通过Python中的requests模块也可以来发送HTTP请求,接收HTTP响应,从而实现一些更加灵活的操作。
requests是第三方库,不过在Kali中已经自带了该模块。Python3和Python2的用法稍微有些差别,这里先以Python2为例。
root@kali:~# python

Python 2.7.15 (default, Jul 28 2018, 11:29:29) 
[GCC 8.1.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 
>>> import requests

下面以之前做过的Bugku中的Get和Post方法两道题目为例,来介绍requests模块的用法。

1.Get请求
利用requests模块中的get方法,向目标url发送Get请求,将结果赋值给变量r1,直接查看r1的值,将显示状态码。查看text属性可以获得HTTP响应正文。通过print()函数输出,可以解析其中的换行符。

>>> r1=requests.get(url='http://123.206.87.240:8002/get/')
>>> r1

>>> r1.text
u"$what=$_GET['what'];
\r\necho $what;
\r\nif($what=='flag')
\r\necho 'flag{****}';
\r\n\r\n\r\n" >>> print(r1.text) $what=$_GET['what'];
echo $what;
if($what=='flag')
echo 'flag{****}';

下面发送带参数的Get请求,参数要以字典的形式表示:

>>> r1=requests.get(url='http://123.206.87.240:8002/get/',params={'what':'flag'})
>>> print(r1.text)
$what=$_GET['what'];
echo $what;
if($what=='flag')
echo 'flag{****}';
flagflag{bugku_get_su8kej2en}

2.Post请求
仍是向目标url发送Post请求,并将结果存储在变量r2中:

>>> r2=requests.post(url='http://123.206.87.240:8002/post/')
>>> print(r2.text)
$what=$_POST['what'];
echo $what;
if($what=='flag')
echo 'flag{****}';

发送带参数的Post请求:

>>> r2=requests.post(url='http://123.206.87.240:8002/post/',data={'what':'flag'})
>>> print(r2.text)
$what=$_POST['what'];
echo $what;
if($what=='flag')
echo 'flag{****}';
flagflag{bugku_get_ssseint67se}

3.查看报文头
查看headers属性可以获得响应头,可以看到响应头中的信息是以字典的形式存放:

>>> r1.headers
{'Content-Encoding': 'gzip', 'Transfer-Encoding': 'chunked', 'Keep-Alive': 'timeout=60', 'Server': 'nginx', 'Connection': 'keep-alive', 'Date': 'Tue, 04 Dec 2018 23:12:33 GMT', 'Content-Type': 'text/html'}

通过for循环对字典中的键进行遍历:

>>> for key in r1.headers:
...     print(key)
... 
Server
Date
Content-Type
Transfer-Encoding
Connection
Keep-Alive
Content-Encoding

遍历键和值:

>>> for key in r1.headers:
...     print(key,r1.headers[key])
... 
('Server', 'nginx')
('Date', 'Tue, 04 Dec 2018 23:12:33 GMT')
('Content-Type', 'text/html')
('Transfer-Encoding', 'chunked')
('Connection', 'keep-alive')
('Keep-Alive', 'timeout=60')
('Content-Encoding', 'gzip')

查看指定的键值:

>>> r1.headers['Server']
'nginx'

查看request.headers属性可以获得请求头:

>>> r1.request.headers
{'Connection': 'keep-alive', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': 'python-requests/2.18.4'}