获取url
http://10.0.0.101/index.php
import requests
def main():
url = 'http://10.0.0.101/index.php'
response = requests.get(url)
print(response.text)
if __name__ == '__main__':
main()
bp抓包分析
POST /login.php HTTP/1.1
Host: 10.0.0.101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Origin: http://10.0.0.101
Connection: close
Referer: http://10.0.0.101/
Upgrade-Insecure-Requests: 1
username=admin&password=happy
- 这里看出来是post请求并在/login.php下实现后端校验
- 尝试在python中使用post请求一下并填写表单信息
import requests
def main():
url = 'http://10.0.0.101/login.php'
data = {
'username': 'admin',
'password': 'happy'
}
response = requests.post(url, data=data)
print(response.text)
if __name__ == '__main__':
main()
- 理应我们应该得到一个登陆成功后返回的响应包,如bp发包后:
Server: nginx/1.15.10
Date: Tue, 14 May 2024 13:02:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Set-Cookie: PHPSESSID=pmn7sgevtn9fr7ecl36b0s7sp4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: index.php
Content-Length: 367
<ht