python使用poster模块上传文件和表单

代码说明

写这个脚本的时候是为了可以自动批量上传webshell样本到后台的样本库中，方便后面的其他处理工作。

涉及知识点

poster模块
http代理
http auth认证在把脚本放上博客之前就把涉及到后台的敏感url、表单、认证、代理做了模糊处理，防止信息泄露造成不必要的麻烦~

因为我自己在写的时候参考了部分网上代码，调试发现是错误的。所以把坑填平之后的代码放到博客来给有需要的朋友参考，少走弯路，欢迎交流。

调试错误例子：

1. 
  File "G:\myenv\Anaconda2\lib\urllib2.py", line 1136, in do_request_
    'Content-length', '%d' % len(data))
AttributeError: multipart_yielder instance has no attribute '__len__'

2.
  File "G:\myenv\Anaconda2\lib\ntpath.py", line 115, in splitdrive
    if len(p) > 1:
TypeError: object of type 'file' has no len()

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# ------------------------------------------------------------------------------
# Name:        back post webshell
# Author:      pirogue
# Created:     2017年3月2日12:48:09
# Site:        http://www.pirogue.org
# ------------------------------------------------------------------------------
 
 
import urllib2
import os
# import time
import sys
import poster
from poster.encode import multipart_encode, MultipartParam
 
 
reload(sys)
sys.setdefaultencoding = 'utf-8'
 
 
class QT_Webfile:
    # init method
    def __init__(self):
        self.backurl = 'http://destination.com/xxoo/upload'
        # self.proxyURL = ''
        self.loginHeaders = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit'+
        '/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36',
        'Authorization': 'Basic ZnVjayB1IG5vdGhpbmc=',
        'Cookie': 'qt_random_auth=abcddddddddddddd'
        }
        # self.postData = urllib.urlencode(self.post)
 
    def postFileRequest(self, name, filename):
        # 表单字段字典形式
        additionalParams = {
            'wbs_test[des]': name,
            'wbs_test[xx]': 123,
            'wbs_test[active]': 1
        }
        # 将表单字段key,value形式追加到列表处理
        items = []
        for name, value in additionalParams.items():
            items.append(MultipartParam(name, value))
 
        # 添加上传文件
        items.append(MultipartParam.from_file("sample_file", filename))
        # print type(items)
        items.append(MultipartParam('wbs_test[id]', ''))
        # print type(items)
        datagen, headers = multipart_encode(items)
 
        # 将poster模块生成的header字段值加入到初始化的header中
        header_new = []
        for name, value in self.loginHeaders.items():
            header_new.append((name, value))
        for name, value in headers.items():
            header_new.append((name, value))
        # print header_new
 
        # opener绑定代理
        opener = poster.streaminghttp.register_openers()
        proxy_handler = urllib2.ProxyHandler({'http':'114.113.112.111:2233'})
        opener.add_handler(proxy_handler)
 
        # urllib2安装全局opener
        urllib2.install_opener(opener)
        wbs_req = urllib2.Request(self.backurl, datagen, dict(header_new))
        # print wbs_req
        # wbs_rep = urllib2.urlopen(wbs_req)
        wbs_rep = opener.open(wbs_req)
        print wbs_rep.read()
 
    def traverse_path(self):
        """func travel path"""
        for root, dirs, files in os.walk(".", topdown=True):
            for name in files:
                print name
                self.postFileRequest(name, os.path.join(root, name))
    
    
def main():
    """main fuc"""
    Ss_Upload = QT_Webfile()
    Ss_Upload.traverse_path()
 
 
if __name__ == '__main__':
    main()

参考链接

玩Python之HTTP代理

http://www.cnblogs.com/jackyspy/p/6027385.html

poster模块MultipartParam

https://atlee.ca/software/poster/poster.encode.html#poster.encode.MultipartParam

Python中使用POST方式上传文件

http://zqpythonic.qiniucdn.com/data/20120615190732/index.html