文章目录
前言
本文通过构造HTTP请求与目标Web服务器(http://192.168.137.129/)交互,获取该请求的响应数据信息,对返回头与返回体进行分析。得目标网站的网页名称、所使用的服务器、以及安全规则三项信息。
一、代码
def test(url):
headers = {
'user-agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'
}
try:
res = requests.get(url, headers=headers, timeout=4)
codetype = chardet.detect(res.content).get('encoding')
res.encoding = codetype
# title
soup = BeautifulSoup(res.text, "html.parser")
title = soup.title.string if soup.title else 'None'
print('title:', title)
header = res.headers
# server
Server = header.get('Server')
print('Server:', Server)
# security
security = []
if header.get('Content-Security-Policy'):
security.append('Content-Security-Policy')
if header.get('X-Webkit-CSP'):
security.append('X-Webkit-CSP')
if header.get('X-XSS-Protection'):
security.append('X-XSS-Protection')
if header.get('Strict-Transport-Security'):
security.append('Strict-Transport-Security')
print('security:', security)
except Exception as e:
print(e)
if __name__ == '__main__':
test('http://192.168.137.129/')
返回结果:
title: Metasploitable2 - Linux
Server: Apache/2.2.8 (Ubuntu) DAV/2
security: []
二、设计思想
2.1 返回体分析——从soup中提取网站title
2.1.1 代码
headers = {
'user-agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'
}
res = requests.get(url, headers=headers, timeout=4) # 构造请求
codetype = chardet.detect(res.content).get('encoding')
res.encoding = codetype
soup = BeautifulSoup(res.text, "html.parser") # 构造soup
print(soup)
title = soup.title.string if soup.title else 'None'
print(title)
2.1.2 返回
<html><head><title>Metasploitable2 - Linux</title></head><body>
<pre>
_ _ _ _ _ _ ____
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
|_|
Warning: Never expose this VM to an untrusted network!
Contact: msfdev[at]metasploit.com
Login with msfadmin/msfadmin to get started
</pre>
<ul>
<li><a href="/twiki/">TWiki</a></li>
<li><a href="/phpMyAdmin/">phpMyAdmin</a></li>
<li><a href="/mutillidae/">Mutillidae</a></li>
<li><a href="/dvwa/">DVWA</a></li>
<li><a href="/dav/">WebDAV</a></li>
</ul>
</body>
</html>
Metasploitable2 - Linux
2.1.3 分析
从soup的输出结果可知,存在标题,且标题在 title 标签中
print(soup)
<html><head><title>Metasploitable2 - Linux</title></head><body>
......
print(soup.title)
<title>Metasploitable2 - Linux</title>
print(soup.title.string)
Metasploitable2 - Linux
2.2 返回头分析——从header中获取server
思想:输出返回头,提取头部中Server中的信息。
代码:
print(res.headers)
print(res.headers.get('Server'))
返回结果:
{
"Date": "Mon, 04 Apr 2022 10:57:41 GMT",
"Server": "Apache/2.2.8 (Ubuntu) DAV/2",
"X-Powered-By": "PHP/5.2.4-2ubuntu5.10",
"Content-Length": "891",
"Keep-Alive": "timeout=15, max=100",
"Connection": "Keep-Alive",
"Content-Type": "text/html"
}
Apache/2.2.8 (Ubuntu) DAV/2
2.3 返回头分析——从header中获取security信息
思想:通过将几种安全规则与响应头部进行匹配,返回匹配成功的安全规则
代码:
security = []
if header.get('Content-Security-Policy'):
security.append('Content-Security-Policy')
if header.get('X-Webkit-CSP'):
security.append('X-Webkit-CSP')
if header.get('X-XSS-Protection'):
security.append('X-XSS-Protection')
if header.get('Strict-Transport-Security'):
security.append('Strict-Transport-Security')