How to use Python to automatically fill in questionnaires

This article mainly introduces relevant information about automatically filling in questionnaires through Python. Friends who need it can refer to it

0X00 Preface

School is about to start, and I saw various requests for filling out questionnaires in the space, and then I remembered that I haven’t done it yet. I don't like this kind of meaningless questionnaire, so I plan to use "stunt" to complete it, that is, python. By the way, I will review python again, which I haven't used in a long time. Next, the performance begins...

0X01 Code writing ideas

First create a questionnaire

We fill out a random questionnaire and submit it, and open Burpsuite to intercept the data packets before submitting.

Analyze the intercepted data packets, and some of them are URL encoded. It is not conducive to analysis. You can use the Burpsuite encoding module to decode and replace it, so that it is easier to analyze.

# Through observation, we can find that a strange string of data is posted: submitdata=1$2}2$3}3$3}4$4}5$3}6$2}7$4}8$2}9$3}10$3. Careful analysis shows that the data probably means this. submitdata = question number $ option number } question number $ option number } question number $ option number }......

Use this information to start writing python programs

The running results are as follows

It seems that the website has other anti-crawler mechanisms. After submitting several forms in succession, A verification code appears. Do we need to add the function of identifying verification codes to the program at this time? Actually, no, we can first analyze the header information just intercepted by Burpsuite to see how the website identified that we used a crawler to submit the questionnaire.

After some testing, I found that when I submitted 3 questionnaires in a row, and then changed another IP to submit 3 questionnaires, that is I submitted 6 questionnaires in a row, but the anti-crawler mechanism of the website was not triggered. So we can guess that the other party identifies the crawler program based on the frequency of IP submission of questionnaires. Seeing this, you may think that we can submit the questionnaire through a free online agent. For example these

Does that mean we have to add the function of extracting free proxy IP to the python code? NO NO NO! To change the way of thinking, you will encounter a problem in the CTF competition. For example, you can get the flag only if your IP is from Germany. Therefore, our idea is to spoof the data packet header, forge our IP, and deceive the server. Let’s talk about several ways to fake IP.

X-Client-IP:1.1.1.1
X-Remote-IP:2.2.2.2
X-Remote-Addr:3.3.3.3
X-Originating-IP:4.4.4.4
X-Forwarded-For:5.5.5.5

Let’s try each one, and then we can see the source of our questionnaire in the background statistics

Here we found that X-Forwarded-For can be used to bypass it. We will use this method to add the X-Forwarded-For field in the header information, so the modified script is as follows

The running results are as follows

Go to the background to check the statistics

At this point, we have solved the task perfectly. If you want to remove IP addresses outside the questionnaire, you can collect Chinese IP address segments, then add them to the program and process them.

0X02 Summary

Everyone can usually apply what they have learned to real life. When you encounter difficulties, don’t panic and think more. , find the optimal solution. For example, above, I did not add a verification code recognition module to the code, nor did I use a proxy to bypass the website's anti-crawler mechanism. Instead, I analyzed the website's anti-crawler mechanism and used the security knowledge I learned (HTTP Header deception) Solve the problem easily and complete the task perfectly using the shortest code.

The above is the detailed content of How to use Python to automatically fill in questionnaires. For more information, please follow other related articles on the PHP Chinese website!