python—POST/GET请求数据包,图片验证码自动化识别,pytesseract
项目内容:
模拟用户正常登录Binzcms系统,对登录Binzcms系统进行自动化识别图片验证码,使用get与post一次的请求登录数据包。
参考:/lodog1/article/details/46317983
/question/812096437257674332.html
/goldd/p/5457229.html
1、环境部署
在服务器部署Binzcms系统,下载地址下载/43/3133.htm
可以正常访问:http://192.168.40.239/binzcms1/index.php
安装fiddler 4抓包软件,设置好代理端口
2、正常登录一次抓取数据包
1)抓取最新图片验证码的get请求数据包
GET http://192.168.40.239/binzcms1/index.php?ctl=code&ctl=code HTTP/1.1Host: 192.168.40.239User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/0101 Firefox/25.0Accept: image/png,image/*;q=0.8,*/*;q=0.5Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://192.168.40.239/binzcms1/index.phpCookie: style=styles4; PHPSESSID=ln66cf35h5dh24o61i4jqn1hg7Connection: keep-aliveHTTP/1.1 200 OKDate: Sun, 17 Dec 02:27:13 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45X-Powered-By: PHP/5.4.45Expires: 0Cache-Control: no-cachePragma: no-cacheKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: image/pngContent-Length: 270 PNGIHDR 2 EPLTE ȫ T< , S 2 c= QI K&Kq d - #f7 l ! ddd0=2 v IDAT(*** FIDDLER: RawDisplay truncated at 128 characters. Right-click to disable truncation. ***
2)抓取正常登录的POST请求数据包(所有参数正确)
POST http://192.168.40.239/binzcms1/index.php?ctl=member&act=front_member_login HTTP/1.1Host: 192.168.40.239User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/0101 Firefox/25.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://192.168.40.239/binzcms1/index.phpCookie: style=styles4; PHPSESSID=ln66cf35h5dh24o61i4jqn1hg7Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 73username=xwb&password=173605852&login_code=crgw&button=%E7%99%BB%E5%BD%95HTTP/1.1 302 FoundDate: Sun, 17 Dec 02:30:52 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45X-Powered-By: PHP/5.4.45Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheLocation: http://192.168.40.239/binzcms1/index.phpKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Content-Length: 0
3)抓取错误图片验证码登录的POST请求数据包
POST http://192.168.40.239/binzcms1/index.php?ctl=member&act=front_member_login HTTP/1.1Host: 192.168.40.239User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/0101 Firefox/25.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://192.168.40.239/binzcms1/index.phpCookie: style=styles4; PHPSESSID=ln66cf35h5dh24o61i4jqn1hg7Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 73username=xwb&password=173605852&login_code=wwww&button=%E7%99%BB%E5%BD%95HTTP/1.1 200 OKDate: Sun, 17 Dec 02:43:43 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45X-Powered-By: PHP/5.4.45Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheContent-Length: 1917Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8<link href="admin/styles/general.css" rel="stylesheet" type="text/css" /><link href="admin/styles/main.css" rel="stylesheet" type="text/css" /><style type="text/css">li {float:left;margin:5px;}</style><body><h1><span class="action-span1"><a href="">Binzcms 提示信息</a></span><div style="clear:both"></div></h1><div class="list-div"><div style="background:#FFF; padding: 20px 0px; margin: 2px;"><table width="100%"><tr><td width="138" align="right" valign="top"><img src="admin/images/information.gif" width="32" height="32" border="0" alt="information" /> </td><td width="821" style="font-size: 14px; font-weight: bold">您输入的验证码错误,请从新输入</td></tr><tr><td></td><td id="redirectionMsg">2秒钟后自动跳转<!