dc=public_fengge_dj; Hm_lvt_72131b31a7a49e801f601db7bee96354=1339059225361; USERID=9964141a0da91b0e1195efab9919; BAIDUID=6B375B1D801637537380FA4196FE9ECE:FG=1; BDREFER=%7Burl%3A%22http%3A//news.baidu.com/%22%2Cword%3A%22%22%7D; bdshare_firstime=1353911028547; MCITY=-%3A; PMS_Cache=1359099578759; FIS_DEBUG=YlwtSmt; Hm_lvt_55b574651fcae74b0a9f1cf9c8d7c93a=1357367283,1359099559,1359630635; caidan=20130122; SSUDB=k5RTdrbzVZMWl-aUNjaWcweldXMi01TzdiY0JEM1E3YVI0WlkteTk3ZXVCek5SQVFBQUFBJCQAAAAAAAAAAAEAAADSxq8cd2lraWZlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK56C1GuegtRSn; BDUSS=k5RTdrbzVZMWl-aUNjaWcweldXMi01TzdiY0JEM1E3YVI0WlkteTk3ZXVCek5SQVFBQUFBJCQAAAAAAAAAAAEAAADSxq8cd2lraWZlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK56C1GuegtRSn; BDUT=xb6w4ABAC199607C3FC6412042EDD97FB1AC137550d22dd1; H_PS_PSSID=1906_1440_1945_1788_1897

 

对应的fiddler操作:

 

 

posted on 2013-02-04 17:47  argb  阅读(4015)  评论(1编辑  收藏  举报

导航