文章詳情頁

Python如何利用Har文件進行遍歷指定字典替換提交的數據詳解

瀏覽：127日期：2022-07-06 13:23:59

利用Chrome或Firefox保存的Har文件http/https請求，可用于遍歷字典提交From表單.

少說廢話直接上代碼

Github地址:https://github.com/H0xMrLin/wuppwn

#encoding:utf-8import sys;#Yeah,我沒有注釋。懶得寫HelpContent='''Help:+=====================================================================================================================+ WupPwn.pyPython3 WupPwn.py HarFileName [pd=filedName:Value|pd=filedName:$DicFileName] [if=responseContent] [ifnot=responseContent] [ifend=responseContent] [out=OutFileName] HarFileName har文件名谷歌或Firefox web抓包保存為har entries下可以看到所有請求的地址及參數可以刪除一些不必要的請求讓程序更快運行 pd 設置上傳數據字段名:值或者字段名:字典 if=xxx 如果內容是xxx那就記錄可多個用||隔開 ifnot=xxx 如果內容不是xxx哪就記錄可多個用||隔開 ifend=xxx 如果內容是xxx那就記錄并結束可多個用||隔開 out=xx.txt 輸出記錄到文件 see=on|off 查看每次嘗試破解響應 Current request method have: GET/POST *且目前不支持http請求頭帶 RFC 標識 (RFC-eg: ’:method’:’POST’)可以檢查是否有 md5=XXX 將指定字段名的值進行md5加密再暴力破解一般=password||passwd||pwd ... th=5 設置5個線程同時運行版本警告: 《!》: 切勿用作違法使用，僅供滲透測試，如非法使用該工具與作者無關。 Makerby:Pwn0_+x_X+=====================================================================================================================+''';if(len(sys.argv) <=1): print(HelpContent); sys.exit(1);if(sys.argv[1].lower()=='h' or sys.argv[1].lower()=='-h' or sys.argv[1].lower()=='help'or sys.argv[1].lower()=='-help'): print(HelpContent); sys.exit(1);import os;import json;import urllib.request;import requests;import socket;import hashlib;import threading;import traceback;import uuid;import copyfrom hyper.contrib import HTTP20Adapter;socket.setdefaulttimeout(3);CAllowRequestMethod=['get','post'];HARFile=sys.argv[1];harfp=open(HARFile,'rb');harContent=harfp.read();HarJSON=json.loads(harContent);Body=HarJSON['log']print('Version :'+Body['version']);print('Request Count :'+str( len(Body['entries'])))AimUrlAPar={};for reqBody in Body['entries']: AimUrlAPar[reqBody['request']['url']]={}; AllowRequest='×'; if(reqBody['request']['method'].lower() in CAllowRequestMethod): AllowRequest='√'; else: print(' '*5,'[',AllowRequest,']',reqBody['request']['method'],'tt'+reqBody['request']['url'].split('?')[0]) continue; print(' '*5,'[',AllowRequest,']',reqBody['request']['method'],'tt'+reqBody['request']['url'].split('?')[0]) Parameter= reqBody['request']['queryString'] if reqBody['request']['method'].lower()=='get' else reqBody['request']['postData']['text'] #print(Parameter) if(reqBody['request']['method'].lower()=='post'): if 'application/json' in reqBody['request']['postData']['mimeType']: Parameter=json.loads(Parameter) else: Parameter=reqBody['request']['postData']['params']; tmpPar={}; for item in Parameter: tmpPar[item['name']]=item['value']; Parameter=tmpPar; AimUrlAPar[reqBody['request']['url']]['paramtertype']=reqBody['request']['postData']['mimeType'].lower() elif(reqBody['request']['method'].lower()=='get'): Par={}; #print('get') for item in Parameter: Par[item['name']]=item['value'] Parameter=Par; headers={}; headNotContains=['Content-Length']; for headFiled in reqBody['request']['headers']: if headFiled['name'] in headNotContains: continue; headers[headFiled['name']]=headFiled['value']; cookies={}; for headFiled in reqBody['request']['cookies']: cookies[headFiled['name']]=headFiled['value']; #print(cookies); AimUrlAPar[reqBody['request']['url']]['arguments']=Parameter AimUrlAPar[reqBody['request']['url']]['header']=headers AimUrlAPar[reqBody['request']['url']]['cookies']=cookies AimUrlAPar[reqBody['request']['url']]['method']=reqBody['request']['method'].lower() AimUrlAPar[reqBody['request']['url']]['httpversion']=reqBody['request']['httpVersion'].lower() #系統存儲kPMd5={}; #用戶參數設定pds=[];ifC=[];# 最小優先級ifN=[];# 其二優先級ifE=[];# 最大優先級otFile='';ascMD5=[];testsee='off';see='off';th=0;#因為我不太喜歡指令的參數化模塊所以我直接寫了個硬代碼注：python的模塊有時候很討厭.def setBaseParamters(Key,Value): global see,otFile,testsee,th; Key=Key.lower(); if(Key=='pd'): FILEDSUM=Value.split(':'); filedName=FILEDSUM[0]; filedValue=FILEDSUM[1]; if(filedValue[0]=='$'): apArr=[]; filedP=open(filedValue[1:],'r'); redValueLines=filedP.readlines(); for