--n秒后自动跳转--></td></tr><tr><td> </td><td><ul style="margin:0; padding:0 10px;float:left;" class="msg-link"><li><a href="">如果浏览器无反应,点击此链接进入</a></li></ul></td></tr></table></div></div><div id="footer">版权所有 © - BINZCMS团队,并保留所有权利。</div></body><script language="JavaScript"><!--var seconds = 2;var defaultUrl = "";onload = function(){if (defaultUrl == 'javascript:history.go(-1)' && window.history.length == 0){document.getElementById('redirectionMsg').innerHTML = '';return;}window.setInterval(redirection, 1000);}function redirection(){if (seconds <= 0){window.clearInterval();return;}seconds --;if (seconds == 0){window.clearInterval();location.href = defaultUrl;}}//--></script>
3、在KALI linux上模拟用户登录系统
1)在KALI linux上创建存放实时获取到最新的图片验证码的文件(pic.png)与文件夹路径
root@kali:~/python/laowangpy/function# pwd/root/python/laowangpy/functionroot@kali:~/python/laowangpy/function# root@kali:~/python/laowangpy/function# lspic.png postloginbinzcmsauto.pyroot@kali:~/python/laowangpy/function#
2)模拟用户登录系统的python源码:
root@kali:~/python/laowangpy/function# cat postloginbinzcmsauto.py #!/usr/bin/python# --*-- coding:utf-8 --*--import stringimport urllibimport urllib2import Imagefrom pytesseract import *def getpicyanzhengma():#实时请求服务器最新的验证码,并保存pic.png图片格式,与服务器互动urlget = "http://192.168.40.239/binzcms1/index.php"ctl = {"ctl":"code"}ctldata = urllib.urlencode(ctl)reqget = urllib2.Request(urlget+'?'+ctldata)#构造get请求与参数#添加get请求的头信息reqget.add_header("Host","192.168.40.239")reqget.add_header("User-Agent","Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/0101 Firefox/25.0")reqget.add_header("Accept","image/png,image/*;q=0.8,*/*;q=0.5")reqget.add_header("Accept-Language","zh-CN,zh;q=0.8,en-us;q=0.5,en;q=0.3")reqget.add_header("Accept-Encoding","gzip,deflate")reqget.add_header("Referer","http://192.168.40.239/binzcms1/index.php")reqget.add_header("Cookie","style=styles4; PHPSESSID=1kq6ich50b6cb6g3rl75ct2ta4")reqget.add_header("Connection","keep-alive")#使用本机进行代理抓包,查看详细的数据包proxy_handler = urllib2.ProxyHandler({'http': '192.168.40.1:4455'})opener = urllib2.build_opener(proxy_handler)urllib2.install_opener(opener)#resget = urllib2.urlopen(reqget)resgetdata = resget.read()#对get请求的数据回包的图片验证码数据,保存为pic.png的图片f = open("/root/python/laowangpy/function/pic.png","wb")f.write(resgetdata)f.close()def downloadpic():#在特别指定URL地址去下载图片验证码,并保存为pic.png的图片,本项目未使用该函数模块。pic_url = "http://192.168.40.239/binzcms1/index.php?ctl=code"pic_data_url = urllib2.urlopen(pic_url)pic_data = pic_data_url.read()f = open("/root/python/laowangpy/function/pic.png","wb")f.write(pic_data)f.close()def picyanzhengma():#使用pytesseract识别从目标服务器实时下载到最新图片验证码im = Image.open("/root/python/laowangpy/function/pic.png")text = image_to_string(im)#print textreturn text#downloadpic()getpicyanzhengma()#第一步,get请求图片验证码picyanzhengma()#调用pytesseract识别图片验证码,并保存为文本文件yanzhengma = picyanzhengma()#把函数picyanzhengma返回的文件信息的字值,再赋值给yanzhengmadef postpicyanzhengma(yanzhengma):#POST请求登录模块。增加头信息,并携带post请求数据,与服务器互动url = "http://192.168.40.239/binzcms1/index.php?ctl=member&act=front_member_login"#请求post的url地址values = {"username":"xwb","password":"173605852","login_code":yanzhengma,"button":"登录"}#请求的URL地址,post表单数据信息#print values["login_code"]#查询字典特定key的value值#在post请求中定义头信息headers = {"Host":"192.168.40.239","User-Agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/0101 Firefox/25.0","Accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3","Accept-Encoding" : "gzip,deflate","Referer" : "http://192.168.40.239/binzcms1/index.php","Cookie" : "style=styles4; PHPSESSID=1kq6ich50b6cb6g3rl75ct2ta4","Connection" : "keep-alive","Content-Type" : "application/x-www-form-urlencoded","Content-Length": "73"}data = urllib.urlencode(values)#请求post表单数据req = urllib2.Request(url,data,headers)#请求数据)#使用本机进行代理抓包,查看详细的数据包proxy_handler = urllib2.ProxyHandler({'http': '192.168.40.1:4455'})#抓包opener = urllib2.build_opener(proxy_handler)urllib2.install_opener(opener)#启用post请求response = urllib2.urlopen(req)#打开请求的数据the_page = response.read()#读取并缓存请求到的数据print the_page#打印请求到的页面print "你请求到页面数据包为%d字节" %len(the_page)#计算请求到的页面数据大小postpicyanzhengma(yanzhengma)#第二步,登录post请求root@kali:~/python/laowangpy/function#
3、python脚本运行情况:
1)脚本代码运行后,正常模拟用户登录系统正常
root@kali:~/python/laowangpy/function# python postloginbinzcmsauto.py Tesseract Open Source OCR Engine v3.02 with LeptonicaTesseract Open Source OCR Engine v3.02 with Leptonica<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Binzcms内容管理系统</title><meta name="keywords" content="binzcms,内容管理系统" /><meta name="description" content="好用的内容管理系统" /><link type="text/css" rel="stylesheet" href="http://192.168.40.239/binzcms1/templates/default/css/style.css" /><link type="text/css" rel="stylesheet" href="http://192.168.40.239/binzcms1/templates/default/css/index.css" /><link type="text/css" rel="stylesheet" href="http://192.168.40.239/binzcms1/templates/default/css/ie.css" /></head><body><div id="container"><div id="header"><div id="top"><div id="alreadyLogin"><span id="whois"><strong>xwb</strong>,欢迎回来!</span>|<span><img src="http://192.168.40.239/binzcms1/templates/default/images/house.png" /><a href="index.php?ctl=home&act=front_home">会员中心</a></span>|<span><a href="index.php?ctl=member&act=front_member_out">退出</a></span></div><!-- end of alreadyLogin --><div id="miniSearch"><form action="index.php" method="get"><input type="hidden" name="ctl" value="search" /><input type="hidden" name="act" value="front_all_search" /><input type="text" name="keywords" id="keywords" class="textInput" /><input type="submit" name="button3" id="button3" class="btnInput" value="搜索" /></form></div><!-- end of miniSearch --></div><!-- end of top --><div id="topMiddle"><div id="logo"><h1><a href="http://192.168.40.239/binzcms1">Binzcms内容管理系统</a></h1></div><!-- end of logo --><ul id="miniLinks"><li><a href="index.php?ctl=home&act=front_home">会员中心</a></li><li><a href="index.php?ctl=guestbook">我要留言</a></li><li class="rss-icon"><a href="index.php?ctl=rss&act=front_rss" target="_blank">RSS</a></li></ul><!-- end of miniLinks --></div><!-- end of topMiddle --><div id="topBottom"><ul id="mainNav"><li class="current"><span><a href="http://192.168.40.239/binzcms1">首页</a></span></li><li ><span><a href="http://192.168.40.239/binzcms1/index.php?ctl=class&act=front_class&class_id=10" >国内新闻</a></span></li><li ><span><a href="http://192.168.40.239/binzcms1/index.php?ctl=class&act=front_class&class_id=11" >国际新闻</a></span></li><li ><span><a href="http://192.168.40.239/binzcms1/index.php?ctl=class&act=front_class&class_id=12" >图片新闻</a></span></li><li ><span><a href="http://192.168.40.239/binzcms1/index.php?ctl=class&act=front_class&class_id=13" >官方论坛</a></span></li><li ><span><a href="http://192.168.40.239/binzcms1/index.php?ctl=guestbook">留言板</a></span></li></ul><!-- enf of mainNav --></div><!-- end of topBottom --></div><!-- end of header --><div id="main"><div class="right-main"><div class="sub-wrap"><div class="right-half simple-h2" style="margin-right:20px;"><h2><ul class="tabs" id="firstTab"><li class="active" onmouseover="nTabs(this,0);"><span>最新资讯<!