文章目录
- 一、遍历查找网站所有输入框
- 二、对找到的输入框实现自动表单提交
- 三、实现留言板和其他输入框的表单提交
一、遍历查找网站所有输入框
# 查找所有表单
import requests
from bs4 import BeautifulSoup
import sys
# 定义起始页面
url = sys.argv[1]
# 通过requests库获取网页的html源代码
r = requests.get(url)
soup = BeautifulSoup(r.content)
# 将起始页面的所有链接打印出来
U = url
for link in soup.find_all('a'):
url = link.get('href') # 修改为要抓取的网站链接
if url == "#":
continue
url = U + url
print(url)
response = requests.get(url)
soup = BeautifulSoup(response.text, 'html.parser')
forms = soup.find_all('form')
# 遍历每个表单
for form in forms:
# 查找表单中的所有输入框
input_boxes = form.find_all('input')
# 打印每个输入框的名称和值
for input_box in input_boxes:
name = input_box.get('name')
value = input_box.get('value')
print(name, value)
像下面这样运行```
G:\test>python findinput.py http://127.0.0.1/pikachu/
它可以找到该网站所有网页,并将网页里的所有可以输入的部分打印出来
下面是升级版,找到输入框后实现自动输入自动提交
二、对找到的输入框实现自动表单提交
# 查找所有表单
import requests
from bs4 import BeautifulSoup
import sys
import time
from selenium import webdriver
from selenium.webdriver.chrome.service import Service
from selenium.webdriver.common.by import By
# 定义起始页面
url = sys.argv[1]
# 通过requests库获取网页的html源代码
r = requests.get(url)
soup = BeautifulSoup(r.content)
# 将起始页面的所有链接打印出来
U = url
for link in soup.find_all('a'):
url = link.get('href') # 修改为要抓取的网站链接
if url == "#":
continue
url = U + url
print(url)
driver_path = './chromedriver.exe' # 填写驱动的路径
service = Service(executable_path=driver_path)
options = webdriver.ChromeOptions()
response = requests.get(url)
soup = BeautifulSoup(response.text, 'html.parser')
forms = soup.find_all('form')
# 遍历每个表单
for form in forms:
# 查找表单中的所有输入框
input_boxes = form.find_all('input')
# 打印每个输入框的名称和值
browser = webdriver.Chrome(service=service, options=options)
browser.get(url)
for input_box in input_boxes:
name = input_box.get('name')
value = input_box.get('value')
if value == None:
element = browser.find_element(by=By.NAME, value=name)
if name == "username":
element.send_keys('admin') #假设默认用户名是admin
elif name == "password":
element.send_keys('123456') #假设默认密码是password
print(name, value)
element = browser.find_element(by=By.XPATH, value='//input[@type="submit"]')
element.click()
print("submit")
#考虑到网页打开的速度取决于每个人的电脑和网速,使用time库sleep()方法,让程序睡眠5秒
time.sleep(5)
browser.quit()
如下图所示,可以模拟自动登录
三、实现留言板和其他输入框的表单提交
# 查找所有表单
import requests
from bs4 import BeautifulSoup
import sys
import time
from selenium import webdriver
from selenium.webdriver.chrome.service import Service
from selenium.webdriver.common.by import By
# 定义起始页面
url = sys.argv[1]
# 通过requests库获取网页的html源代码
r = requests.get(url)
soup = BeautifulSoup(r.content)
# 将起始页面的所有链接打印出来
U = url
for link in soup.find_all('a'):
url = link.get('href') # 修改为要抓取的网站链接
if url == "#":
continue
url = U + url
print(url)
#手动过滤打开崩溃的页面
if url == "http://127.0.0.1/pikachu/vul/burteforce/bf_client.php":
continue
driver_path = './chromedriver.exe' # 填写驱动的路径
service = Service(executable_path=driver_path)
options = webdriver.ChromeOptions()
response = requests.get(url)
soup = BeautifulSoup(response.text, 'html.parser')
forms = soup.find_all('form')
# 遍历每个表单
for form in forms:
# 查找表单中的所有输入框
input_boxes = form.find_all('input')
input_text = form.find_all('textarea')
# 打印每个输入框的名称和值
browser = webdriver.Chrome(service=service, options=options)
browser.get(url)
for input_box in input_boxes:
name = input_box.get('name')
value = input_box.get('value')
if value == None:
element = browser.find_element(by=By.NAME, value=name)
if name == "username":
element.send_keys('admin') #假设默认用户名是admin
elif name == "password":
element.send_keys('123456') #假设默认密码是password
else:
element.send_keys('hello world') #这是测试输入,后期可以换成xss测试语句
for input_box in input_text:
name = input_box.get('name')
value = input_box.get('value')
element = browser.find_element(by=By.NAME, value=name)
element.send_keys('hello world')
print(name, value)
element = browser.find_element(by=By.XPATH, value='//input[@type="submit"]')
element.click()
#考虑到网页打开的速度取决于每个人的电脑和网速,使用time库sleep()方法,让程序睡眠5秒
time.sleep(5)
browser.quit()
可以看到运行完后自动添加了一条留言
tips:这个版本没有处理验证码的识别,所以需要验证码登录的验证都失败了,以后再研究了
