golang 使用文本请求头构造repuest
最近看别人写爆破密码,想着自己写个burpsuite的文本写个小工具,构造自己的爆破模块,就不用天天网上找资料,…(找工具心累啊,现在奇奇怪怪的验证方式,一般支持一个功能,不太能满足现在的要求),当然gpt写了个功能,但也走了一些弯路,现在只写了一个构造请求头加代理到burpsuite
package main
import (
"bytes"
"crypto/tls"
"fmt"
"net/http"
"net/url"
"strings"
"time"
)
var proxy string = "http://127.0.0.1:8080/"
func sendHTTPRequest(requestString string) (*http.Response, error) {
// 解析请求字符串
shost := ""
lines := strings.Split(requestString, "\n")
// 解析请求方法和URL
methodAndURL := strings.Fields(lines[0])
method := methodAndURL[0]
urls := methodAndURL[1]
fmt.Println("============")
// 解析请求头部
if method == "POST" {
headers := make(http.Header)
for i := 1; i < len(lines); i++ {
line := lines[i]
if strings.TrimSpace(line) == "" {
break
}
header := strings.SplitN(strings.TrimSpace(line), ": ", 2)
headers.Add(header[0], header[1])
if header[0] == "Host" {
shost = header[1]
}
}
// 解析请求体
body := strings.TrimSpace(lines[len(lines)-1])
fmt.Println(body)
// 创建 HTTP 请求
req, err := http.NewRequest(method, "http://"+shost+urls, bytes.NewBufferString(body))
if err != nil {
return nil, err
}
// 设置请求头部
req.Header = headers
// 创建 HTTP 客户端
client := &http.Client{}
proxyAddress, _ := url.Parse(proxy)
client = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
Proxy: http.ProxyURL(proxyAddress),
},
Timeout: 10 * time.Second,
}
// 发送请求
resp, err := client.Do(req)
if err != nil {
return nil, err
}
return resp, nil
} else {
// 解析请求头部
headers := make(http.Header)
for i := 1; i < len(lines); i++ {
line := lines[i]
if line == "" {
break
}
header := strings.SplitN(strings.TrimSpace(line), ": ", 2)
headers.Add(header[0], header[1])
if header[0] == "Host" {
shost = header[1]
fmt.Println(shost)
}
}
req, err := http.NewRequest(method, "http://"+shost+urls, nil)
if err != nil {
return nil, err
}
// 设置请求头部
req.Header = headers
// 创建 HTTP 客户端
client := &http.Client{}
proxyAddress, _ := url.Parse(proxy)
client = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
Proxy: http.ProxyURL(proxyAddress),
},
Timeout: 10 * time.Second,
}
// 发送请求
resp, err := client.Do(req)
if err != nil {
return nil, err
}
return resp, nil
}
}
func main() {
requestString := `
GET /rest/2.0/docview/text?object=16b2419e4ueef6f82e6d940489b8e89f&expires=24h&dp_logid=91145101558106707&rt=pr&sign=FOTRE-DCb740ccc5511e5e8fedcff06b081203-cS76MsobmbCNLPHTitMn7Vpzw%252B8%253D&file_size=24512×tamp=1690021811&method=info&fid=3074421285-250528-786636578573182&client_type=web&file_type=txt HTTP/1.1
Host: pcsdata.baidu.com
Cookie: PSTM=1665844524; BIDUPSID=EB0B8FC9F869D7E0060BB3690043D898; __bid_n=1846717b24cc8af89e4207; FEID=v10-7556207eb8c9a8bee819037150a2f1d8bf9544be; __xaf_fpstarttimer__=1672313942403; __xaf_thstime__=1672313942450; __xaf_fptokentimer__=1672313942478; BAIDU_WISE_UID=wapp_1673188133647_129; BAIDUID=8FF8D5F23C882E5C2B0BCAF4D38ECED8:FG=1; BAIDUID_BFESS=8FF8D5F23C882E5C2B0BCAF4D38ECED8:FG=1; BDUSS=W9wUEt3eWtIZ0lGOW1SZ1YtWGFsNUpjNWNyUXM5LWtMdjc0ZVNpVEU3SXJSRGxrSVFBQUFBJCQAAAAAAAAAAAEAAAC8t~o7aG9tZbfctrfHsL34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACu3EWQrtxFka; BDUSS_BFESS=W9wUEt3eWtIZ0lGOW1SZ1YtWGFsNUpjNWNyUXM5LWtMdjc0ZVNpVEU3SXJSRGxrSVFBQUFBJCQAAAAAAAAAAAEAAAC8t~o7aG9tZbfctrfHsL34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACu3EWQrtxFka; jsdk-uuid=eeb7a1b5-9a68-4e79-b0cd-e3463e1a5d63; ZFY=TKuuDGiWAlt5KG:AUT4qemT:BaxftGRdvanFMOiaoaSdA:C; FPTOKEN=x1i7SP7F+IcjDkau2gbd2M53a+M85sGPzKcD4kc3dP6ZFw2wL3sijRsu1acmFgKr/EaQEj80hiuK7ERrYqDB5+npXQ/3aL4bfkXRDBwWtFBjidB9xXRiI1T58GcrKwZG1/ronIevcYlyyeu+suBkZ7or+7+jXnmgID/26jxMhYIF8jkT1zSLFnttg0Xpu4akQQ2+FoIrZTwiv0S9secJJHa69AXMNGWn/CzRVitx8AZGDb+AXUieH/74V6oM0FOMtNQqDMMZZrnobTOfYKwIZtaRa5iZEZO/22QKrMDc1TE1uzccahzTMGDtjTwvox1WhZVLZ43gGncBlpvw4BW7ExLDoQ4X9RbkYTGg1PtxoiKBUI8tpIhUeXYBH+CQOli335xCCl2/lJPPimt+HT0jNA==|f3uyXIGO81rpu01uFJ1gfdaFd7w4MkAulZfTWY0Wu9c=|10|4d7d1bcd4489a8c66457ae6439adf9e4; RT="z=1&dm=baidu.com&si=ceb006e4-e648-483c-b4d1-2c21debc1fdb&ss=lkatp569&sl=b&tt=6ur&bcn=https%3A%2F%2Ffclog.baidu.com%2Flog%2Fweirwood%3Ftype%3Dperf&ld=2evb&ul=2g3x&hd=2g8i"; STOKEN=814b39c2471f08a1e73ad35321afd4739dc14399e048c040c453dd078d2628a1; ab_sr=1.0.1_ODkyY2M5ODZmYmQzZDhkM2IxOTUyMTIzNGVlZTQ3ZmYzOWRmYWMzODgyMDFjMzM1OWIxOThiOGNmZDM0MTQ2ZGQwYjg3YTM1N2IwOGJkZDg2Yzk3ODE0NGNmOWJhZGM5Y2E5Y2IxNmM4NzAxMGUxNzRlMDI3ZjBmNTE0NWUwNDFjZWExMTA3OGFhNDVmMzBkYWM4ZTk4M2EwZmRhNDhiMDkwOGZiMTkwYjc5NjFkM2Y1MDQwMjE4ZjBkNjAzZWVj
Sec-Ch-Ua: "Microsoft Edge";v="113", "Chromium";v="113", "Not-A.Brand";v="24"
Accept: text/plain
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.42
Sec-Ch-Ua-Platform: "Windows"
Origin: https://yun.baidu.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://yun.baidu.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close`
resp, err := sendHTTPRequest(strings.TrimSpace(requestString))
if err != nil {
fmt.Println("Error sending request:", err)
return
}
defer resp.Body.Close()
// 处理响应...
// 这里省略了处理响应的代码
}