--最新资讯--></span></li><li onmouseover="nTabs(this,1);"><span>焦点新闻<!--焦点新闻--></span></li></ul><!-- enf of tabs --><span class="more"><a href="index.php?ctl=search&act=front_all_search" target="_blank">更多</a><!--更多--></span></h2><div id="firstTab_0" class="tab-content"><ul class="whole-list"><li><a href="index.php?ctl=article&act=front_article_content&article_id=26" target="_blank" title="网络团购调查:96%企业有融资意向存十大隐忧"><font color="#fd6600">网络团购调查:96%企业有融资意向存十大隐忧</font></a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=25" target="_blank" title="墨西哥湾原油泄漏">墨西哥湾原油泄漏</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=24" target="_blank" title="第五届海峡(福州)渔业博览会将在福州开展"><font color="#0000fe">第五届海峡(福州)渔业博览会将在福州开展</font></a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=23" target="_blank" title="中秋前夜 祭月典礼重现京城(高清组图)">中秋前夜 祭月典礼重现京城(高清组图)</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=22" target="_blank" title="河北廊坊“炫动金秋”购车节十一举办">河北廊坊“炫动金秋”购车节十一举办</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=21" target="_blank" title="组图:新发现比校花更美的民间美女">组图:新发现比校花更美的民间美女</a></li></ul><!-- enf of whole-list --></div><!-- enf of firstTab_0 --><div id="firstTab_1" class="tab-content" style="display:none;"><ul class="whole-list"><li><a href="index.php?ctl=article&act=front_article_content&article_id=21" target="_blank" title="组图:新发现比校花更美的民间美女">组图:新发现比校花更美的民间美女</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=24" target="_blank" title="第五届海峡(福州)渔业博览会将在福州开展"><font color="#0000fe">第五届海峡(福州)渔业博览会将在福州开展</font></a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=20" target="_blank" title="高清组图:高清:“星姐”选举全国总冠军诞生">高清组图:高清:“星姐”选举全国总冠军诞生</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=17" target="_blank" title="中国老年人占全世界22% 去年底已达1.67亿人">中国老年人占全世界22% 去年底已达1.67亿人</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=18" target="_blank" title="中国将于近日择机发射“遥感卫星十一号”"><font color="#fd6600">中国将于近日择机发射“遥感卫星十一号”</font></a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=19" target="_blank" title="香港国泰航空以约16亿美元向波音购买6架飞机">香港国泰航空以约16亿美元向波音购买6架飞机</a></li></ul><!-- enf of whole-list --></div><!-- enf of firstTab_1 --></div><!-- enf of right-half --><div class="right-half simple-h2"><h2><span class="tit"><em>推荐资讯<!--推荐资讯--></em></span><span class="more"><a href="index.php?ctl=search&act=front_all_search" target="_blank">更多</a></span></h2><ul class="whole-list"><li><a href="index.php?ctl=article&act=front_article_content&article_id=17" target="_blank" title="中国老年人占全世界22% 去年底已达1.67亿人">中国老年人占全世界22% 去年底已达1.67亿人</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=18" target="_blank" title="中国将于近日择机发射“遥感卫星十一号”"><font color="#fd6600">中国将于近日择机发射“遥感卫星十一号”</font></a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=19" target="_blank" title="香港国泰航空以约16亿美元向波音购买6架飞机">香港国泰航空以约16亿美元向波音购买6架飞机</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=20" target="_blank" title="高清组图:高清:“星姐”选举全国总冠军诞生">高清组图:高清:“星姐”选举全国总冠军诞生</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=22" target="_blank" title="河北廊坊“炫动金秋”购车节十一举办">河北廊坊“炫动金秋”购车节十一举办</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=23" target="_blank" title="中秋前夜 祭月典礼重现京城(高清组图)">中秋前夜 祭月典礼重现京城(高清组图)</a></li></ul><!-- enf of whole-list --></div><!-- enf of right-half --><div class="clear"></div></div><!