val in redValueLines: apArr.append({filedName:val.replace('n','')}); pds.append(apArr); else: pds.append([{filedName:filedValue}]); elif(Key=='if'): ifcItems=Value.split('||'); for item in ifcItems: ifC.append(item); elif(Key=='ifnot'): ifcItems=Value.split('||'); for item in ifcItems: ifN.append(item); elif(Key=='ifend'): ifcItems=Value.split('||'); for item in ifcItems: ifE.append(item); elif(Key=='md5'): md5Items=Value.split('||'); for item in md5Items: ascMD5.append(item); elif(Key=='see'): see=Value.strip().lower(); elif(Key=='out'): otFile=Value.strip().lower(); elif(Key=='testsee'): testsee=Value.strip().lower(); elif(Key=='th'): th=int(Value.strip().lower()); return;curThs={};def pdLoop(index,havePar={},myThead=None): global curThs,kPMd5; for item in pds[index]: FiledName=list(item.keys())[0]; FiledValue=list(item.values())[0]; if(FiledName in ascMD5): m5Obj=hashlib.md5(bytes(FiledValue,encoding='UTF-8')); SourceValue=FiledValue; FiledValue=m5Obj.hexdigest(); kPMd5[FiledValue]=SourceValue; havePar[FiledName]=FiledValue; if(index>0): if(th>0 and len(curThs)<th ): print('[+]線程記錄點') childThread=str(uuid.uuid1()).replace('-',''); RunTh= threading.Thread(target=pdLoop,args=(index-1,copy.deepcopy(havePar),childThread,));curThs[childThread]=RunTh; RunTh.start(); else: pdLoop(index-1,copy.deepcopy(havePar)); else: Call(havePar); if(myThead!=None): print('[+]線程釋放點',myThead) curThs.pop(myThead);def Call(sendData): for reqUrl in list(AimUrlAPar.keys()): CurHeaders= AimUrlAPar[reqUrl]['header']; CurHeaders['Cookie']=''; CurCookies= AimUrlAPar[reqUrl]['cookies']; for cookieKey in list(CurCookies.keys()): CurHeaders['Cookie']+=cookieKey+'='+CurCookies[cookieKey]+';' #print(cookieKey+'='+CurCookies[cookieKey]+';'); CurArguments= AimUrlAPar[reqUrl]['arguments']; for cgDataKey in list(sendData.keys()): CurArguments[cgDataKey]=sendData[cgDataKey]; try: if(AimUrlAPar[reqUrl]['method']=='get'): print('[+]GET-Pwn:%s'%(reqUrl)); #data = urllib.parse.urlencode(CurArguments).encode(’utf-8’); if(AimUrlAPar[reqUrl]['httpversion']=='http/2.0'): sessions.mount(reqUrl,HTTP20Adapter()); res=requests.get(reqUrl,headers=CurHeaders,params=CurArguments); print(res.text); Auth(CurArguments,res.text); elif(AimUrlAPar[reqUrl]['method']=='post'): ''' data = urllib.parse.urlencode(CurArguments).encode(’utf-8’) request = urllib.request.Request(reqUrl,data = data,headers = CurHeaders,method='POST'); response = urllib.request.urlopen(request) html = response.read().decode(’utf-8’)''' if(AimUrlAPar[reqUrl]['paramtertype']=='application/x-www-form-urlencoded'): data = urllib.parse.urlencode(CurArguments).encode(’utf-8’) else: data = json.dumps(CurArguments); sessions=requests.session(); if(AimUrlAPar[reqUrl]['httpversion']=='http/2.0'): sessions.mount(reqUrl,HTTP20Adapter()); res=sessions.post(reqUrl,data=data,headers=CurHeaders); Auth(CurArguments,res.text); None; except Exception as e: print('[-]Pwn timeout',traceback.print_exc(),kPMd5) def Auth(Arguments,resContent): Success=False; Arguments=copy.deepcopy(Arguments) for argItemName in list(Arguments.keys()): if(argItemName in ascMD5): Arguments[argItemName]=kPMd5[Arguments[argItemName]]; #print(ifE,ifC,ifN) for ifeItem in ifE: if(ifeItem in resContent): Output(str(Arguments)); sys.exit(1); for ifnItem in ifN: if not(ifnItem in resContent ): Output(str(Arguments)); Success=True for ifcItem in ifC: if (ifcItem in resContent ): Output(str(Arguments)); Success=True if(see==’on’): print({True:'t[√]',False:'[-]'}[Success],Success,Arguments); if(testsee=='on'): print(resContent); def Output(text): if(otFile.strip() == ''): return; os.system('echo %s>>%s'%(text,otFile)); return ; for index in range(len(sys.argv)-2): parIndex=index+2; parItem= sys.argv[parIndex]; try: Item= parItem.split('='); key=Item[0]; value=Item[1]; setBaseParamters(key,value); except: print('Error paramter(%s)'%(parItem));#print(AimUrlAPar);if(len(pds)-1>=0): pdLoop(len(pds)-1)

