python脚本-requests模块

python脚本-requests模块

模拟浏览器

import requests
url="http://10.9.47.154/php/arrayprac/get.php"
headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36"
}
res=requests.get(url=url)
# print(res.text)
# print(res.content)
# print(res.url)
# print(res.status_code)
# print(res.request.headers)
print(res.headers)

自定义浏览器指纹

image-20231102150257976

网页中的代码

python脚本-requests模块_第1张图片

发送GET参数

import requests
url="http://10.9.47.154/php/arrayprac/get.php"
# url="http://10.9.47.154/php/arrayprac/get.php?username=order&passwd=123"

headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36"
}

con = {
    "username":"order",
    "password":"123456"
}
res=requests.get(url=url,headers=headers,params=con)
print(res.text)

注释部分的操作也可以实现

python脚本-requests模块_第2张图片

发送POST参数

import requests
url="http://10.9.47.154/php/arrayprac/post.php"

headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36"
}

baga = {
    "username":"order",
    "password":"123456"
}
res=requests.post(url=url,headers=headers,data=baga)
print(res.text)

python脚本-requests模块_第3张图片

网页中代码

python脚本-requests模块_第4张图片

文件上传

import requests
url="http://10.9.47.154/dvwa_2.0.1/vulnerabilities/upload/"

headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0",
    "cookie":  "security=low; PHPSESSID=s0ul579nhg887tojt2nes21vp1"
}

data = {
    "MAX_FILE_SIZE":"100000",
    "Upload":"Upload"
}

files = {
    "uploaded":("smallma1.php",b"","application/octet-stream")
}
res=requests.post(url=url,headers=headers,data=data,files=files)

start=res.text.find("
")+5
end=res.text.find("
"
) print(res.status_code) print(res.text[start:end])

此处dvwa的文件上传演示,因此需要使用cookie,各参数内容均为bp抓包的数据

python脚本-requests模块_第5张图片

python脚本-requests模块_第6张图片

此处内容引号问题太多了,我给换成一句话木马了

image-20231102161521058

服务器超时

import requests
url="http://10.9.47.154/php/functions/sleep.php"

headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36"
}
try:
    res=requests.post(url=url,headers=headers,timeout=5)
except requests.exceptions.ReadTimeout:
    print("Timeout!")
except:
    print("something error")
else:
    print(res.text)
  • 当网页沉睡时间为小于5秒时

python脚本-requests模块_第7张图片

image-20231102151057808

  • 当网页沉睡时间大于5秒时

python脚本-requests模块_第8张图片

image-20231102151207120

你可能感兴趣的:(python,开发语言,linux,web安全,安全,网络安全)