-- enf of sub-wrap --><div class="sub-wrap" id="search"><ul id="searchTab"><li onclick="nTabs(this,0);" class="active">全部<!--全部--></li><li onclick="nTabs(this,1);">资讯<!--资讯--></li><li onclick="nTabs(this,2);">图片<!--图片--></li></ul><!-- enf of searchTab --><div id="searchTab_0" class="search-content"><form action="index.php" method="get"><input type="hidden" name="ctl" value="search" /><input type="hidden" name="act" value="front_all_search" /><input type="text" name="keywords" id="keywords" class="textInput" /><input type="submit" name="button4" id="button4" class="btnInput" value="搜索" /></form></div><!-- enf of searchTab_0 --><div id="searchTab_1" class="search-content" style="display:none;"><form action="index.php" method="get"><input type="hidden" name="ctl" value="search" /><input type="hidden" name="act" value="front_article_search" /><input type="text" name="keywords" id="keywords" class="textInput" /><input type="submit" name="button4" id="button4" class="btnInput" value="搜索" /></form></div><!-- enf of searchTab_1 --><div id="searchTab_2" class="search-content" style="display:none;"><form action="index.php" method="get"><input type="hidden" name="ctl" value="search" /><input type="hidden" name="act" value="front_image_search" /><input type="text" name="keywords" id="keywords" class="textInput" /><input type="submit" name="button4" id="button4" class="btnInput" value="搜索" /></form></div><!-- enf of searchTab_2 --></div><!-- enf of search --><div class="sub-wrap bg-h2"><h2><em>国内新闻</em><span class="more"><a href="index.php?ctl=class&act=front_class&class_id=10" target="_blank">更多</a></span></h2><div class="right-half"><ul class="pic-list"><li><div class="thumb"><a href="index.php?ctl=article&act=front_article_content&article_id=26" target="_blank"><img src="http://192.168.40.239/binzcms1/upload/uppic/09/1285157759839133.jpg" /></a></div><!-- enf of thumb --><p><a href="index.php?ctl=article&act=front_article_content&article_id=26" target="_blank"><font color="#fd6600">网络团购调查:96%企业有融资意向存十大隐忧</font></a></p></li><li><div class="thumb"><a href="index.php?ctl=article&act=front_article_content&article_id=24" target="_blank"><img src="http://192.168.40.239/binzcms1/upload/uppic/09/12851550681499554651.jpg" /></a></div><!-- enf of thumb --><p><a href="index.php?ctl=article&act=front_article_content&article_id=24" target="_blank"><font color="#0000fe">第五届海峡(福州)渔业博览会将在福州开展</font></a></p></li><li><div class="thumb"><a href="index.php?ctl=article&act=front_article_content&article_id=23" target="_blank"><img src="http://192.168.40.239/binzcms1/upload/uppic/09/12851543409247323.jpg" /></a></div><!-- enf of thumb --><p><a href="index.php?ctl=article&act=front_article_content&article_id=23" target="_blank">中秋前夜 祭月典礼重现京城(高清组图)</a></p></li><div class="clear"></div></ul><!-- enf of pic-list --></div><!-- enf of right-half --><div class="right-half"><ul class="whole-list" style="margin:15px 8px 8px 18px;"><li><a href="index.php?ctl=article&act=front_article_content&article_id=26" target="_blank"><font color="#fd6600">网络团购调查:96%企业有融资意向存十大隐忧</font></a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=24" target="_blank"><font color="#0000fe">第五届海峡(福州)渔业博览会将在福州开展</font></a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=23" target="_blank">中秋前夜 祭月典礼重现京城(高清组图)</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=22" target="_blank">河北廊坊“炫动金秋”购车节十一举办</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=19" target="_blank">香港国泰航空以约16亿美元向波音购买6架飞机</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=18" target="_blank"><font color="#fd6600">中国将于近日择机发射“遥感卫星十一号”</font></a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=17" target="_blank">中国老年人占全世界22% 去年底已达1.67亿人</a></li></ul><!