一个很好的python代理脚本(给sqlmapapi发送请求的玩意),函数可以参考拿着用呗
2015-08-18 16:56
706 查看
req2sqlmap.py #encoding=utf-8 import urllib import urllib2 import re import json from urlparse import urlparse #每一个分布式客户端需要又一个唯一的clientid,否则会引起冲突 #如果重启代理,相当于添加一个新的client,因此也需要更换clientid ClintId="f3ca2b6f1b2fc73f148b6cbd0db70f42" #sqlmapapiurl 注意后面不能有 / sqlmapapiurl="http://127.0.0.1:8775" def getSeqKey(reqresdata): reqresdata=str(reqresdata) index=reqresdata.index('#') seq=reqresdata[0:index] return def getSeqNum(reqresdata): reqresdata=str(reqresdata) index=reqresdata.index('#') reqresdata=reqresdata[index+2:] index=reqresdata.index('#') seq=reqresdata[0:index] return seq #生成用户唯一的标识 def generateSeq(reqresseq): return str(reqresseq)+str(ClintId) def doGet(url,cookies='',ua=''): req=urllib2.Request(url) if cookies!='': req.add_header('Cookie',cookies) if(''==ua): req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36') else: req.add_header('User-Agent',ua) f=urllib2.urlopen(req) return f.read() def doPost(url,data='',cookies='',ua=''): if data=='': data={} req=urllib2.Request(url,data,{'Content-Type': 'application/json'}) if cookies!='': req.add_header('Cookie',cookies) if(''==ua): req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36') else: req.add_header('User-Agent',ua) f=urllib2.urlopen(req) return f.read() def send2Sqlmap(url,ua,cookie='',body='',otherheaders=''): sqlurl=sqlmapapiurl+'/task/new' resjson=doGet(sqlurl) jsonobj=json.loads(resjson) taskid=jsonobj['taskid'] data={} data['url']=url if(cookie!=[] and cookie!=''): data['cookie']=cookie[0] data['headers']="User-Agent:"+ua[0] if(''!=body): data['data']=body myjsondata=json.dumps(data) sqlurl=sqlmapapiurl+'/scan/'+taskid+'/start' doPost(sqlurl,myjsondata,cookie,ua) if(otherheaders!=''): print otherheaders def sendReq2Api(): return def sendRes2Api(): return def proxy_mangle_request(req): ReqSeqNum=getSeqNum(req) print "ReqSeqNum: "+str(ReqSeqNum) cookie=req.getHeader("Cookie") ua=req.getHeader("User-Agent") body=req.body url=req.url if(req.method=="CONNECT"): url="https://"+url if(isHavaParam(url,body)): send2Sqlmap(url,ua,cookie,body) print "send["+url+"]to sqlmapapi" return req def proxy_mangle_response(res): #print res print "ResSeq: "+str(getSeqNum(res)) return res def fileNameCheck(urlpath): i = len(urlpath) - 1 while i > 0: if urlpath[i] == '/': break i = i - 1 filename=urlpath[i+1:len(urlpath)] print "Filename: ",filename res=filename.split('.') if(len(res)>1): extname=res[-1] ext=["css","js","jpg","jpeg","gif","png","bmp","html","htm","swf","ico","ttf","woff","svg","cur","woff2"] for blacklist in ext: if(extname==blacklist): return False return True def isHavaParam(urlori,body=''): url = urlparse(urlori) #放过管理地址URL if(url.hostname=='termite.xseclab.com'): return False if not fileNameCheck(url.path): return False if(''!=body or url.params!='' or url.query!='' or url.username!=None or url.password!=None): return True #you can add your own filter here! return False
相关文章推荐
- 03-树1. 二分法求多项式单根(20) Python
- 使用python进行系统资源使用率监控
- python脚本测试网站响应时间
- python内置函数汇总(1)
- Python——内置类型
- openCV—Python(10)—— 图像阈值化处理
- Head First Python 学习笔记-Chapter3:文件读取和异常处理
- Python各进制间的转换
- 如何入门 Python 爬虫?
- openCV—Python(9)—— 图像平滑与滤波
- python的import与from...import的不同之处
- 13 面向对象编程 - 《Python 核心编程》
- cxfreeze的安装问题 以及将打包Python3.4 成exe文件
- python读写文件,和设置文件的字符编码比如utf-8
- django框架中使用Python的xlrd和xlwt进行excel表的导入和导出
- 12 模块 - 《Python 核心编程》
- python struct中pack和unpack
- Coco2d-x android win7 Python 游戏开发环境的搭建
- Mac 學習系列之Python Challenge 11-20
- python对象数据的读写权限