1

首先很抱歉,因为我不知道如何问我的问题,上次在安全挑战中我试图用 curl 发送一些请求,过了一会儿他们进行了大量测试以了解挑战的真正含义工作,我尝试编写一些python代码来自动生成我的请求并赢得一些时间

以下是我曾经尝试过的一些请求:基本请求

curl http://10.20.0.50:80/

然后我必须指定路径示例:

curl http://10.20.0.50:80/transfert/solde
curl http://10.20.0.50:80/account/creat
...

有时添加授权或cookie ...

curl http://10.20.0.50:80/transfert/solde -H "Authorization:Basic bXlhcGk6U3VwZXJTZWNyZXRQYXMkdzByZA=="  -H "cookie: PHPSESSID=23c3jc3spuh27cru38kf9l2au5;"

或添加一些参数:

curl http://10.20.0.50:80/transfert/solde -H "Authorization:Basic bXlhcGk6U3VwZXJTZWNyZXRQYXMkdzByZA=="  -H "cookie: PHPSESSID=23c3jc3spuh27cru38kf9l2au5;" --data-raw '{"id":"521776"}' -v

所以问题是我必须在有和没有授权的情况下测试很多东西,有和没有cookie,有时会更改cookie并添加--data-raw ...我试图为我编写一个脚本来做这件事,但它很难看:

url = "http://10.20.0.50:80/"
auth = ' -H "Authorization:Basic bXlhcGk6U3VwZXJTZWNyZXRQYXMkdzByZA=="'
def generate(path,c=None,h=True,plus = None):
    #c cookie , h if we put authentification
    #plus add more code at the end of the request
    global auth  # authentification
    global url
    if c:
    cook = ' -H "cookie: PHPSESSID={};"'.format(c)
    req = "curl "+url+path 
    if h:#h bool
        req += auth
    if c :
        req += cook
    if plus :
        req += plus
    req+=" -v "
    return req

我删除了一个参数 --data-row 以提高可读性,我的想法是我想知道是否有更好的方法来做到这一点!不仅是这个例子,而且一般来说,如果我想创建生成类代码源的python代码,我必须指定类的名称、属性和类型,并且代码会生成一个模板......

我希望你能帮助我:D PS:如果我犯了一些错误,对不起我的英语

4

1 回答 1

1

也许,“改进”代码的一种方法是执行以下操作:

def generate(command = "", headers = [], raws = [], other = [], v = True):
    if headers:
        command += "".join(" -H " + k for k in h)
    if raws:
        command += "".join(" --data-raw " + k for k in raw)
    if v:
        command += " -v"
    if other:
        command += "".join(" " + k for k in other)
    return command

h = ['"Authorization:Basic bXlhcGk6U3VwZXJTZWNyZXRQYXMkdzByZA=="', '"cookie: PHPSESSID=23c3jc3spuh27cru38kf9l2au5;"']
raw = ["'{\"id\":\"521776\"}'"]
cmd = "curl http://10.20.0.50:80/transfert/solde"

command1 = generate(command=cmd,headers=h,raws= raw)
command2 = generate(command=cmd,headers=h,raws=raw, v=False)
command3 = generate(command=cmd,v = False)

print("command1:",command1)
print("command2:", command2)
print("command3:", command3)

输出:

command1: curl http://10.20.0.50:80/transfert/solde -H "Authorization:Basic bXlhcGk6U3VwZXJTZWNyZXRQYXMkdzByZA==" -H "cookie: PHPSESSID=23c3jc3spuh27cru38kf9l2au5;" --data-raw '{"id":"521776"}' -v
command2: curl http://10.20.0.50:80/transfert/solde -H "Authorization:Basic bXlhcGk6U3VwZXJTZWNyZXRQYXMkdzByZA==" -H "cookie: PHPSESSID=23c3jc3spuh27cru38kf9l2au5;" --data-raw '{"id":"521776"}'
command3: curl http://10.20.0.50:80/transfert/solde
于 2017-04-09T02:29:08.757 回答