Ответ от POST-запроса на BurpSuite отличается от Python - PullRequest
Новая
       26

Ответ от POST-запроса на BurpSuite отличается от Python

0 голосов
/ 17 декабря 2018

Я использовал следующий URL для поиска Piano с расстоянием 20 miles.

Когда я запустил его с BurpSuite, запрос выглядел так: 

POST /MTNA/FindATeacherSearch.aspx?cak=31022421-c202-431a-b5ef-c6d10c90e6be HTTP/1.1
Host: www.mtna.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://www.mtna.org/MTNA/FindATeacherSearch.aspx?cak=31022421-c202-431a-b5ef-c6d10c90e6be
X-Requested-With: XMLHttpRequest
X-MicrosoftAjax: Delta=true
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Content-Length: 4107
Connection: close
Cookie: ASP.NET_SessionId=cxqktlukl4zprfps4wfyex44; Asi.Web.Browser.CookiesEnabled=true; AnonymousCartId=00000000-0000-0000-0000-000000000000; _ga=GA1.2.1639735034.1545046479; _gid=GA1.2.6620465.1545046479

ctl01%24ScriptManager1=ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ListerPanel%7Cctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24SubmitButton&__WPPS=s&__CTRLKEY=&__SHIFTKEY=&ctl01_ScriptManager1_TSM=%3B%3BAjaxControlToolkit%2C%20Version%3D4.1.50508%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D28f01b0e84b6d53e%3Aen-US%3A0c8c847b-b611-49a7-8e75-2196aa6e72fa%3Aea597d4b%3Ab25378d2%3BTelerik.Web.UI%2C%20Version%3D2014.1.403.45%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D121fae78165ba3d4%3Aen-US%3A68d9452f-f268-45b2-8db7-8c3bbf305b8d%3A16e4e7cd%3Af7645509%3A24ee1bba%3Ae330518b%3A2003d0b8%3Ac128760b%3A1e771326%3A88144a7a%3Ac8618e41%3A1a73651d%3A16d8629e%3A874f8ea2%3Af46195d3%3A19620875%3Acda80b3%3Aed16cbdc%3A92fe8ea0%3Afa31b949%3A490a9d4e%3Abd8f85e4%3BAjaxControlToolkit%2C%20Version%3D4.1.50508.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D28f01b0e84b6d53e%3Aen-US%3A0c8c847b-b611-49a7-8e75-2196aa6e72fa%3A782b16ab&PageInstanceKey=0428325d-7c92-4972-a40f-a36c36bad719&TemplateUserMessagesID=ctl01_TemplateUserMessages_ctl00_Messages&PageIsDirty=false&IsControlPostBackctl01%24HeaderLogo%24HeaderLogoSpan=1&IsControlPostBackctl01%24SocialNetworking%24SocialNetworking=1&IsControlPostBackctl01%24SearchField=1&__EVENTTARGET=ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24SubmitButton&__EVENTARGUMENT=&NavMenuClientID=ctl01_Primary_NavMenu&IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciNewContentHtml%24ciNewContentHtml=1&IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciNewShowConsumerAddressCommon%24ciNewShowConsumerAddressCommon=1&IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries=1&IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciNewContentHtml2%24ciNewContentHtml2=1&IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciScriptforadtracking%24ciScriptforadtracking=1&IsControlPostBackctl01%24TemplateBody%24ContentPage1=1&IsControlPostBackctl01%24TemplateBody%24ContentPageFooter1=1&IsControlPostBackctl01%24FooterCommunications%24FooterCommunications=1&IsControlPostBackctl01%24FooterCommunications%24NewContentHtml=1&IsControlPostBackctl01%24FooterCopyright%24FooterCopyright=1&__VIEWSTATE=%2FwEPaA8FDzhkNjYzZjU1MjZmNTFlYhgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCAUYY3RsMDEkTG9naW5TdGF0dXMxJGN0bDAxBRhjdGwwMSRMb2dpblN0YXR1czEkY3RsMDMFFWN0bDAxJFByaW1hcnkkTmF2TWVudQVXY3RsMDEkVGVtcGxhdGVCb2R5JFdlYlBhcnRNYW5hZ2VyMSRnd3BjaVRlYWNoZXJRdWVyaWVzJGNpVGVhY2hlclF1ZXJpZXMkUXVlcnlMaXN0RGlhbG9nBQtjdGwwMSRjdGwxNgUTY3RsMDEkR2VuZXJpY1dpbmRvdwUTY3RsMDEkT2JqZWN0QnJvd3NlcgUZY3RsMDEkT2JqZWN0QnJvd3NlckRpYWxvZ5YeffipvvNAXInmJ3MH5Z%2FoW9I1&__VIEWSTATEGENERATOR=C56D694D&ctl01%24lastClickedElementId=&ctl01%24SearchField%24SearchTerms=Keyword%20Search&ctl01_Primary_NavMenu_ClientState=&ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24mHiddenCacheQueryId=&ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24mHiddenQueryCached=False&ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24ctl01=277d8abd-5f3f-4b6d-8991-a624daea0d07.FS1.FL7&ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24ctl04=277d8abd-5f3f-4b6d-8991-a624daea0d07.FS1.FL9&ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24Input0%24DropDown1=Piano&ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24Input1%24DropDown1=20&ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24HiddenKeyField1=&ctl01_TemplateBody_WebPartManager1_gwpciTeacherQueries_ciTeacherQueries_QueryListDialog_ClientState=&ctl01_GenericWindow_ClientState=&ctl01_ObjectBrowser_ClientState=&ctl01_ObjectBrowserDialog_ClientState=&ctl01_ctl16_ClientState=&__ASYNCPOST=true

