[Python] requests 모듈

Web

[Python] requests 모듈

Tribal 2018. 10. 2. 11:33

기본

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import urllib3
import requests
 
def main():
        urllib3.disable_warnings()
 
        url = 'https://127.0.0.1'
        response = requests.get(url, verify=False)
 
        print response.status_code
        print response.text
        print response.cookies
 
if __name__ == '__main__':
        main()
cs

Session 생성

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
import urllib3
import requests
 
def main():
        urllib3.disable_warnings()
 
        url = 'https://127.0.0.1'
 
        s = requests.Session()
        request = requests.Request('POST', url)
        prepared_request = s.prepare_request(request)
 
        settings = s.merge_environment_settings(url=prepared_request.url, proxies=None, stream=None, verify=False, cert=None)
        response = s.send(prepared_request, **settings)
        print response.status_code
        print response.text
        print response.cookies
 
if __name__ == '__main__':
        main()
Colored by Color Scripter
cs

로그인 및 페이지 이동

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import urllib3
import requests
 
PAGE_LIST = {
    'main':'https://127.0.0.1/',
    'login':'https://127.0.0.1/login',
    'vuln':'https://127.0.0.1/vuln'
}
 
# Disable HTTPS verify and create a session
def CreateSession(url):
    urllib3.disable_warnings()
 
    s = requests.Session()
    req = requests.Request('POST', url)
    pre_req = s.prepare_request(req)
 
    settings = s.merge_environment_settings(url=pre_req.url, proxies=None, stream=None, verify=False, cert=None)
    res = s.send(pre_req, **settings)
    if res.status_code == 200:
        return s
    else:
        print res.status_code
 
        return None
 
# Login web page and get the logined session id
def LoginSession(session, id, pw):
    login_info = {'page':'login', 'username':id, 'password':pw}
    res = session.post(PAGE_LIST['login'], data=login_info)
    if res.status_code == 200 and 'PHPSESSID' in res.cookies.keys():
        return res.cookies['PHPSESSID']
    else:
        return None
 
# Command Injection
def InjectCmd(session, sessid):
    post_arg = {'cmd':'echo "hello"'}
    cookies = {'PHPSESSID':sessid}
    res = session.post(PAGE_LIST['vuln'], data=post_arg, cookies=cookies)
    print res.status_code
    print res.text
 
# main function
def main():
    s = CreateSession(PAGE_LIST['main'])
    if s == None:
        print '[-] Failed to create a session'
        return False
 
    sessid = LoginSession(s, 'tribal', '1234')
    if sessid == None:
        print '[-] Failed to login'
        return False
 
    InjectCmd(s, sessid)
 
if __name__ == '__main__':
    main()
 
Colored by Color Scripter
cs

참고

requests 모듈 문서 : http://docs.python-requests.org/en/master/api/
SSL verify : https://github.com/requests/requests/issues/4256
페이지 이동 : https://beomi.github.io/2017/01/20/HowToMakeWebCrawler-With-Login/

저작자표시 비영리