Python Requests Getting Started Practice

Keywords: JSON Session Ubuntu Linux



This past few days I have queried the syntax and some class libraries of Python3, and I happen to find some hidden backdoor 0.0 in the company's oa address book

So I resolutely picked it up as a practice item

First, use the developer tool F12 to crawl to the URL address of the MSS action on the OA website

       url  = 'http://mss.xxxx.com/lbsp/BaseAction.action'

Get headers

headers = {"Content-Type": "application/json;charset=utf-8",
	'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0',
	'Server':'Apache-Coyote/1.1',
	'Transfer-Encoding':'chunked'}

Get Post Data

data = {'type':'contactsInfo','act':'getSearchUser','dounid':'%25E7%258E%258B%25E5%25AE%259D%25E5%25A9%25B7'}

- Initiate a post request

test=requests.post(url,data=data,cookies = cookies,headers = headers)
	print (test.text)
	jsonStr = test.text


Well... the result returns an unsatisfactory value:

{"exceptionMsg": "The session object is empty, it may be that the session has expired!","exceptionType":"01"}
The session object is empty, maybe the session has expired!

* As prompted, cookies may not have been added
Tested the following web page to simulate a post request to add a cookie and found that a cookie 0.0 was required

cookies={}#Initialize cookies dictionary variable  
info_cookies ='JSESSIONID=4675FE422A936A3C1BEDCEA97D3E5945; usergoodsUnid=8214275298AE1C0A0D319FD5F9E56C1C; ys-lbspuserName=s%3Awdwdfi'
	for line in info_cookies.split(';'):
    		name,value=line.strip().split('=',1)  
    		cookies[name]=value  #Add content to dictionary cookies

The method is very dirty 0.0 spit slot is recognized, add cookie, return json string

   

test=requests.post(url,data=data,cookies = cookies,headers = headers)
{"user_unid":"3F07A2EE9A85C990CDE8E1C8577813CE","user_sort":"","postname":"software engineer","user_display_name":"king X Qi","user_contact_tel":"151XXXXXX66","user_office_tel":"15XXXXX366","user_ext_num":"","user_mail":"whuaiqi@XXXwell.com","user_personphoto":"uploadPhoto/userphoto/3F07A2EE9A85C990CDE8E1C8577813CE.jpg","user_dept_sort":""}

     jsonStr = test.text
ok, parse json string

data = json.loads(jsonStr)
if 'exceptionMsg' in data:
		print (data.get('exceptionMsg'))
		return False
	for  i in range(0,len(data)):
	#{"user_unid":"37F03B0F7A5C7492069C6D9A22A61E36",
	# "user_sort":"1","postname": "Chairman and President of the Group".
	# "user_display_name": "Wu Xiong",
	# "user_contact_tel":"13*****7666",
	# "user_office_tel":"0*****66",
	# "user_ext_num":"8866",
	# "user_mail":"w**@l***ell.com",
	# "user_personphoto":"uploadPhoto/userphoto/37F03B0F7A5C7492069C6D9A22A61E36_11.jpg",
	# "user_dept_sort":"1"}	
		if len(data[i]['user_personphoto'])>=1:
			down_img(data[i]['user_personphoto'],data[i]['user_display_name'],data[i]['user_unid'])
			# print ('http://mss.linewell.com/lbsp/'+data[i]['user_personphoto'])
		else:
			pass


Well, add an error json validation

Yes, you see it right. I just crawled an address book. jpg





 

 




Posted by MatthewJ on Wed, 22 Apr 2020 09:27:37 -0700