總結

到此這篇關于Python如何利用Har文件進行遍歷指定字典替換提交的數據的文章就介紹到這了,更多相關Python用Har文件遍歷指定字典替換提交的數據內容請搜索好吧啦網以前的文章或繼續瀏覽下面的相關文章希望大家以后多多支持好吧啦網！

Python 編程

上一條：Python基于tkinter canvas實現圖片裁剪功能下一條：Python word文本自動化操作實現方法解析

相關文章：

1. Android如何加載Base64編碼格式圖片2. 詳解Android studio 動態fragment的用法3. 解決Android studio xml界面無法預覽問題4. 基于android studio的layout的xml文件的創建方式5. 圖文詳解vue中proto文件的函數調用6. Spring Boot和Thymeleaf整合結合JPA實現分頁效果(實例代碼)7. 什么是python的自省8. 使用Android studio查看Kotlin的字節碼教程9. Vuex localStorage的具體使用10. Vue封裝一個TodoList的案例與瀏覽器本地緩存的應用實現

排行榜

					
					圖文詳解vue中proto文件的函數調用
解決Android studio xml界面無法預覽問題
基于android studio的layout的xml文件的創建方式
詳解Android studio 動態fragment的用法
Android如何加載Base64編碼格式圖片
Spring Boot和Thymeleaf整合結合JPA實現分頁效果(實例代碼)
什么是python的自省
.Net Core使用Coravel實現任務調度的完整步驟
Vuex localStorage的具體使用
在IDEA中實現同時運行2個相同的java程序
jQuery 實現DOM元素拖拽交換位置的實例代碼
				