python request重定向踩坑记录
写POC的时候,遇到一个问题,用burp验证成功,但成python脚本却一直验证失败,感觉写的代码没问题,多次尝试无果后,经过大师傅提示,看一下发出的包和burp发出的包有什么区别,就去网上查python如何获取完整的HTTP请求,找到了如下方法:
方法来源:https://stackoverflow.com/questions/10588644/how-can-i-see-the-entire-http-request-thats-being-sent-by-my-python-application
import requests
import logging
# These two lines enable debugging at httplib level (requests->urllib3->http.client)
# You will see the REQUEST, including HEADERS and DATA, and RESPONSE with HEADERS but without DATA.
# The only thing missing will be the response.body which is not logged.
try:
import http.client as http_client
except ImportError:
# Python 2
import httplib as http_client
http_client.HTTPConnection.debuglevel = 1
# You must initialize logging, otherwise you'll not see debug output.
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True
requests.get('https://httpbin.org/headers')
使用代码后发现,我发出的post请求,先是返回了一个302的响应,正是我想要的,然后它又重定向到了另一个url上,然后返回了200的响应,怪不得一直验证失败!
然后查了一下如何禁止重定向
使用方法:allow_redirects=False直接加到requests里面
然后就验证成功了,返回了302状态码的包
虽然在这上面花费了不少时间,但算是学到了一招,也不亏。哈哈。