async def hook_request(req, url, method, data, headers, payload):
"""
修改请求方式和请求头,请求数据,修复重复跳转问题
await req.respond({'body': 'YO, GOOGLE.COM'})
data = {
'method': 'POST',
'postData': 'paramFoo=valueBar¶mThis=valueThat'
}
await req.continue_(data)
:param req:
:return:
"""
if req.method == method and req.url == url and req.postData == data:
content_type, headers_dic = get_content_type_headers(method, headers)
poc_result = BaseTrafficParser.add_poc_data(url=url,
data=data,
content_type=content_type,
http_method=method,
poc=payload)
try:
overrides = dict()
if poc_result["data"]:
overrides["postData"] = poc_result["data"]
if headers_dic:
overrides["headers"] = headers_dic
if method:
overrides["method"] = method
if poc_result["url"]:
overrides["url"] = poc_result["url"]
await req.continue_(overrides)
except PyppeteerError:
await req.continue_()
else:
await req.continue_()
async def hook_dialog(dialog, url, method, data, headers, celery_task_id,
payload):
"""
hook dialog事件,然后输出payload
:param dialog:
:return:
"""
if dialog.message == PAYLOAD_TAG:
content_type, headers_dic = get_content_type_headers(method, headers)
poc_result = BaseTrafficParser.add_poc_data(url=url,
data=data,
content_type=content_type,
http_method=method,
poc=payload)
poc_result["headers"] = headers_dic
# notify(poc_result, headers, celery_task_id)
add_result_queue(poc_result)
await dialog.dismiss()
def testADDPocData(self):
# 测试增加poc
from common.http_util import HttpMethod
from common.http_util import ContentType
from parser.base_traffic_parser import BaseTrafficParser
# 测试get 请求
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=23232&password=78812",
data=None,
http_method=HttpMethod.GET,
content_type=None,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=中文&password=78812",
data=None,
http_method=HttpMethod.GET,
content_type=None,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=%E4%B8%AD%E6%96%87&password=78812",
data=None,
http_method=HttpMethod.GET,
content_type=None,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=中文&password=78812#",
data=None,
content_type=None,
http_method=HttpMethod.GET,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=中文……**$$$&password=78812、#",
data=None,
content_type=None,
http_method=HttpMethod.GET,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url=
"http://127.0.0.1/?name=中文&password=78812!@#¥%……*()_+|}{QASDFGHJK<>MNZXCVBN#",
http_method=HttpMethod.GET,
data=None,
content_type=None,
poc="eval"))
print("=========post2=========")
# 测试 post 请求
# 普通 application/x-www-form-urlencoded 类型
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/login",
data="name=23333&",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.DEFAULT,
poc="hack"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/login?name=23333&",
data=None,
http_method=HttpMethod.POST,
content_type=None,
poc="hack"))
# 普通 application/json 类型
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/login",
data='{"name":"23333"}',
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.JSON,
poc="hack"))
# print(BaseTrafficParser.get_parameter(url='{\\\"username\\\":\\\"admin\\\",\\\"password\\\":\\\"passss\\\"}', http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.JSON))
# 普通 text/xml 类型,暂不支持
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/login",
data="<name>23333</name>",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.XML,
poc="hack"))
upload_data1 = """------WebKitFormBoundaryH0TGOzR6zJhOJSVB \n Content-Disposition: form-data; name="file"; filename="5.png" \n Content-Type: image/png \n XXXXXX \n ------WebKitFormBoundaryH0TGOzR6zJhOJSVB-- """
upload_data2 = """
------WebKitFormBoundarydnAY6LXdz8oOOXxy\\r\\nContent-Disposition: form-data; name=\\\"file\\\"; filename=\\\"5.png\\\"\\r\\nContent-Type: image/png\\r\\n\\r\\n\
"""
# 普通上传文件表单 multipart/form-data; boundary=----WebKitFormBoundaryH0TGOzR6zJhOJSVB,
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/upload",
data=upload_data1,
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.FORM,
poc="hack"))