В ответ я получил 63 результата.
Я преобразовал запрос POST в Python: 

import requests

session = requests.Session()

paramsGet = {"cak":"31022421-c202-431a-b5ef-c6d10c90e6be"}
paramsPost = {"ctl01_ScriptManager1_TSM":";;AjaxControlToolkit, Version=4.1.50508, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e:en-US:0c8c847b-b611-49a7-8e75-2196aa6e72fa:ea597d4b:b25378d2;Telerik.Web.UI, Version=2014.1.403.45, Culture=neutral, PublicKeyToken=121fae78165ba3d4:en-US:68d9452f-f268-45b2-8db7-8c3bbf305b8d:16e4e7cd:f7645509:24ee1bba:e330518b:2003d0b8:c128760b:1e771326:88144a7a:c8618e41:1a73651d:16d8629e:874f8ea2:f46195d3:19620875:cda80b3:ed16cbdc:92fe8ea0:fa31b949:490a9d4e:bd8f85e4;AjaxControlToolkit, Version=4.1.50508.0, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e:en-US:0c8c847b-b611-49a7-8e75-2196aa6e72fa:782b16ab","__VIEWSTATEGENERATOR":"C56D694D","__EVENTARGUMENT":"","IsControlPostBackctl01%24HeaderLogo%24HeaderLogoSpan":"1","__VIEWSTATE":"/wEPaA8FDzhkNjYzZWY4NmM2Y2Y4MBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCAUYY3RsMDEkTG9naW5TdGF0dXMxJGN0bDAxBRhjdGwwMSRMb2dpblN0YXR1czEkY3RsMDMFFWN0bDAxJFByaW1hcnkkTmF2TWVudQVXY3RsMDEkVGVtcGxhdGVCb2R5JFdlYlBhcnRNYW5hZ2VyMSRnd3BjaVRlYWNoZXJRdWVyaWVzJGNpVGVhY2hlclF1ZXJpZXMkUXVlcnlMaXN0RGlhbG9nBQtjdGwwMSRjdGwxNgUTY3RsMDEkR2VuZXJpY1dpbmRvdwUTY3RsMDEkT2JqZWN0QnJvd3NlcgUZY3RsMDEkT2JqZWN0QnJvd3NlckRpYWxvZ5t6EvKfQQS4e3kXIpgfVSNxCTNO","__WPPS":"s","IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries":"1","__SHIFTKEY":"","IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciScriptforadtracking%24ciScriptforadtracking":"1","NavMenuClientID":"ctl01_Primary_NavMenu","ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24mHiddenCacheQueryId":"","ctl01%24SearchField%24SearchTerms":"Keyword Search","ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24HiddenKeyField1":"","ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24mHiddenQueryCached":"False","IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciNewContentHtml2%24ciNewContentHtml2":"1","ctl01_GenericWindow_ClientState":"","ctl01_Primary_NavMenu_ClientState":"","PageInstanceKey":"1f89a5d5-ce61-4147-9eb5-32cafa6174a6","ctl01_ObjectBrowserDialog_ClientState":"","__CTRLKEY":"","ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24ctl04":"277d8abd-5f3f-4b6d-8991-a624daea0d07.FS1.FL9","ctl01%24ScriptManager1":"ctl01\x24TemplateBody\x24WebPartManager1\x24gwpciTeacherQueries\x24ciTeacherQueries\x24ListerPanel|ctl01\x24TemplateBody\x24WebPartManager1\x24gwpciTeacherQueries\x