前言
使用随机数进行用户注册,获取csrftoken创建容器
代码
# coding=utf-8
# This is a sample Python script.
# Press Shift+F10 to execute it or replace it with your code.
# Press Double Shift to search everywhere for classes, files, tool windows, actions, and settings.
from requests import session
import re
import random
import time
def register(random,sess,csrf):
url = "http://192.168.3.66:8000/register"
data = "name="+random+"&email="+random+"%40qq.com"+"&password="+random+"&nonce="+csrf
proxies = {
"http": "http://127.0.0.1:8080",
"https": "http://127.0.0.1:8080",
}
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36',
'Content-Type':'application/x-www-form-urlencoded'
}
r = sess.post(url, data, headers=headers,verify=False)
#print(r.text)
def getcsrf(sess):
url="http://192.168.3.66:8000/register"
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36'
}
res=sess.get(url, headers=headers)
str1=re.search('\'csrfNonce\': ".*"',str(res.text)).group()
return str1[14:78]
def getchacsrf(sess):
url="http://192.168.3.66:8000/challenges"
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36'
}
res=sess.get(url, headers=headers)
str1=re.search('\'csrfNonce\': ".*"',str(res.text)).group()
return str1[14:78]
def creatdocekr(sess,id,chacsre):#id为容器id
data="{}"
url="http://192.168.3.66:8000/plugins/ctfd-whale/container?challenge_id="+str(id)
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36',
'Content-Type':'application/json',
'CSRF-Token':chacsrf
}
r = sess.post(url, data, headers=headers, verify=False)
print(r.text)
if __name__ == '__main__':
for i in range(100):
sess=session()#使用session
number=random.randint(9999,99999999)#获得随机数
csrf=getcsrf(sess)#获取注册的csrftoken
register(str(number),sess,csrf)#注册
chacsrf=getchacsrf(sess)#获得启动容器的csrftoken
creatdocekr(sess, 9,chacsrf)#启动容器
time.sleep(5)#延时5秒
# for i in range(9,255):
# print(i)