Last active
December 21, 2015 09:28
-
-
Save yaoyi/6284870 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import cookielib | |
| import socket | |
| import urllib | |
| import urllib2 | |
| url = 'http://www.mitfahrgelegenheit.de/mitfahrzentrale/Dresden/Potsdam.html/' | |
| http_header = { | |
| "User-Agent" : "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11", | |
| "Accept" : "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,text/png,*/*;q=0.5", | |
| "Accept-Language" : "en-us,en;q=0.5", | |
| "Accept-Charset" : "ISO-8859-1", | |
| "Content-type": "application/x-www-form-urlencoded", | |
| "Host" : "www.mitfahrgelegenheit.de", | |
| "Referer" : "http://www.mitfahrgelegenheit.de/mitfahrzentrale/Dresden/Potsdam.html/" | |
| } | |
| params = { | |
| 'city_from' : 169, | |
| 'radius_from' : 0, | |
| 'city_to' : 263, | |
| 'radius_to' : 0, | |
| 'date' : 'date', | |
| 'day' : 5, | |
| 'month' : 03, | |
| 'year' : 2012, | |
| 'tolerance' : 0 | |
| } | |
| # setup socket connection timeout | |
| timeout = 15 | |
| socket.setdefaulttimeout(timeout) | |
| # setup cookie handler | |
| cookie_jar = cookielib.LWPCookieJar() | |
| cookie = urllib2.HTTPCookieProcessor(cookie_jar) | |
| # setup proxy handler, in case some-day you need to use a proxy server | |
| proxy = {} # example: {"http" : "www.blah.com:8080"} | |
| # create an urllib2 opener() | |
| #opener = urllib2.build_opener(proxy, cookie) # with proxy | |
| opener = urllib2.build_opener(cookie) # we are not going to use proxy now | |
| # create your HTTP request | |
| req = urllib2.Request(url, urllib.urlencode(params), http_header) | |
| # submit your request | |
| res = opener.open(req) | |
| html = res.read() | |
| # save retrieved HTML to file | |
| open("tmp.html", "w").write(html) | |
| print html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import cookielib | |
| import socket | |
| import urllib | |
| import urllib2 | |
| url = 'http://checkcosmetic.net/wp-admin/admin-ajax.php' | |
| http_header = { | |
| # "Accept" : "*/*", | |
| # "Accept-Encoding": "gzip,deflate,sdch", | |
| # "Accept-Language": "zh-CN,zh;q=0.8", | |
| "Content-type": "application/x-www-form-urlencoded", | |
| # "Cookie": "__utma=84070347.318682465.1377011492.1377011492.1377021771.2; __utmb=84070347.1.10.1377021771; __utmc=84070347; __utmz=84070347.1377011492.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)", | |
| # "Host": "checkcosmetic.net", | |
| # "Origin": "http://checkcosmetic.net", | |
| # "Pragma": "no-cache", | |
| # "Connection": "keep-alive", | |
| "Referer" : "http://checkcosmetic.net", | |
| "User-Agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36", | |
| # "X-Requested-With": "XMLHttpRequest" | |
| } | |
| params = { | |
| 'action' : 'dc_checkAJAX', | |
| 'code' : 6403, | |
| 'brand' : 12839, | |
| 'brandid' : '9058fa2bebb0c00b1ddbd3bcf7d74fb5' | |
| } | |
| # setup socket connection timeout | |
| timeout = 15 | |
| socket.setdefaulttimeout(timeout) | |
| # setup cookie handler | |
| cookie_jar = cookielib.LWPCookieJar() | |
| cookie = urllib2.HTTPCookieProcessor(cookie_jar) | |
| # setup proxy handler, in case some-day you need to use a proxy server | |
| proxy = {} # example: {"http" : "www.blah.com:8080"} | |
| # create an urllib2 opener() | |
| #opener = urllib2.build_opener(proxy, cookie) # with proxy | |
| opener = urllib2.build_opener(cookie) # we are not going to use proxy now | |
| # create your HTTP request | |
| req = urllib2.Request(url, urllib.urlencode(params), http_header) | |
| print req.header_items() | |
| print req.get_full_url() | |
| print req.get_origin_req_host() | |
| print req.get_host() | |
| print req.get_type() | |
| print req.get_data() | |
| print req.get_method() | |
| # submit your request | |
| res = opener.open(req) | |
| html = res.read() | |
| # save retrieved HTML to file | |
| open("tmp.html", "w").write(html) | |
| print html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Origin
跨站请求伪造(Cross-site request forgery或CSRF) 攻击的方式是通过在不知不觉中欺骗一个网站让其向 另一个网站提供私密信息。Origin是HTML 5中包含的一个HTTP头,就可以通过让用户代理去指定请求源的方式来解决这个问题。当一个恶意网站将请求重定向到另一个网站时,浏览器将会在该请求中包含“Origin”头,目标网站将会根据该“Origin”是否可信来决定是否执行相应的操作。
Google和Mozilla都在他们各自的浏览器中实现该特征。W3C的 规范提供了更多的细节信息
chrome在发送post的请求的时候,会自动在请求的头部添加Origin字段,因此使用chrome的扩展跨域post的时候,网站能根据Origin判别出CSRF攻击,所以只能手动写python伪造请求