第二章主要是讲了些HTTP协议相关,属于基础知识,关于这块,有一本书比较收到好评,叫做《图解HTTP》,公众号后台回复“http”可以观看。
目录:
HTTP协议
HTTP的特性
HTTP报文
会话跟踪
跨站攻击
实践
TCP协议
TCP 的特性
三次握手与四次挥手
SYN攻击
TCP KeepAlive
实战:模拟登陆
场景
手动
自动
实践
本章会留下较多实践,难度对初学者来说很大。有兴趣去尝试吗,有知乎的session_token参数,还有美团的登录的参数解决。
美团的有几个重点参数需要解决:
password
fingerprint
csrf
_token
关于参数“_token”提示:
> window.location.origin + r
<< "https://passport.meituan.com/account/unitivelogin?risk_partner=0&uuid=1dff88e4c8294f67b2b6.1551710089.1.0.0&service=www&continue=https%3A%2F%2Fwww.meituan.com%2Faccount%2Fsettoken%3Fcontinue%3Dhttp%253A%252F%252Fbj.meituan.com%252F"
所以难点就在于函数Rohr_Opt.reload,大家可以自己去多尝试。
附上github模拟登陆的代码
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import re
import requests
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
'Connection': 'keep-alive',
'Host': 'github.com',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36'
}
s = requests.session()
s.headers.update(headers)
def get_token():
url = 'https://github.com/login'
response = s.get(url, timeout=10)
pat = 'name=\"authenticity_token\" value=\"(.*?)\"'
return re.findall(pat, response.text)[0]
def login(authenticity_token, account, password):
payload = {
'commit': 'Sign in',
'utf8': '\u2713',
'authenticity_token': authenticity_token,
'login': account,
'password': password,
}
url = 'https://github.com/session'
response = s.post(url, data=payload)
print(response.text)
# do whatever you want
if __name__ == '__main__':
account, password = '', ''
authenticity_token = get_token()
login(authenticity_token, account, password)
更多内容可以阅读原文