Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

在原作者基础上做了两处修改 #21

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

在原作者基础上做了两处修改 #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b85e3f8
Update HackRequests.py
ryanInf Jan 18, 2021
5f716d6
Update HackRequests.py
ryanInf Jan 18, 2021
de99123
Update README.md
ryanInf Feb 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions HackRequests/HackRequests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,10 @@ def httpraw(self, raw: str, **kwargs):
raws = raw.splitlines()
headers = {}

# log字典增加源ip,port
log['src_host'] = host
log['src_port'] = port

# index = 0
# for r in raws:
# raws[index] = r.lstrip()
Expand Down Expand Up @@ -288,6 +292,9 @@ def http(self, url, **kwargs):

urlinfo = scheme, host, port, path = self._get_urlinfo(url, real_host)
log = {}
# log字典增加源ip,port
log['src_host'] = host
log['src_port'] = port
try:
conn = self.httpcon.get_con(urlinfo, proxy=proxy)
except:
Expand Down Expand Up @@ -496,10 +503,10 @@ def http(self, url, **kwargs):
func = self.hack.http
self.queue.put({"func": func, "url": url, "kw": kwargs})

def httpraw(self, raw: str, ssl: bool = False, proxy=None, location=True):
def httpraw(self, raw: str, ssl: bool = False, proxy=None, location=True, real_host=None):
func = self.hack.httpraw
self.queue.put({"func": func, "raw": raw, "ssl": ssl,
"proxy": proxy, "location": location})
"proxy": proxy, "location": location, 'real_host': real_host})

def scan(self):
while 1:
Expand All @@ -518,7 +525,10 @@ def scan(self):
h = func(url, **p.get("kw"))
self._callback(h)
except Exception as e:
print(url, e)
# print(url, e, p.pop("real_host"))
pass
# import traceback
# traceback.print_exc()
self.changeThreadCount(-1)


Expand Down
45 changes: 45 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,48 @@
# ReadMe
本程序在原作者基础上做了两处修改:
1. 自带的多线程`threadpool.httpraw`接口中,未添加`real_host`参数传入,导致多线程时无法修改数据包的目标ip地址


修改后可进入如下传参:
```python
threadpool.httpraw(raw_http_pkt, proxy=PROXIES, real_host=addr, ssl=ssl)
threadpool.run()
```

2. `response.log`增加源`real_host`的记录
```python
log['src_host'] = host
log['src_port'] = port
```
使用示例如下:
```python
addrs = [
"1.1.1.1:80",
"2.2.2.2:80"
]

def _callback(r: HackRequests.response):
flag = re.findall(FLAG_PATTERN, r.text())
if flag:
flags = ';'.join(set(flag))
ip = r.log.get('src_ip')
req_text = r.log.get('request')
rsp_text = r.log.get('response')
data = [req_text, rsp_text]
flag_queue.put([ip, flags, data])

threadpool = HackRequests.threadpool(threadnum=5,callback=_callback,timeout=5)

for addr in addrs:
threadpool.httpraw(raw_http_pkt, real_host=addr, ssl=ssl)

threadpool.run()


```

# 以下是原作者ReadMe
----
# hack-requests
HackRequests 是基于`Python3.x`的一个给黑客们使用的http底层网络库。如果你需要一个不那么臃肿而且像requests一样优雅的设计,并且提供底层请求包/返回包原文来方便你进行下一步分析,如果你使用Burp Suite,可以将原始报文直接复制重放,对于大量的HTTP请求,hack-requests线程池也能帮你实现最快速的响应。

Expand Down