- 21 Eki 2015
- 477
- 1
Python Request Module:
First of all hello, I cant be with you for a long time and I wanted to leave at least one topic while I was going. I will explain the request module in Python.
What is it?
Requests module, as in its slogan -Http for Humans-, is a module that allows you to send organic url packages based on urllib3.
Loading:
Requests module can be easily installed as pip install requests.
What can you do:
You can write Brute force attack script
You can send HTTP requests.
You can see the unicode conversion format of a site.
And many more...
Examples of use:
As we can see, HTTP returned 200. What is this 200?:
200 OK.
201 Created
202 Accepted
203 Non-Authoritative Information
204 No content
205 Reset Content
206 Partial Content
207 Multi-Status WebDAV
210 Content Different WebDAV
Of course, we all know the 404 best. Page not found. Indicates successful at 200. Now lets look at the unicode format:
As we can see, it is utf-8. We can also access the content codes on the site displayed page. (We accessed Chrome as CTRL + U)
PARAMETERS IN GET METHOD:
We gave a little example from the get method at the top. Files in the site can be assigned to the variable by using parameters in the site URL.
For example...
"http://www.sallatykka.com/web/index.php?id=31"
Let this be our sample site. (There is a SQL vulnerability by the way)
Here the parameter 31 after the id value.
He will give us the exact URL, so whats the use of that?
If we continuously increase the id value here by 1 and return those that return a number other than base value. (look: HTTP status codes) we can make a web crawler.
Let me tell you example:
1. Import Request Module
2. Lets request and id value from the user
3. Lets put the id value on url
4. If it returns 200, lets write it in a list.
JSON:
First of all.. What is Json?
JSON According to Google:
JSON is a javascript-based data interchange format used as an alternative to XML, which is independent of the programming language. The purpose of JSON is to send and receive data in smaller sizes while exchanging data. With these features JSON cn create very fast web applications.
Example:
So how do we take advantage of this JSON?
The .json() feature of the requests module is just for this. We talked about the GET parameter above. Here we can decode JSON with a small snippet of code.
Example:
As you can see, he returned a text that started and continued throughout.
It can also be used with the json library.
The only thing we dont mention in the above snippet is the POST method. Lets pass immediately.
POST:
Post requests are usually used when we dont want them to appear in the URL. For example, the data we write in the get method would be shown in the address bar but not in the post.
For example, in web history, it prevents our information from appearing in the address bar of a previous site.
Use in Python:
What if we did the same with GET?
You saw the difference, didnt you? Thats where the POST method comes in handy.
Return titles:
Just remember the example of tour: met.l. Lets say there are dozens of titles and we should choose one. How would we do it?
The structure called .headers is the method we need the most for these days. Although its use is quite similar to get and post, there are slight differences. How is it?
Of course, there are different methods here like most of the time.
SESSION:
Sometimes we need to use cookies when making connections over HTTP. In such cases we use session. In addition, if you send multiple requests to the same host, TCP provides a significant performance boost when repeated. (Ex. Brute Force)
Simply;
It is used in this way. You can also see the use of my wordpress brute force tool.
Thats it for today. Take care. See you in my other article.
Source: https://www.turkhackteam.org/python/1448998-python-requests-modulu-kullanimi.html
First of all hello, I cant be with you for a long time and I wanted to leave at least one topic while I was going. I will explain the request module in Python.
What is it?
Requests module, as in its slogan -Http for Humans-, is a module that allows you to send organic url packages based on urllib3.
Loading:
Requests module can be easily installed as pip install requests.
What can you do:
You can write Brute force attack script
You can send HTTP requests.
You can see the unicode conversion format of a site.
And many more...
Examples of use:
Kod:
>>> import requests #modülümüzü içe aktaralım
>>> r = requests.get('https://github.com/login', auth=('Hacknology', ŞİFRE)) #github'a bağlanalım. Herhangi bir site olabilir bu
>>> r.status_code #Başarılı olmuş mu diye bakalım
200
As we can see, HTTP returned 200. What is this 200?:
200 OK.
201 Created
202 Accepted
203 Non-Authoritative Information
204 No content
205 Reset Content
206 Partial Content
207 Multi-Status WebDAV
210 Content Different WebDAV
Of course, we all know the 404 best. Page not found. Indicates successful at 200. Now lets look at the unicode format:
Kod:
>>> r.encoding
'utf-8'
As we can see, it is utf-8. We can also access the content codes on the site displayed page. (We accessed Chrome as CTRL + U)
Kod:
>>> r.text
PARAMETERS IN GET METHOD:
We gave a little example from the get method at the top. Files in the site can be assigned to the variable by using parameters in the site URL.
For example...