-- enf of whole-list --></div><!-- enf of right-half --><div class="clear"></div></div><!-- enf of sub-wrap --><div class="sub-wrap bg-h2"><h2><em>图片新闻</em><span class="more"><a href="index.php?ctl=class&act=front_class&class_id=12" target="_blank">更多</a></span></h2><div class="right-half"><ul class="pic-list"><li><div class="thumb"><a href="index.php?ctl=article&act=front_article_content&article_id=25" target="_blank"><img src="http://192.168.40.239/binzcms1/upload/uppic/09/12851558141683183648.jpg" /></a></div><!-- enf of thumb --><p><a href="index.php?ctl=article&act=front_article_content&article_id=25" target="_blank">墨西哥湾原油泄漏</a></p></li><li><div class="thumb"><a href="index.php?ctl=article&act=front_article_content&article_id=21" target="_blank"><img src="http://192.168.40.239/binzcms1/upload/uppic/09/1285149406344509034.jpg" /></a></div><!-- enf of thumb --><p><a href="index.php?ctl=article&act=front_article_content&article_id=21" target="_blank">组图:新发现比校花更美的民间美女</a></p></li><li><div class="thumb"><a href="index.php?ctl=article&act=front_article_content&article_id=20" target="_blank"><img src="http://192.168.40.239/binzcms1/upload/uppic/09/128507319153794655.jpg" /></a></div><!-- enf of thumb --><p><a href="index.php?ctl=article&act=front_article_content&article_id=20" target="_blank">高清组图:高清:“星姐”选举全国总冠军诞生</a></p></li><div class="clear"></div></ul><!-- enf of pic-list --></div><!-- enf of right-half --><div class="right-half"><ul class="whole-list" style="margin:15px 8px 8px 18px;"><li><a href="index.php?ctl=article&act=front_article_content&article_id=25" target="_blank">墨西哥湾原油泄漏</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=21" target="_blank">组图:新发现比校花更美的民间美女</a></li><li><a href="index.php?ctl=article&act=front_article_content&article_id=20" target="_blank">高清组图:高清:“星姐”选举全国总冠军诞生</a></li></ul><!-- enf of whole-list --></div><!-- enf of right-half --><div class="clear"></div></div><!-- enf of sub-wrap --></div><!-- end of right-main --><div class="left-side"><div id="slideShow"><script type="text/javascript">var swf_width=285;var swf_height=220;</script><script src="data/flashdata/cycle_image.js"></script></div><!-- enf of slideShow --><div class="bg-h2" id="siteBoard"><h2><em>网站公告<!--网站公告--></em></h2><ul id="boardList"><li><a href="index.php?ctl=other&act=notice_show&article_id=3" target="_blank" title="Binzcms内容管理系统发布!">Binzcms内容管理系统发布!</a></li><li><a href="index.php?ctl=other&act=notice_show&article_id=11" target="_blank" title="Binzcms论坛开放注册">Binzcms论坛开放注册</a></li><li><a href="index.php?ctl=other&act=notice_show&article_id=12" target="_blank" title="Binzcms功能介绍">Binzcms功能介绍</a></li></ul><!-- enf of boardList --></div><!-- enf of siteBoard --><!-- enf of download --><div class="bg-h2" id="poll"><h2><em>投票调查<!--投票调查--></em></h2><form name="vote_form" action="index.php?ctl=other&act=poll_view&vote_id=" method="post"><input type="hidden" name="vote_type" value="" /><h3></h3><form><ul id="pollList"></ul><!-- end of pollList --><div class="textCenter"><input type="submit" class="btnInput" value="提交" /><a href="index.php?ctl=other&act=poll_view&vote_id=">查看结果<!