zoukankan      html  css  js  c++  java
  • 黑板客 -- 爬虫闯关 -- 关卡03

    爬虫闯关链接:


    1.  http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex02/


    2.  http://www.heibanke.com/accounts/login


    知识点:cookie & session , csrf , Web编程


    提示:此题有两个登录网址,登录结果完全不一样,第一次跳转进来时显示的是网址1,注册后跳转的是网址2,而只有最开始网址1用上一次注册的帐号密码登录才可以进入正确题目页面,与账单报表那个网页完全没有关系!!!每一次登录会动态赋予不同的CSRF凭证,存在cookie中,需要人为编程动态提取。


    参考代码:


    #!/usr/bin/env python
    # encoding: utf-8
    
    import requests
    import sys
    import re
    reload(sys)
    
    sys.setdefaultencoding("utf-8")
    
    csrf = ""
    username = "Peter"
    password = "112233"
    pw = "0"
    
    payload_login = {
    	"username":username,
    	"password":password,
    	"csrfmiddlewaretoken":csrf
    }
    
    payload_attack = {
    	"username":username,
    	"password":pw,
    	"csrfmiddlewaretoken":csrf
    }
    
    website_signUp = "http://www.heibanke.com/accounts/login"
    website_login = "http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex02/"
    
    s = requests.Session()
    s.get(website_signUp)
    csrf = s.cookies["csrftoken"]
    payload_login["csrfmiddlewaretoken"] = csrf
    s.post(website_login,data=payload_login)
    csrf = s.cookies["csrftoken"]
    
    s.post(website_login)
    payload_attack["csrfmiddlewaretoken"] = s.cookies["csrftoken"]
    for i in range(31):
    	payload_attack["password"] = str(i)
    	resp = s.post("http://www.heibanke.com/lesson/crawler_ex02/",data=payload_attack)
    	if resp.content.find(u"错误".decode("utf8")) == -1:
    		print "[+]FOUND : " + payload_attack["password"]
    		print "
    
    Text: 
    
    " + resp.content
    		break
    	else:
    		print payload_attack["password"]
    		continue
    
    


  • 相关阅读:
    群资料共享
    python 智能合约日志操作
    canvas绘制图片
    rgb随机变色
    直接用css生成三角形的问题
    纯css三层侧边栏效果
    清除浮动终极版本
    懒加载
    html5可以通用的几段代码
    jquery中animate()动画方法
  • 原文地址:https://www.cnblogs.com/csnd/p/12897057.html
Copyright © 2011-2022 走看看