Shulou(Shulou.com)06/02 Report--

This article mainly explains "Python uses requests module to interact with Web application", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let the editor take you to learn "Python uses the requests module to interact with Web applications".

Requests module

Students who have come into contact with Python crawlers are no stranger to requests modules. This is an efficient, convenient, fast and friendly HTTP request library.

Like crawlers, Web penetration testing requires requesting Web applications, interacting with websites, traversing site paths, testing SQL injection vulnerabilities, or uploading form files with backdoors.

The requests module supports multiple HTTP request methods, which basically cover the request methods defined by the HTTP protocol:

At the same time, you can easily view the information of the request and response.

View status codes: using the status_code attribute

View response headers: use the header property

View the response content: use the content or text property

Let's actually use the requests library by writing a script.

The first script

In the first example, we use the requests library to make a GET request to the / ip path of the HTTP request and response test site www.httpbin.org described in the previous article.

Run the script, and the result returns the same information as the one opened on the browser:

Let's visit httpbin.org 's jump redirect link again:

This link will jump to example.com 's website. Here, we use the params parameter to pass the value of the redirection:

A 200 status code is returned, indicating that the request was successful:

We can take a look at the header information again through requests:

The result returns:

Set request header domain

By default, requests uses its own request header, but we can modify it.

For example:

Customize a header domain

Tamper with our browser logo

Change the host header

Tamper with any header domain

Httpbin.org provides a tool to test the http header domain: / headers:

It returns the request header of the client. Let's directly use requests.get to request and see the returned result:

As you can see, under the default request, requests's browser is identified as "python-requests/2.18.2" and accepts all types of responses:

Next, we use the headers attribute in the requests request method to modify our request header domain to change the browser identity to Iphone X:

As a result, our browser logo was successfully changed to Iphone X:

Submit a POST form

In Web penetration testing, forms are a key point of testing. Where there is a form, there is input, where there is input, there will be interaction with the server, and where there is interaction, there are opportunities for loopholes, like the classic SQL injection. In most cases, it is through the construction of SQL statements in the input box to achieve the effect of intrusion.

In requests, we make the POST request through the post () method, using its data property to transfer form data, also using the post test path provided by httpbin.org:

Take a look at the returned results:

In the form data is the name data that we transferred.

At this point, I believe you have a deeper understanding of "Python uses the requests module to interact with Web applications". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.