当前位置:
首页 > 编程开发 > Python基础教程 >
-
python基础教程之利用Python多线程来测试并发漏洞
本站最新发布 Python从入门到精通|Python基础教程
试听地址 https://www.xin3721.com/eschool/pythonxin3721/
试听地址 https://www.xin3721.com/eschool/pythonxin3721/
需求介绍#
有时候想看看Web应用在代码或者数据库层有没有加锁,比如在一些支付、兑换类的场景,通过多线程并发访问的测试方式可以得到一个结论。
步骤#
1. Burp Suite安装插件#
安装一个Copy As Python-Requests插件,提高编码效率;
2. 拦截包并拷贝发包的代码#
打开一个文本编辑器,右键粘贴出来:
import requests burp0_url = "https://www.baidu.com:443/s?word=test123&tn=50000021_hao_pg&ie=utf-8&sc=UWd1pgw-pA7EnHc1FMfqnHRdnHfkP163PWD3PzuW5y99U1Dznzu9m1Y1rj0zPjRYP1Ds&ssl_sample=s_108&srcqid=2890185856410820647&H123Tmp=nu" burp0_cookies = {"BAIDUID": "DE39C3557AA883A517F3717D9ED1B346:FG=1", "BIDUPSID": "DE39C3557AA883A517F3717D9ED1B346", "PSTM": "1548660573", "BD_UPN": "13314352", "H_PS_PSSID": "1431_21111_18560_28585_26350_28519", "H_PS_645EC": "0701XLkxqPa8GpBa6wBJs%2BrZyNuhMOA%2FIRfHCR7YuUcETmxXSKm0g32CT0c", "delPer": "0", "BD_CK_SAM": "1", "PSINO": "1", "BDSVRTM": "142"} burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Referer": "https://www.hao123.com/", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)
3. 运行Python多线程代码#
将生成的python代码粘贴到action( )函数里面即可;
import threading
import requests threads = []
def action(): burp0_url = "https://www.baidu.com:443/s?word=test123&tn=50000021_hao_pg&ie=utf-8&sc=UWd1pgw-pA7EnHc1FMfqnHRdnHfkP163PWD3PzuW5y99U1Dznzu9m1Y1rj0zPjRYP1Ds&ssl_sample=s_108&srcqid=2890185856410820647&H123Tmp=nu" burp0_cookies = {"BAIDUID": "DE39C3557AA883A517F3717D9ED1B346:FG=1", "BIDUPSID": "DE39C3557AA883A517F3717D9ED1B346", "PSTM": "1548660573", "BD_UPN": "13314352", "H_PS_PSSID": "1431_21111_18560_28585_26350_28519", "H_PS_645EC": "0701XLkxqPa8GpBa6wBJs%2BrZyNuhMOA%2FIRfHCR7YuUcETmxXSKm0g32CT0c", "delPer": "0", "BD_CK_SAM": "1", "PSINO": "1", "BDSVRTM": "142"} burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Referer": "https://www.hao123.com/", "Connection": "close", "Upgrade-Insecure-Requests": "1"} requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)
if __name__ == '__main__': print("Threading ready:")
for i in range(0,100): t = threading.Thread(target=action) t.setDaemon(True) // 开启守护进程,如果宿主进程挂了,不用执行完全部线程任务也要立即结束。
t.start() print("Threading ran end!")
4. 确认结果#
查看领取的结果是否有超过原本的数量,如果超过原本可领的数量,那就666了。
栏目列表
最新更新
docker系列之一:初见docker
利用Python多线程来测试并发漏洞
Jupyter notebook 安装
Python连载56-发送带有附件、正文为HTML的邮
Django开发登录功能实战
pycharm 提示:this license **** has been cancell
Python学习笔记之二——Python的运行机制,
python基础-并发编程part01
[转]Python十个高大上的语法
Python 电路绘制库 schemdraw 你会吗?【面试
.Net Standard(.Net Core)实现获取配置信息
Linux PXE + Kickstart 自动装机
Shell 编程 基础
Shell 编程 条件语句
CentOS8-网卡配置及详解
Linux中LVM逻辑卷管理
1.数码相框-相框框架分析(1)
Ubuntu armhf 版本国内源
Linux中raid磁盘阵列
搭建简易网站
mysql 安装了最新版本8.x版本后的报错:
Mysql空间数据&空间索引(spatial)
如何远程连接SQL Server数据库的图文教程
复制SqlServer数据库的方法
搜索sql语句
sql中返回参数的值
sql中生成查询的模糊匹配字符串
数据定义功能
数据操作功能
将Session值储存于SQL Server中