利用Python实现完整的网站登录过程涵盖下载默认页面、自动提取表单的字段并将其提交完成登录过程

  本代码实现:

    1. 访问并下载网站默认页面;

    2. 自动提取表单包括表单中的action, input 等信息,并组成字典

    3. 提交post请求,实现成功的登录

import requests
import sys
import optparse
from lxml import etree

class DVWAXSSTest:
    def __init__(self) -> None:
        self.url = self.url_prefix_formatter(self.get_params()[0])
        self.username = self.get_params()[1]
        self.password = self.get_params()[2]
        self.headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0'
        }
        self.sessions = requests.Session()

    def get_params(self):
        parser = optparse.OptionParser('Usage: <Program> -u url -l username -p password')
        parser.add_option('-u', '--url', dest='url', type='string', help='Specify DVWA url')
        parser.add_option('-l', '--username', dest='username', type='string', help='Specify username')
        parser.add_option('-p', '--password', dest='password', type='string', help='Specify password')
        options, args = parser.parse_args()
        if options.url is None or options.username is None or options.password is None:
            print(parser.usage)
            sys.exit(0)
        return options.url, options.username, options.password
    

    def url_prefix_formatter(self, url):
        if url.startswith('http://'):
            return url
        elif url.startswith('https://'):
            return url
        else:
            return 'http://' + url
    
    def retrieve_webpage(self,url):
        try:
            response = self.sessions.get(url=url, headers=self.headers)
            if response.status_code == 200:
                return response.text
        except Exception as e:
            print(e)
            sys.eixt(0)   
    
    def extract_login_form(self, response):     
        try:  
       
            html = etree.HTML(response)
            action = html.xpath('//form/@action')[0]
            if not action.startswith('http://') or not action.startswith('https://'):
                action = self.url +'/' + action
            
            input_list = html.xpath('//form//input')
            # print(input_list)
            credentials_dict = {}
            for input in input_list:

                input_name = input.xpath('./@name')
                if input_name:
                    input_name = input_name[0]

                input_type = input.xpath('./@type')
                if input_type:
                    input_type = input_type[0]
                
                input_value = input.xpath('./@value')
                if input_value:
                    input_value = input_value[0]
                
                if input_type == 'text':
                    credentials_dict[input_name] = self.username
                if input_type == 'password':
                    credentials_dict[input_name] = self.password
                if input_type == 'submit':
                    credentials_dict[input_name] = input_value
                

            return credentials_dict,action
        except Exception as e:
            print(e)
            sys.exit()

    
    def login(self, credentials_dict, action):
       
        try:
            response = self.sessions.post(url=action, data=credentials_dict)
            if response.status_code == 200:
                if 'You have logged in as' in response.text:
                    print("Successfully logged in ")
                    
        
        except Exception as e:
            print(e)
            sys.exit()
    
    def run(self):
        response = self.retrieve_webpage(self.url)
        credentials_dict, action = self.extract_login_form(response)
        self.login(credentials_dict,action)     

      


if __name__ == '__main__':
    dvwa = DVWAXSSTest()
    dvwa.run()

 

posted @ 2022-05-30 16:44  Jason_huawen  阅读(125)  评论(0编辑  收藏  举报