"http://www.sallatykka.com/web/index.php?id=31"
Let this be our sample site. (There is a SQL vulnerability by the way)
Here the parameter 31 after the id value.
Kod:
import requests
r = requests.get("http://www.sallatykka.com/web/index.php",
params = {'id':31})
print(r.url)
He will give us the exact URL, so whats the use of that?
If we continuously increase the id value here by 1 and return those that return a number other than base value. (look: HTTP status codes) we can make a web crawler.
Let me tell you example:
1. Import Request Module
2. Lets request and id value from the user
3. Lets put the id value on url
4. If it returns 200, lets write it in a list.
Kod:
import requests
id_deger = int(input('[*]Bir id değeri girin: '))
r = requests.get("http://www.sallatykka.com/web/index.php",
params = {'id':id_deger})
if r.status_code == 200:
print('Bulundu!')
print(r.url)
Kod:
[*]Bir id değeri girin: 32
Bulundu!
http://www.sallatykka.com/web/index.php?id=32
>>>
JSON:
First of all.. What is Json?
JSON According to Google:
JSON is a javascript-based data interchange format used as an alternative to XML, which is independent of the programming language. The purpose of JSON is to send and receive data in smaller sizes while exchanging data. With these features JSON cn create very fast web applications.
Example:
Kod:
{
"tur":"met.l",
"grup":"System of a Down"
}
So how do we take advantage of this JSON?
The .json() feature of the requests module is just for this. We talked about the GET parameter above. Here we can decode JSON with a small snippet of code.
Example:
Kod:
>>> import requests
r = requests.get('https://api.github.com/events')
>>> r.json()
[{'type': 'CreateEvent', 'id': '5226537554', 'actor': {'id': 12762300, 'gravatar_id': '', ...
As you can see, he returned a text that started and continued throughout.
It can also be used with the json library.
Kod:
>>> import json
>>> import requests
>>> url = "https://api.github.com/some/endpoint"
>>> hckn0 = {'some': 'data'}
>>> r.requests.post(url, data=json.dumps(hckn0))
>>> r = requests.post(url, data=json.dumps(hckn0))
>>> print(r.text)
{"message":"Not Found","docu_mentation_url":"https://developer.github.com/v3"}
The only thing we dont mention in the above snippet is the POST method. Lets pass immediately.
POST:
Post requests are usually used when we dont want them to appear in the URL. For example, the data we write in the get method would be shown in the address bar but not in the post.
For example, in web history, it prevents our information from appearing in the address bar of a previous site.
Use in Python:
Kod:
>>> payl = {'key1': 'value1', 'key2': 'value2'}
>>> r = requests.post("http://httpbin.org/post", data=payl)
>>> print(r.text)
{
"args": {},
"data": "",
"files": {},
"form": {
"key1": "value1",
"key2": "value2"
},
"headers": {
"Accept": "*/*",
"Accept-Encoding": "gzip, deflate",
"Content-Length": "23",
"Content-Type": "application/x-www-form-urlencoded",
"Host": "httpbin.org",
"User-Agent": "python-requests/2.13.0"
},
"json": null,
"origin": "62.248.25.231",
"url": "http://httpbin.org/post"
}
What if we did the same with GET?
Kod:
>>> r = requests.get("http://httpbin.org/post", data=payl)
>>> print(r.text)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<p>The method is not allowed for the requested URL.</p>
You saw the difference, didnt you? Thats where the POST method comes in handy.
Return titles:
Just remember the example of tour: met.l. Lets say there are dozens of titles and we should choose one. How would we do it?
The structure called .headers is the method we need the most for these days. Although its use is quite similar to get and post, there are slight differences. How is it?
Kod:
r = requests.post("http://httpbin.org/post", data=payl)
>>> r.headers['Content-Type']
'application/json'
>>>
Of course, there are different methods here like most of the time.
Kod:
>>> r.headers.get('content-type')
'application/json'
SESSION:
Sometimes we need to use cookies when making connections over HTTP. In such cases we use session. In addition, if you send multiple requests to the same host, TCP provides a significant performance boost when repeated. (Ex. Brute Force)
Simply;
Kod:
>>> import requests
>>> s = requests.Session()
>>> s.get('http://httpbin.org/cookies/set/sessioncookie/123456789')
<Response [200]>
>>> r = s.get('http://httpbin.org/cookies')
>>> print(r.text)
{
"cookies": {
"sessioncookie": "123456789"
}
}
>>>
It is used in this way. You can also see the use of my wordpress brute force tool.
Kod:
r = session.post(site, data={"log":"admin","pwd":sifre},timeout=5)
Thats it for today. Take care. See you in my other article.
Source: https://www.turkhackteam.org/python/1448998-python-requests-modulu-kullanimi.html
Traslator: Provido