产品分类
产品展示
  • 汽车强起动充电机大功率辅助应急启动电瓶船用全自动50A快速充电
  • 瓦尔塔蓄电池20-72适配宝马X1标致508全顺途观迈腾帕萨特汽车电瓶
  • 包邮 大象汽车车贴 国家地理 发现频道 探索越野者 SUV个性车贴纸
  • 大众途昂中控贴膜x内饰保护膜装饰用专用品中控台改装配件19款20
  • 轻手关门车贴请轻开轻关提示警示标识语提醒反光汽车贴纸车门标语
联系方式

邮箱:538470952@qq.com

电话:15928938407

传真:13924707473

冷钱包imtoken官网
首页 > 冷钱包imtoken官网

如何使用Python多线程测试并发漏洞

2023-08-19 15:18:19      点击:138

这篇文章主要介绍了如何使用Python多线程测试并发漏洞,何使文中通过示例代码介绍的非常详细,对大家的线程学习或者工作具有一定的参考学习价值,需要的朋友可以参考下

需求介绍

有时候想看看Web应用在代码或者数据库层有没有加锁,比如在一些支付、测试兑换类的漏洞场景,通过多线程并发访问的何使测试方式可以得到一个结论。

步骤

1. Burp Suite安装插件

安装一个Copy As Python-Requests插件,线程提高编码效率;

2. 拦截包并拷贝发包的测试代码

打开一个文本编辑器,右键粘贴出来:

import requestsburp0_url = "https://www.baidu.com:443/s?word=test123&tn=50000021_hao_pg&ie=utf-8&sc=UWd1pgw-pA7EnHc1FMfqnHRdnHfkP163PWD3PzuW5y99U1Dznzu9m1Y1rj0zPjRYP1Ds&ssl_sample=s_108&srcqid=2890185856410820647&H123Tmp=nu"burp0_cookies = { "BAIDUID": "DE39C3557AA883A517F3717D9ED1B346:FG=1",漏洞 "BIDUPSID": "DE39C3557AA883A517F3717D9ED1B346", "PSTM": "1548660573", "BD_UPN": "13314352", "H_PS_PSSID": "1431_21111_18560_28585_26350_28519", "H_PS_645EC": "0701XLkxqPa8GpBa6wBJs%2BrZyNuhMOA%2FIRfHCR7YuUcETmxXSKm0g32CT0c", "delPer": "0", "BD_CK_SAM": "1", "PSINO": "1", "BDSVRTM": "142"}burp0_headers = { "User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Referer": "https://www.hao123.com/", "Connection": "close", "Upgrade-Insecure-Requests": "1"}requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)

3. 运行Python多线程代码

将生成的python代码粘贴到action( )函数里面即可;

import threadingimport requeststhreads = []def action():  burp0_url = "https://www.baidu.com:443/s?word=test123&tn=50000021_hao_pg&ie=utf-8&sc=UWd1pgw-pA7EnHc1FMfqnHRdnHfkP163PWD3PzuW5y99U1Dznzu9m1Y1rj0zPjRYP1Ds&ssl_sample=s_108&srcqid=2890185856410820647&H123Tmp=nu"  burp0_cookies = { "BAIDUID": "DE39C3557AA883A517F3717D9ED1B346:FG=1", "BIDUPSID": "DE39C3557AA883A517F3717D9ED1B346",           "PSTM": "1548660573", "BD_UPN": "13314352", "H_PS_PSSID": "1431_21111_18560_28585_26350_28519",           "H_PS_645EC": "0701XLkxqPa8GpBa6wBJs%2BrZyNuhMOA%2FIRfHCR7YuUcETmxXSKm0g32CT0c", "delPer": "0",           "BD_CK_SAM": "1", "PSINO": "1", "BDSVRTM": "142"}  burp0_headers = { "User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0",           "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",           "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",           "Accept-Encoding": "gzip, deflate", "Referer": "https://www.hao123.com/", "Connection": "close",           "Upgrade-Insecure-Requests": "1"}  requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)if __name__ == '__main__':  print("Threading ready:")  for i in range(0,100):    t = threading.Thread(target=action)  t.setDaemon(True) // 开启守护进程,如果宿主进程挂了,何使不用执行完全部线程任务也要立即结束。线程 参考 https://www.cnblogs.com/Haojq/p/10278365.html  t.start()  print("Threading ran end!")

4. 确认结果

查看领取的测试结果是否有超过原本的数量,如果超过就原本可领的漏洞数量,那就666了。何使

以上就是线程本文的全部内容,希望对大家的测试学习有所帮助,也希望大家多多支持本站。

佛系 打要工专用电脑壁纸
塞尔达洛美岛攻略

Copyright © 2023 Powered by imtoken安卓版下载app币安手机钱包app下载