Wrote a blog before, that's how python how to download files via http, write a blog today to introduce the following, how to upload files via python library request
Here mainly to resolve the multipart / form-data format of the file upload, file upload basic http protocol now basically upload this format
First, the idea
In general, if we upload files to an address, you must be logged in successful landing, got cookies, then carry the cookies in the request to upload files.
Then we need the site through a browser to upload files, remember, this time packet capture tool to use fiddler, will be more insurance, then follow the fiddler capture packets assembled post our request to upload files
It takes a principle is this: In the post request, using parameter files to accept the parameter file objects related by data json parameter accepts the post to other body parameters request /.
Second, the realization
1 request, use requests.session () target landing site, this is mainly for the convenience of the next send post to upload files directly to the object, we do not need to add cookies in the request body
import requests
s = requests.session()
res1 = s.post(
url="http://10.222.222.7/src/welcome.php",
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "zh-CN,zh;q=0.9",
"Cache-Control": "max-age=0",
"Connection": "keep-alive",
"Content-Type": "application/x-www-form-urlencoded",
"Host": "10.222.222.7",
"Origin": "http://10.222.222.7",
"Referer": "http://10.222.222.7/src/welcome.php",
"Upgrade-Insecure-Requests": "1",
"The User-- Agent": "the Mozilla / 5.0 (the Windows NT 6.1; the WOW64) AppleWebKit / 537.36 (KHTML, like the Gecko) the Chrome / 76.0.3809.87 Safari / 537.36"
},
Data = {
"name": "ADMIN",
"password ":" ADMIN ",
" the Button ":" Log ",
" opr ":" the Login ",
},
# here to configure the proxy because my OS installed fiddler, that you did not say that we must get
Proxies = {
" HTTP ":" http://127.0.0.1:8888 ",
" HTTPS ":" http://127.0.0.1:8888 "
}
)
2, manually upload by fiddler capture, analysis parameters http request
The above is the raw format http request, we will look at the general format of http request webForms
3, after the analysis is complete, we can look at the code
import json
file = {
"sample_file": open("D:\\abdi\\37571.pcap", "rb"),
"Content-Type": "application/octet-stream",
"Content-Disposition": "form-data",
"filename" : "3757.pcap"
}
# #
res = s.post(
url="http://10.222.222.7/src/system_sample.php/system_sample/add",
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "zh-CN,zh;q=0.9",
"Cache-Control": "max-age=0",
"Connection": "keep-alive",
# "Content-Type": "multipart/form-data",
"Host": "10.222.222.7",
"Origin": "http://10.222.222.7",
"Referer": "http://10.222.222.7/src/html.php/html/system_samples",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36"
},
files = file,
data = {
"sample_name" : "37571.pcap",
"owner_group" : "/data/atp/pcap/custom/test",
"type" : "1",
"sample_file_path" : "",
"description_file_path" : "",
# "description_file":""
},
proxies = {
"http":"http://127.0.0.1:8888",
"https":"http://127.0.0.1:8888"
}
)
这里有三个关键的地方
a、data参数,注意看k值和抓包中的对比
不同的网站的name的值可能不一样,但是大部分大家都会用file,但是有时候开发人员也不会按照常规套路来做,所以我们不能想当然就认为是files。要通过抓包分析
这个值一般就是上传后的文件的名称;其他几个参数的意义就不重要了,你要根据具体的情况分析组装上传就可以了
b、files参数,这里很关键,这里就是我们上传的文件对象了
sample_file这个参数就代表文件文件对象
c、content-type参数,如果我们通过form-data的方式上传文件,我们组装post请求的时候,headers这个参数中一定不能要包括这个值,由requests库帮添加这个元素
如果我们自作聪明,会导致上传失败的,这里非常重要!!!
大家可以看到,我在代码中没有传递content-type这个参数,但是抓包是有这个参数的,所以这个参数我们一定不能加
实际抓包有这个参数
4、实际上传抓包验证即可,和浏览器上传略有不同,但是不影响上传
