From b85e3f8a9af34f5682ca6ede24f828df8e841761 Mon Sep 17 00:00:00 2001 From: Ryan Date: Mon, 18 Jan 2021 10:52:03 +0800 Subject: [PATCH 1/3] Update HackRequests.py --- HackRequests/HackRequests.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/HackRequests/HackRequests.py b/HackRequests/HackRequests.py index 8706098..f2d5157 100644 --- a/HackRequests/HackRequests.py +++ b/HackRequests/HackRequests.py @@ -496,10 +496,10 @@ def http(self, url, **kwargs): func = self.hack.http self.queue.put({"func": func, "url": url, "kw": kwargs}) - def httpraw(self, raw: str, ssl: bool = False, proxy=None, location=True): + def httpraw(self, raw: str, ssl: bool = False, proxy=None, location=True, real_host=None): func = self.hack.httpraw self.queue.put({"func": func, "raw": raw, "ssl": ssl, - "proxy": proxy, "location": location}) + "proxy": proxy, "location": location, 'real_host': real_host}) def scan(self): while 1: @@ -518,7 +518,10 @@ def scan(self): h = func(url, **p.get("kw")) self._callback(h) except Exception as e: - print(url, e) + # print(url, e) + pass + # import traceback + # traceback.print_exc() self.changeThreadCount(-1) From 5f716d66d17bb769a54afa1c3bbf0c65c6d7718f Mon Sep 17 00:00:00 2001 From: Ryan Date: Mon, 18 Jan 2021 15:52:22 +0800 Subject: [PATCH 2/3] Update HackRequests.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit response.log增加src_host、src_port字段,用于在回调函数中识别目标的ip或域名 --- HackRequests/HackRequests.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/HackRequests/HackRequests.py b/HackRequests/HackRequests.py index f2d5157..68da1fc 100644 --- a/HackRequests/HackRequests.py +++ b/HackRequests/HackRequests.py @@ -186,6 +186,10 @@ def httpraw(self, raw: str, **kwargs): raws = raw.splitlines() headers = {} + # log字典增加源ip,port + log['src_host'] = host + log['src_port'] = port + # index = 0 # for r in raws: # raws[index] = r.lstrip() @@ -288,6 +292,9 @@ def http(self, url, **kwargs): urlinfo = scheme, host, port, path = self._get_urlinfo(url, real_host) log = {} + # log字典增加源ip,port + log['src_host'] = host + log['src_port'] = port try: conn = self.httpcon.get_con(urlinfo, proxy=proxy) except: @@ -518,7 +525,7 @@ def scan(self): h = func(url, **p.get("kw")) self._callback(h) except Exception as e: - # print(url, e) + # print(url, e, p.pop("real_host")) pass # import traceback # traceback.print_exc() From de991230947ca81b7764cc537afc9729dbffc047 Mon Sep 17 00:00:00 2001 From: Ryan Date: Mon, 1 Feb 2021 09:37:36 +0800 Subject: [PATCH 3/3] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 增加更新说明 --- README.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/README.md b/README.md index 7475dc6..462b8e6 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,48 @@ +# ReadMe +本程序在原作者基础上做了两处修改: +1. 自带的多线程`threadpool.httpraw`接口中,未添加`real_host`参数传入,导致多线程时无法修改数据包的目标ip地址 + + +修改后可进入如下传参: +```python +threadpool.httpraw(raw_http_pkt, proxy=PROXIES, real_host=addr, ssl=ssl) + threadpool.run() +``` + +2. `response.log`增加源`real_host`的记录 +```python +log['src_host'] = host +log['src_port'] = port +``` +使用示例如下: +```python +addrs = [ + "1.1.1.1:80", + "2.2.2.2:80" + ] + +def _callback(r: HackRequests.response): + flag = re.findall(FLAG_PATTERN, r.text()) + if flag: + flags = ';'.join(set(flag)) + ip = r.log.get('src_ip') + req_text = r.log.get('request') + rsp_text = r.log.get('response') + data = [req_text, rsp_text] + flag_queue.put([ip, flags, data]) + +threadpool = HackRequests.threadpool(threadnum=5,callback=_callback,timeout=5) + +for addr in addrs: + threadpool.httpraw(raw_http_pkt, real_host=addr, ssl=ssl) + +threadpool.run() + + +``` + +# 以下是原作者ReadMe +---- # hack-requests HackRequests 是基于`Python3.x`的一个给黑客们使用的http底层网络库。如果你需要一个不那么臃肿而且像requests一样优雅的设计,并且提供底层请求包/返回包原文来方便你进行下一步分析,如果你使用Burp Suite,可以将原始报文直接复制重放,对于大量的HTTP请求,hack-requests线程池也能帮你实现最快速的响应。