黑板客 -- 爬虫闯关 -- 关卡03

爬虫闯关链接：

1.  http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex02/

2.  http://www.heibanke.com/accounts/login

知识点：cookie & session , csrf , Web编程

提示：此题有两个登录网址，登录结果完全不一样，第一次跳转进来时显示的是网址1，注册后跳转的是网址2，而只有最开始网址1用上一次注册的帐号密码登录才可以进入正确题目页面，与账单报表那个网页完全没有关系！！！每一次登录会动态赋予不同的CSRF凭证，存在cookie中，需要人为编程动态提取。

参考代码：

#!/usr/bin/env python
# encoding: utf-8

import requests
import sys
import re
reload(sys)

sys.setdefaultencoding("utf-8")

csrf = ""
username = "Peter"
password = "112233"
pw = "0"

payload_login = {
	"username":username,
	"password":password,
	"csrfmiddlewaretoken":csrf
}

payload_attack = {
	"username":username,
	"password":pw,
	"csrfmiddlewaretoken":csrf
}

website_signUp = "http://www.heibanke.com/accounts/login"
website_login = "http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex02/"

s = requests.Session()
s.get(website_signUp)
csrf = s.cookies["csrftoken"]
payload_login["csrfmiddlewaretoken"] = csrf
s.post(website_login,data=payload_login)
csrf = s.cookies["csrftoken"]

s.post(website_login)
payload_attack["csrfmiddlewaretoken"] = s.cookies["csrftoken"]
for i in range(31):
	payload_attack["password"] = str(i)
	resp = s.post("http://www.heibanke.com/lesson/crawler_ex02/",data=payload_attack)
	if resp.content.find(u"错误".decode("utf8")) == -1:
		print "[+]FOUND : " + payload_attack["password"]
		print "\n\nText: \n\n" + resp.content
		break
	else:
		print payload_attack["password"]
		continue