日常渗透必不可免的爆破目录、各种工具一把梭!!而面临的痛点就是IP被ban-.-那么如何绕过拦截呢?前几天刚好碰到大佬的文章,很赞!继续观摩大佬的思路↓ 果然我还是太菜了!!
Jaky,公众号:洛米唯熊sqlmap+外部代理池绕过IP拦截
0x00:前言
一、基于前面写过给"扫目录+N多代理“,这次给sqlmap加一个代理池。用处就是在跑sqlamp注入的时候,防止被ban掉IP.
扫目录+N多代理IP绕过拦截
二、这个思路是很久之前就有了,只不过这次是自己研究一下原理结合网上公开的脚本,并用Python写出来的. 这次没有创新的知识,纯当做是练习python脚本的编写.
0x01:思路
1.先爬取代理网站的代理IP,然后做一下验证,验证是否可用并输出到文本里.
2.启用本地代理127.0.0.1:5320(5320=我想爱你)
3.sqlmap加上代理"--proxy=http://127.0.0.1:5320"
0x02:过程
一、获取代理IP
import requests,reurl="http://www.89ip.cn/tqdl.html?api=1&num=10"#采用89ip的接口采集types="https"proxys={}#print (url)headers={'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 12_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/12.0 Safari/1200.1.25'}r=requests.get(url,headers=headers).textip=re.findall("((?:[0-9]{1,3}\.){3}[0-9]{1,3})", r)#正则匹配出IP与端口port=re.findall("(:\d{1,5})", r)#正则匹配出IP与端口for i,j in zip(port[2:],ip): print (j+i)
二、验证代理IP并输出到文本
我们来回忆上次提到的Python中proxies的编写规则
proxy={'协议':'ip:端口'}
编写格式:
tar=requests.get(url,headers=headers,proxies=proxy,timeout=5,verify=False)
获取IP+验证代理
#/usr/bin/python3#author:Jakyimport requests,reurl="http://www.89ip.cn/tqdl.html?api=1&num=9000"#采用89ip的接口采集types="https"proxys={}headers={'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)'}r=requests.get(url,headers=headers).textip=re.findall("((?:[0-9]{1,3}\.){3}[0-9]{1,3})", r)#正则匹配出IP与端口port=re.findall("(:\d{1,5})", r)#正则匹配出IP与端口for i,j in zip(port[2:],ip): proxy=j+i print (proxy) proxys[types.lower()]='%s'%proxy try: tar=requests.get("https://ifconfig.me/ip",headers=headers,proxies=proxys,timeout=5,verify=False).text if tar in str(proxys): with open("ip.txt",'a') as file: file.write(proxy+'\n') # 保存文件 except : pass
我这里直接采集9000个+验证
同时输出结果到"ip.txt"
三、完整代码
#!/usr/bin/env python3# coding:utf-8import socket,time,random,threading,requests,refrom socket import errorlocaltime = time.asctime(time.localtime(time.time()))class ProxyServerTest(): def __init__(self, proxyip): # 本地socket服务 self.ser = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.proxyip = proxyip def run(self): try: # 本地服务IP和端口 self.ser.bind(('127.0.0.1', 5320)) # 最大连接数 self.ser.listen(10) except error as e: print("[-]The local service : " + str(e)) return "[-]The local service : " + str(e) while True: try: # 接收客户端数据 client, addr = self.ser.accept() print('[*]accept %s connect' % (addr,)) data = client.recv(1024) if not data: break print('[*' + localtime + ']: Accept data...') except error as e: print("[-]Local receiving client : " + str(e)) return "[-]Local receiving client : " + str(e) while True: # 目标代理服务器,将客户端接收数据转发给代理服务器 mbsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print("[!]Now proxy ip:" + str(self.proxyip)) prip = self.proxyip[0] prpo = self.proxyip[1] try: mbsocket.settimeout(3) mbsocket.connect((prip, prpo)) except: print("[-]RE_Connect...") continue break try: mbsocket.send(data) except error as e: print("[-]Sent to the proxy server : " + str(e)) return "[-]Sent to the proxy server : " + str(e) while True: try: # 从代理服务器接收数据,然后转发回客户端 data_1 = mbsocket.recv(1024) if not data_1: break print('[*' + localtime + ']: Send data...') client.send(data_1) except socket.timeout as e: print(self. proxyip) print("[-]Back to the client : " + str(e)) continue # 关闭连接 client.close() mbsocket.close() def main(): print('Atuhor:Jaky') print('WeChat public number:luomiweixiong') file = open("ip.txt","r") for i in file: ip = i.split(':') ip_list = (ip[0],int(ip[1])) print(ip_list) try: try_ip = ProxyServerTest(ip_list) except Exception as e: print("[-]main : " + str(e)) return "[-]main : " + str(e) t = threading.Thread(target=try_ip.run, name='LoveJaky') print('[*]Waiting for connection...') # 关闭多线程 t.start() t.join() if __name__ == '__main__': main()
0x03:总结
1、感谢@朋与厌 大佬半夜三更帮我修改错误(笔芯)
2、使用之前得先爬取代理IP,验证完然后会自动保存在"ip.txt"里
3、执行以上代码,然后
sqlmap.py -u "http://www.xxx.com/1.asp?id=1" --proxy=http://127.0.0.1:5320