利用Python多線程來測試併發漏洞

需求介紹

有時候想看看Web應用在代碼或者數據庫層有沒有加鎖，好比在一些支付、兌換類的場景，經過多線程併發訪問的測試方式能夠獲得一個結論。

步驟

1. Burp Suite安裝插件

安裝一個Copy As Python-Requests插件，提升編碼效率；

2. 攔截包並拷貝發包的代碼

打開一個文本編輯器，右鍵粘貼出來：

import requests

burp0_url = "https://www.baidu.com:443/s?word=test123&tn=50000021_hao_pg&ie=utf-8&sc=UWd1pgw-pA7EnHc1FMfqnHRdnHfkP163PWD3PzuW5y99U1Dznzu9m1Y1rj0zPjRYP1Ds&ssl_sample=s_108&srcqid=2890185856410820647&H123Tmp=nu"
burp0_cookies = {"BAIDUID": "DE39C3557AA883A517F3717D9ED1B346:FG=1", "BIDUPSID": "DE39C3557AA883A517F3717D9ED1B346", "PSTM": "1548660573", "BD_UPN": "13314352", "H_PS_PSSID": "1431_21111_18560_28585_26350_28519", "H_PS_645EC": "0701XLkxqPa8GpBa6wBJs%2BrZyNuhMOA%2FIRfHCR7YuUcETmxXSKm0g32CT0c", "delPer": "0", "BD_CK_SAM": "1", "PSINO": "1", "BDSVRTM": "142"}
burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Referer": "https://www.hao123.com/", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)

3. 運行Python多線程代碼

將生成的python代碼粘貼到action( )函數裏面便可；

import threading
import requests

threads = []

def action():
    burp0_url = "https://www.baidu.com:443/s?word=test123&tn=50000021_hao_pg&ie=utf-8&sc=UWd1pgw-pA7EnHc1FMfqnHRdnHfkP163PWD3PzuW5y99U1Dznzu9m1Y1rj0zPjRYP1Ds&ssl_sample=s_108&srcqid=2890185856410820647&H123Tmp=nu"
    burp0_cookies = {"BAIDUID": "DE39C3557AA883A517F3717D9ED1B346:FG=1", "BIDUPSID": "DE39C3557AA883A517F3717D9ED1B346",
                     "PSTM": "1548660573", "BD_UPN": "13314352", "H_PS_PSSID": "1431_21111_18560_28585_26350_28519",
                     "H_PS_645EC": "0701XLkxqPa8GpBa6wBJs%2BrZyNuhMOA%2FIRfHCR7YuUcETmxXSKm0g32CT0c", "delPer": "0",
                     "BD_CK_SAM": "1", "PSINO": "1", "BDSVRTM": "142"}
    burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0",
                     "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
                     "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
                     "Accept-Encoding": "gzip, deflate", "Referer": "https://www.hao123.com/", "Connection": "close",
                     "Upgrade-Insecure-Requests": "1"}
    requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)


if __name__ == '__main__':
    print("Threading ready:")

    for i in range(0,100):
        t = threading.Thread(target=action)
    t.setDaemon(True)  // 開啓守護進程，若是宿主進程掛了，不用執行徹底部線程任務也要當即結束。  參考 https://www.cnblogs.com/Haojq/p/10278365.html
    t.start()

    print("Threading ran end!")

4. 確認結果

查看領取的結果是否有超過本來的數量，若是超過就本來可領的數量，那就666了。