网址:https://tool2-mml.sjtu.edu.cn/VRprofile/VRprofile.php
这个网站需要上传文件
思路抓包看下网络请求 开始看的时候发现没啥
然后用wireshark 看了下 发现文件上传了
由于是php所以百度了一下格式写成了python脚本 上传发现成功Sucess
于是分析请求里的参数 看见了个是
1.请求头随机字符 2.还有cookies为解决
先看随机字符 发现 字符引用 首页 自定义参数 于是自己定义名字上传服务器发现可以 然后其他随机字符可以自定义
然后看cookies 发现网站引用多个站cookies 删除cookies 发现未生成新的cookeis 就不用分析了
脚本的话放在下面 交流学习
import re import requests import time # cookies = { # 'cookie_consent_user_accepted': 'true', # '_ga': 'GA1.3.1321479164.1661655058', # '_gid': 'GA1.3.493434445.1661655058', # 'cookie_consent_level': '%7B%22strictly-necessary%22%3Atrue%2C%22functionality%22%3Atrue%2C%22tracking%22%3Atrue%2C%22targeting%22%3Atrue%7D', # } def put_file(filename, id): headers = { 'Host': 'tool2-mml.sjtu.edu.cn', 'Cache-Control': 'max-age=0', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Microsoft Edge";v="104"', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"Windows"', 'Upgrade-Insecure-Requests': '1', 'Origin': 'https://tool2-mml.sjtu.edu.cn', 'Content-Type': 'multipart/form-data; boundary=----WebKitFormBoundaryPnrYhj4aC8y9CD0E', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36 Edg/104.0.1293.70', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Sec-Fetch-Site': 'same-origin', 'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-User': '?1', 'Sec-Fetch-Dest': 'document', 'Referer': 'https://tool2-mml.sjtu.edu.cn/VRprofile/VRprofile.php', 'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6', } data = '------WebKitFormBoundaryPnrYhj4aC8y9CD0E/nContent-Disposition: form-data; name="inputFile"; filename="{}"/nContent-Type: application/octet-stream/n/n{}------WebKitFormBoundaryPnrYhj4aC8y9CD0E/nContent-Disposition: form-data; name="optionsRadios"/n/nChromosome/n------WebKitFormBoundaryPnrYhj4aC8y9CD0E/nContent-Disposition: form-data; name="entry"/n/n{}/n------WebKitFormBoundaryPnrYhj4aC8y9CD0E--/n'.format( filename, open(fr'{filename}', 'rb').read().decode('utf-8'), id) response = requests.post('https://tool2-mml.sjtu.edu.cn/cgi-bin/VRprofile/VRprofile1.cgi', headers=headers, data=data) print(response.status_code, f'上传成功 网址 https://tool2-mml.sjtu.edu.cn/VRprofile/angular1.php?ty=c&job={id}') def dispose_page(): headers = { 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6', 'Cache-Control': 'no-cache', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Referer': 'https://tool2-mml.sjtu.edu.cn/VRprofile/VRprofile.php', 'Sec-Fetch-Dest': 'document', 'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-Site': 'same-origin', 'Sec-Fetch-User': '?1', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36 Edg/104.0.1293.70', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Microsoft Edge";v="104"', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"Windows"', } response = requests.get('https://tool2-mml.sjtu.edu.cn/VRprofile/VRprofile.php', headers=headers) if response.status_code == 200: id = re.findall('randomString = "(.+)";', response.text)[0] print(id) if __name__ == '__main__': # put_file('Bacillus thuringiensis 34.fasta','bbbbbbb') dispose_page()
View Code
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/282688.html