zoukankan      html  css  js  c++  java
  • sqlmap +外部代理池绕过IP拦截

    0x00:前言

    一,基于前面写过给“扫描目录+ N多代理”,这次给sqlmap加一个代理池。用处就是在跑sqlamp注入的时候,防止被ban掉IP。

    二,这个想法是很久之前就有了,只不过这次是自己的研究一下原理结合网上公开的脚本,并用Python写出来的。这次没有创新的知识,纯当做是练习python脚本的编写。

    0x01:思路

    1.先爬取代理网站的代理IP,然后做一下验证,验证是否可用并输出到文本里。

    2.启用本地代理127.0.0.1:5320(5320=我想爱你)

    3.sqlmap加上代理“ --proxy = http://127.0.0.1:5320”

    0x02:过程

    一,获取代理IP

    import requests,re
    url="http://www.89ip.cn/tqdl.html?api=1&num=10"#采用89ip的接口采集
    types="https"
    proxys={}
    #print (url)
    headers={'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 12_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/12.0 Safari/1200.1.25'}
    r=requests.get(url,headers=headers).text
    ip=re.findall("((?:[0-9]{1,3}.){3}[0-9]{1,3})", r)#正则匹配出IP与端口
    port=re.findall("(:d{1,5})", r)#正则匹配出IP与端口
    for i,j in zip(port[2:],ip):
      print (j+i)
    

    二,验证代理IP并输出到文本

    我们来回忆上次提到的Python中代理的编写规则

    proxy={'协议':'ip:端口'}
    

    编写格式:

    tar=requests.get(url,headers=headers,proxies=proxy,timeout=5,verify=False)
    

    获取IP +验证代理

    #/usr/bin/python3
    #author:Jaky
    
    import requests,re
    
    url="http://www.89ip.cn/tqdl.html?api=1&num=9000"#采用89ip的接口采集
    types="https"
    proxys={}
    headers={'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)'}
    r=requests.get(url,headers=headers).text
    ip=re.findall("((?:[0-9]{1,3}.){3}[0-9]{1,3})", r)#正则匹配出IP与端口
    port=re.findall("(:d{1,5})", r)#正则匹配出IP与端口
    for i,j in zip(port[2:],ip):
      proxy=j+i
      print (proxy)
      proxys[types.lower()]='%s'%proxy
      try:
        tar=requests.get("https://ifconfig.me/ip",headers=headers,proxies=proxys,timeout=5,verify=False).text
        if tar in str(proxys):
          with open("ip.txt",'a') as file: file.write(proxy+'
    ') # 保存文件
      except :
        pass  
    

    我这里直接采集9000个+验证

    同时输出结果到“ ip.txt”

    三,完整代码

    #!/usr/bin/env python3
    # coding:utf-8
    
    import socket,time,random,threading,requests,re
    from socket import error
    
    localtime = time.asctime(time.localtime(time.time()))
    
    class ProxyServerTest():
        def __init__(self, proxyip):
            # 本地socket服务
            self.ser = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            self.proxyip = proxyip
            
        def run(self):
            try:
                # 本地服务IP和端口
                self.ser.bind(('127.0.0.1', 5320))
                # 最大连接数
                self.ser.listen(10)
            except error as e:
                print("[-]The local service : " + str(e))
                return "[-]The local service : " + str(e)
    
            while True:
                try:
                    # 接收客户端数据
                    client, addr = self.ser.accept()
                    print('[*]accept %s connect' % (addr,))
                    data = client.recv(1024)
                    if not data:
                        break
                    print('[*' + localtime + ']: Accept data...')
                except error as e:
                    print("[-]Local receiving client : " + str(e))
                    return "[-]Local receiving client : " + str(e)
    
                while True:
                    # 目标代理服务器,将客户端接收数据转发给代理服务器
                    mbsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    
                    print("[!]Now proxy ip:" + str(self.proxyip))
                    prip = self.proxyip[0]
                    prpo = self.proxyip[1]
    
                    try:
                        mbsocket.settimeout(3)
                        mbsocket.connect((prip, prpo))
                    except:
                        print("[-]RE_Connect...")
                        continue
                    break
    
                try:
                    mbsocket.send(data)
                except error as e:
                    print("[-]Sent to the proxy server : " + str(e))
                    return "[-]Sent to the proxy server : " + str(e)
    
                while True:
                    try:
                        # 从代理服务器接收数据,然后转发回客户端
                        data_1 = mbsocket.recv(1024)
                        if not data_1:
                            break
                        print('[*' + localtime + ']: Send data...')
                        client.send(data_1)
                    except socket.timeout as e:
                        print(self. proxyip)
                        print("[-]Back to the client : " + str(e))
                        continue
                # 关闭连接
            client.close()
            mbsocket.close()
              
    def main():
        print('Atuhor:Jaky')
        print('WeChat public number:luomiweixiong')
        file = open("ip.txt","r")
        for i in file:
            ip = i.split(':')
            ip_list = (ip[0],int(ip[1]))
            print(ip_list)
    
            try:
                try_ip = ProxyServerTest(ip_list)
            except Exception as e:
                print("[-]main : " + str(e))
                return "[-]main : " + str(e)
    
        t = threading.Thread(target=try_ip.run, name='LoveJaky')
        print('[*]Waiting for connection...')
        # 关闭多线程
        t.start()
        t.join()
        
    if __name__ == '__main__':
        main()
    

    0x03:总结

    1,使用之前得先爬取代理IP,验证完然后会自动保存在“ ip.txt”里

    2,执行以上代码,然后

    sqlmap.py -u "http://www.xxx.com/1.asp?id=1" --proxy=http://127.0.0.1:5320  

    注:本文转自微信公众号‘ 洛米唯熊’,如有侵权立即删除。

      

      

      

  • 相关阅读:
    多个类定义attr属性重复的问题:Attribute "xxx" has already been defined
    好用的批量改名工具——文件批量改名工具V2.0 绿色版
    得到ImageView中drawable显示的区域的计算方法
    得到view坐标的各种方法
    实现类似于QQ空间相册的点击图片放大,再点后缩小回原来位置
    Material Designer的低版本兼容实现(五)—— ActivityOptionsCompat
    Android 自带图标库 android.R.drawable
    解决 Attempting to destroy the window while drawing!
    解决Using 1.7 requires compiling with Android 4.4 (KitKat); currently using API 4
    Material Designer的低版本兼容实现(四)—— ToolBar
  • 原文地址:https://www.cnblogs.com/xyongsec/p/12689310.html
Copyright © 2011-2022 走看看