python脚本-requests模块

python脚本-requests模块

模拟浏览器

import requests
url="http://10.9.47.154/php/arrayprac/get.php"
headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36"
}
res=requests.get(url=url)
# print(res.text)
# print(res.content)
# print(res.url)
# print(res.status_code)
# print(res.request.headers)
print(res.headers)

自定义浏览器指纹

网页中的代码

发送GET参数

import requests
url="http://10.9.47.154/php/arrayprac/get.php"
# url="http://10.9.47.154/php/arrayprac/get.php?username=order&passwd=123"

headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36"
}

con = {
    "username":"order",
    "password":"123456"
}
res=requests.get(url=url,headers=headers,params=con)
print(res.text)

注释部分的操作也可以实现

发送POST参数

import requests
url="http://10.9.47.154/php/arrayprac/post.php"

headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36"
}

baga = {
    "username":"order",
    "password":"123456"
}
res=requests.post(url=url,headers=headers,data=baga)
print(res.text)

网页中代码

文件上传

import requests
url="http://10.9.47.154/dvwa_2.0.1/vulnerabilities/upload/"

headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0",
    "cookie":  "security=low; PHPSESSID=s0ul579nhg887tojt2nes21vp1"
}

data = {
    "MAX_FILE_SIZE":"100000",
    "Upload":"Upload"
}

files = {
    "uploaded":("smallma1.php",b"","application/octet-stream")
}
res=requests.post(url=url,headers=headers,data=data,files=files)

start=res.text.find("
")+5
end=res.text.find("
")
print(res.status_code)
print(res.text[start:end])

此处dvwa的文件上传演示，因此需要使用cookie，各参数内容均为bp抓包的数据

此处内容引号问题太多了，我给换成一句话木马了

服务器超时

import requests
url="http://10.9.47.154/php/functions/sleep.php"

headers = {
    "User-Agent":   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36"
}
try:
    res=requests.post(url=url,headers=headers,timeout=5)
except requests.exceptions.ReadTimeout:
    print("Timeout!")
except:
    print("something error")
else:
    print(res.text)

• 当网页沉睡时间为小于5秒时

• 当网页沉睡时间大于5秒时