python安全开发课程第三章第二节--python-web基础

python安全开发课程第三章第二节–python-web基础

注释:本文中所有代码均为Python2.7

requests代理

很多时候我们需要使用代理,而且是使用全局的代理,这个是方便我们隐藏自己的身份和让网络达到本来不可达的目的地
1.http代理

import requests
proxies = {
  "http": "http://10.10.1.10:3128",
  "https": "http://10.10.1.10:1080",
}
requests.get("http://example.org", proxies=proxies)

2.socks代理
要安装一个模块pip install requests[socks]

import requests
proxies = {
    'http': 'socks5://user:pass@host:port',
    'https': 'socks5://user:pass@host:port'
request.get('http://www.baidu.com',proxies=proxies)

urllib2代理

1.http代理
仅仅当前连接做代理,我们可能会在cc或者ddos的时候,需要这样的随机的代理,来模拟正常的访问行为

import urllib2
proxy_handler = urllib2.ProxyHandler({'http': '121.193.143.249:80'})
opener = urllib2.build_opener(proxy_handler)
r = opener.open('http://httpbin.org/ip')
print(r.read())

全局的代理,如果我们写一个业务代码,大多数时候我们需要一个全局代理,当然,这里还是推荐使用requests

import urllib2
proxy = urllib2.ProxyHandler({'http': '127.0.0.1:8087'})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen('http://feeds2.feedburner.com/MobileOrchard')
print response.read()

JSON函数

json是一种轻量级的数据交换格式,我们有的时候会需要使用各种网站的api进行交互,以前使用xml比较多,现在换成json了

函数 描述
json.dumps 将python对象编码成json字符串
json.loads 将已编码的json字符串解码为python
>>> import json
>>> #编码json
>>> data={'aa':1,'bb':2,'cc':3}
>>> j=json.dumps(data)
>>>type(j)
>>> #解码json
>>> jsonData = '{"a":1,"b":2,"c":3,"d":4,"e":5}';
>>> text = json.loads(jsonData)
>>> type(text)

####json api使用实例

#coding=utf-8
import requests
import json
r=requests.get('http://www.sojson.com/open/api/weather/json.shtml?city=武汉')
aa=json.loads(r.text)
print aa['city']
print aa['data']['yesterday']['notice']
print aa['data']['yesterday']['high']
print aa['data']['yesterday']['low']
#未来的数据,由于这里没有转换成完整的字典
for i in  aa['data']['forecast']:
	for x in i:
		print i[x]

一个暴力破解web目录和文件工具的构思

通过对特定模板的网站的已知目录的扫描,来猜出web网站的目录结构,尤其可以找到登录界面,后台界面,查询界面等
####关键代码实现

#coding=utf-8
import urllib2
def scan_url(url):
	try:
		header={}
		header={"User-Agent"}=’Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)’
		r=urllib2.Reuqests(url,headers=header)
		res=urllib2.urlopen(r)
		if len(res.read()): #判断返回是否有内容
			print "[%d] => %s"%(response.code,url)#为什么是%d??
	except urllib2.URLError ,e:
		if hasattr(e,'code') and e.code !=404:#hassttr是判断class属性的,暂不介绍
			print "!!! %d=> %s "%(e.code,url)

完整实现

涉及到线程和队列的知识,后面讲解

import urllib2
import threading
import Queue
import urllib

threads = 5
target_url = "http://testphp.vulnweb.com"
wordlist_file = "/tmp/all.txt" # from SVNDigger
resume = None #设定一个结束开关
user_agent = "Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0"


def build_wordlist(wordlist_file):
    # read in the word list
    fd = open(wordlist_file, "rb")
    raw_words = fd.readlines()
    fd.close()

    found_resume = False
    words = Queue.Queue()

    for word in raw_words:
        word = word.rstrip()#这里是为了去掉空格和回车符

        if resume is not None:
            if found_resume:
                words.put(word)
            else:
                if word == resume:
                    found_resume = True
                    print "Resuming wordlist from: %s" % resume

        else:
            words.put(word)

    return words

def dir_bruter(word_queue, extensions=None):
    while not word_queue.empty():
        attempt = word_queue.get()
        attempt_list = []

        # check to see if there is a file extension; if not, it's a directory
        # path we're bruting
        if "." not in attempt:
            attempt_list.append("/%s/" % attempt)
        else:
            attempt_list.append("/%s" % attempt)

        # if we want to bruteforce extensions
        if extensions:
            for extension in extensions:
                attempt_list.append("/%s%s" % (attempt, extension))

        # iterate over our list of attempts
        for brute in attempt_list:
            url = "%s%s" % (target_url, urllib.quote(brute))

            try:
                headers = {}
                headers["User-Agent"] = user_agent
                r = urllib2.Request(url, headers=headers)

                response = urllib2.urlopen(r)

                if len(response.read()):
                    print "[%d] => %s" % (response.code, url)

            except urllib2.URLError as e:
                if hasattr(e, 'code') and e.code != 404:#这里需要类的知识
                    print "!!! %d => %s" % (e.code, url)

                pass


word_queue = build_wordlist(wordlist_file)
extensions = [".php", ".bak", ".orig", ".inc"]

for i in range(threads):
    t = threading.Thread(target=dir_bruter, args=(word_queue,extensions,))
    t.start()

思考:

1.如何提高爆破速度?

你可能感兴趣的:(#,python脚本安全开发,python,安全,前端)