티스토리 뷰

Web

[Python] requests 모듈

Tribal 2018. 10. 2. 11:33

기본

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import urllib3
import requests
 
def main():
        urllib3.disable_warnings()
 
        url = 'https://127.0.0.1'
        response = requests.get(url, verify=False)
 
        print response.status_code
        print response.text
        print response.cookies
 
if __name__ == '__main__':
        main()
cs


Session 생성

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
import urllib3
import requests
 
def main():
        urllib3.disable_warnings()
 
        url = 'https://127.0.0.1'
 
        s = requests.Session()
        request = requests.Request('POST', url)
        prepared_request = s.prepare_request(request)
 
        settings = s.merge_environment_settings(url=prepared_request.url, proxies=None, stream=None, verify=False, cert=None)
        response = s.send(prepared_request, **settings)
        print response.status_code
        print response.text
        print response.cookies
 
if __name__ == '__main__':
        main()
cs


로그인 및 페이지 이동

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import urllib3
import requests
 
PAGE_LIST = {
    'main':'https://127.0.0.1/',
    'login':'https://127.0.0.1/login',
    'vuln':'https://127.0.0.1/vuln'
}
 
# Disable HTTPS verify and create a session
def CreateSession(url):
    urllib3.disable_warnings()
 
    s = requests.Session()
    req = requests.Request('POST', url)
    pre_req = s.prepare_request(req)
 
    settings = s.merge_environment_settings(url=pre_req.url, proxies=None, stream=None, verify=False, cert=None)
    res = s.send(pre_req, **settings)
    if res.status_code == 200:
        return s
    else:
        print res.status_code
 
        return None
 
# Login web page and get the logined session id
def LoginSession(session, id, pw):
    login_info = {'page':'login''username':id, 'password':pw}
    res = session.post(PAGE_LIST['login'], data=login_info)
    if res.status_code == 200 and 'PHPSESSID' in res.cookies.keys():
        return res.cookies['PHPSESSID']
    else:
        return None
 
# Command Injection
def InjectCmd(session, sessid):
    post_arg = {'cmd':'echo "hello"'}
    cookies = {'PHPSESSID':sessid}
    res = session.post(PAGE_LIST['vuln'], data=post_arg, cookies=cookies)
    print res.status_code
    print res.text
 
# main function
def main():
    s = CreateSession(PAGE_LIST['main'])
    if s == None:
        print '[-] Failed to create a session'
        return False
 
    sessid = LoginSession(s, 'tribal''1234')
    if sessid == None:
        print '[-] Failed to login'
        return False
 
    InjectCmd(s, sessid)
 
if __name__ == '__main__':
    main()
 
cs



참고


저작자표시 비영리

'Web' 카테고리의 다른 글

[React] test code  (0) 2022.04.01
[selenium] Selenium GET/POST method 코드 예제  (1) 2020.07.07
Blind SQL Injection 실습 정리  (0) 2017.05.16
mysql 설치 후, mysql 접속 안 될 때  (0) 2017.05.15
CGI Buffer Overflow  (0) 2017.05.11
공유하기 링크
댓글
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31