24ciTeacherQueries\x24ResultsGrid\x24Sheet0\x24SubmitButton","ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24Input1%24DropDown1":"20","IsControlPostBackctl01%24SocialNetworking%24SocialNetworking":"1","ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24Input0%24DropDown1":"Piano","PageIsDirty":"false","__ASYNCPOST":"true","IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciNewShowConsumerAddressCommon%24ciNewShowConsumerAddressCommon":"1","IsControlPostBackctl01%24TemplateBody%24ContentPageFooter1":"1","__EVENTTARGET":"ctl01\x24TemplateBody\x24WebPartManager1\x24gwpciTeacherQueries\x24ciTeacherQueries\x24ResultsGrid\x24Sheet0\x24SubmitButton","ctl01%24TemplateBody%24WebPartManager1%24gwpciTeacherQueries%24ciTeacherQueries%24ResultsGrid%24Sheet0%24ctl01":"277d8abd-5f3f-4b6d-8991-a624daea0d07.FS1.FL7","ctl01_ctl16_ClientState":"","IsControlPostBackctl01%24SearchField":"1","ctl01_TemplateBody_WebPartManager1_gwpciTeacherQueries_ciTeacherQueries_QueryListDialog_ClientState":"","IsControlPostBackctl01%24FooterCommunications%24FooterCommunications":"1","ctl01%24lastClickedElementId":"","TemplateUserMessagesID":"ctl01_TemplateUserMessages_ctl00_Messages","IsControlPostBackctl01%24TemplateBody%24ContentPage1":"1","IsControlPostBackctl01%24TemplateBody%24WebPartManager1%24gwpciNewContentHtml%24ciNewContentHtml":"1","ctl01_ObjectBrowser_ClientState":"","IsControlPostBackctl01%24FooterCommunications%24NewContentHtml":"1","IsControlPostBackctl01%24FooterCopyright%24FooterCopyright":"1"}
headers = {"X-MicrosoftAjax":"Delta=true","Accept":"*/*","X-Requested-With":"XMLHttpRequest","Cache-Control":"no-cache","User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0","Referer":"https://www.mtna.org/MTNA/FindATeacherSearch.aspx?cak=31022421-c202-431a-b5ef-c6d10c90e6be","Connection":"close","Accept-Encoding":"gzip, deflate","Accept-Language":"en-US,en;q=0.5","Content-Type":"application/x-www-form-urlencoded; charset=utf-8"}
cookies = {"AnonymousCartId":"00000000-0000-0000-0000-000000000000","ASP.NET_SessionId":"cxqktlukl4zprfps4wfyex44","_gat":"1","Asi.Web.Browser.CookiesEnabled":"true","_ga":"GA1.2.1639735034.1545046479","_gid":"GA1.2.6620465.1545046479"}
response = session.post("https://www.mtna.org/MTNA/FindATeacherSearch.aspx", data=paramsPost, params=paramsGet, headers=headers, cookies=cookies)

print("Status code:   %i" % response.status_code)
print("Response body: %s" % response.content)

Но результаты оставляют меня на той же странице.

Есть идеи, почему?Чем отличаются?

...