Requests and proxy
During the exploit writing we will be mostly using the python requests library. Documentation: https://requests.readthedocs.io/en/latest/
Useful libraries
import requestsDisable display of certificate warnings
disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)Requests most common commands
Sending the requests
requests.delete(url, args) // Sends a DELETE request to the specified url
requests.get(url, params, args) // Sends a GET request to the specified url
requests.head(url, args) // Sends a HEAD request to the specified url
requests.patch(url, data, args) // Sends a PATCH request to the specified url
requests.post(url, data, json, args) // Sends a POST request to the specified url
requests.put(url, data, args) // Sends a PUT request to the specified urlReading the data
Verify = false is used for disabling the SSL/TLS check
// Storing the response
r = requests.get("https://www.google.com/", verify=False)
// Interesting parameters which we get in HTTP response object
r.status_code
r.headers
r.cookies
r.textSample file upload
Is equal to
Proxy traffic through Burp Suite
If you want to see and analyze the request from exploit you can forward it to Burp Suite by adding proxy to requests in the following way:
Last updated