1

在 Burp Suite 中,捕获请求的第一行通常是GET / HTTP/1.1. 但是,我目前正在使用提供绝对 URL 的方法来练习主机标头注入,以便如下所示:

GET https://vulnerable-website.com/ HTTP/1.1
Host: bad-stuff-here

在 python 中,我使用 requests 库并且无法指定GET我需要的确切请求。

import requests

burp0_url = "https://vulnerable-website.com:443/"
burp0_cookies = {[redacted]}
burp0_headers = {"Host": "bad-stuff-here", "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://vulnerable-website.com/", "Connection": "close", "Upgrade-Insecure-Requests": "1"}

output = requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)

print(output, output.text)

我尝试GET在标头字典 ( header = {"GET":" / HTTP/1.1", ...}) 中指定请求,但这只会导致第 6 行的 GET标头而不是r 请求被发送:

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Connection: close
GET: /
Host: bad-stuff-here
Accept-Language: en-US,en;q=0.5
Referer: https://vulnerable-website.com/
Upgrade-Insecure-Requests: 1
Cookie: [redacted]

这是一个非常具体的问题,我不确定是否有人遇到过同样的问题,但感谢您的帮助。也许是 urllib 的解决方法或我缺少的东西。谢谢。

4

1 回答 1

0

requestsurllib3在引擎盖下使用。您必须自己制作请求,因为非客户端 [urllib, requests, http.client] 不允许您按设计插入控制字符。

您可以为此使用普通套接字

msg = 'GET / HTTP/1.1\r\n\r\n'
s = socket.create_connection(("vulnerable-website.com", 80))
with closing(s):
    s.send(msg)
    buf = ''.join(iter(partial(s.recv, 4096), ''))
于 2020-11-26T01:34:38.133 回答