--查看结果--></a></div><!-- end of textCenter --></form></div><!-- enf of bg-h2 --><!-- enf of bg-h2 --></div><!-- end of left-side --><div id="links"><h2>友情链接<!--友情链接--></h2><div id="txtLinks"><a href="" target="_blank" title="Binzcms">Binzcms</a></div><!-- enf of txtLinks --></div><!-- enf of links --></div><!-- end of main --><div id="footer"><ul id="bottomNav"><li><a href="index.php" target="_blank">网站首页</a></li><li><a href=" http://192.168.40.239/binzcms1/index.php?ctl=other&act=footer&article_id=6 " target="_blank">关于我们</a></li><li><a href=" http://192.168.40.239/binzcms1/index.php?ctl=other&act=footer&article_id=7 " target="_blank">服务条款</a></li><li><a href=" http://192.168.40.239/binzcms1/index.php?ctl=other&act=footer&article_id=8 " target="_blank">联系我们</a></li><li><a href=" http://192.168.40.239/binzcms1/index.php?ctl=other&act=footer&article_id=9 " target="_blank">免责声明</a></li><li><a href=" http://192.168.40.239/binzcms1/index.php?ctl=other&act=footer&article_id=10 " target="_blank">网站地图</a></li></ul><!-- enf of bottomNav --><p>Power by <a href="" target="_blank">binzcms v1.0 beta</a> © - All Rights Reserved.</p><p><a href="http://www./" target="_blank">冀ICP备0000000号</a></p></div><!-- end of footer --></div><!-- end of container --><script type="text/javascript">//实现标签切换function nTabs(thisObj,Num){if(thisObj.className == "active")return;var tabObj = thisObj.parentNode.id;var tabList = document.getElementById(tabObj).getElementsByTagName("li");for(i = 0; i < tabList.length; i++){if (i == Num){thisObj.className = "active"; document.getElementById(tabObj+"_"+i).style.display = "block";}else{tabList[i].className = "normal"; document.getElementById(tabObj+"_"+i).style.display = "none";}} }</script> </body></html>你请求到页面数据包为26468字节root@kali:~/python/laowangpy/function#
2)脚本运行被fildder4抓包数据
GET http://192.168.40.239/binzcms1/index.php?ctl=code HTTP/1.1Accept-Language: zh-CN,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip,deflateHost: 192.168.40.239Accept: image/png,image/*;q=0.8,*/*;q=0.5User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/0101 Firefox/25.0Connection: closeReferer: http://192.168.40.239/binzcms1/index.phpCookie: style=styles4; PHPSESSID=1kq6ich50b6cb6g3rl75ct2ta4HTTP/1.1 200 OKDate: Sun, 17 Dec 02:10:45 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45X-Powered-By: PHP/5.4.45Expires: 0Cache-Control: no-cachePragma: no-cacheConnection: closeContent-Type: image/pngContent-Length: 264 PNGIHDR 2 EPLTE M M ݼ ۃq Xs 5ϖ 4 κ 5 _v) K ` Dsr Ȝ , ddd0=2Tb- ~IDAT( *** FIDDLER: RawDisplay truncated at 128 characters. Right-click to disable truncation. ***
POST http://192.168.40.239/binzcms1/index.php?ctl=member&act=front_member_login HTTP/1.1Content-Length: 73Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip,deflateHost: 192.168.40.239Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/0101 Firefox/25.0Connection: closeCookie: style=styles4; PHPSESSID=1kq6ich50b6cb6g3rl75ct2ta4Referer: http://192.168.40.239/binzcms1/index.phpContent-Type: application/x-www-form-urlencodedusername=xwb&button=%E7%99%BB%E5%BD%95&password=173605852&login_code=IETDHTTP/1.1 302 FoundDate: Sun, 17 Dec 02:10:45 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45X-Powered-By: PHP/5.4.45Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheLocation: http://192.168.40.239/binzcms1/index.phpConnection: closeContent-Type: text/html; charset=utf-8Content-Length: 0
