如何告知请求模块不进行DNS查找?

时间:2016-01-11 13:24:01

标签: python dns python-requests

我的想法是在命令行上将IP地址列表提供给以下代码以检查HTTP方法。问题是Python抱怨它无法使用此错误将IP地址解析为主机名: requests.exceptions.ConnectionError: ('Connection aborted.', gaierror(8, 'nodename nor servname provided, or not known'))

如何关闭DNS IP - >主机名解析?

#!/usr/bin/python
#Usage: ./name-of-this-script.py list-of-IPs
import sys
import requests
requests.packages.urllib3.disable_warnings()

## Variables

f = open(sys.argv[1], 'r')
verbs = ['GET','HEAD','POST','PUT','DELETE','OPTIONS','TRACE','PROPFIND','CONNECT','TEST', 'LOCK','MKCOL','ACL','BASELINE-CONTROL','BIND','CHECKIN','CHECKOUT','COPY','LABEL','LINK','MERGE','MKACTIVITY','MKCALENDAR','MKCOL','MKDIRECTREF','MKWORKPSACE','MOVE','ORDERPATCH','PATCH','PROPATCH','REBIND','REPORT','SEARCH','UNBIND','UNCHECKOUT','UNLINK','UPDATE','UPATEDDIRECTREF','VERSION-CONTROL','LONGPHONYHTTPMETHOD']

print "----------------------------"
print "Permitted HTTP methods indicated below by 200 OK."
print """
To control which HTTP methods are permitted on Apache 
consult: 
https://httpd.apache.org/docs/trunk/mod/mod_allowmethods.html
"""
print "----------------------------"

for line in f:
    for verb in verbs:
        print line
        #req = requests.request(verb, sys.argv[1], verify=False)
        host = 'https://'+ line
        req = requests.request(verb, host, verify=False)
        print verb, req.status_code, req.reason
        if verb == 'TRACE' and 'TRACE / HTTP/1.1' in req.text:
            print 'Possible Cross Site Tracing Vulnerability found!'

1 个答案:

答案 0 :(得分:1)

使用像requests这样的高级库进行这种低级别的HTTP请求处理对我来说似乎有点过头了。

我建议您使用httplib(或http.client,如果您想使用Python 3):

import httplib
import ssl

# Since the IP addresses will likely not match the SSL cert hostnames
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False

ip = "104.16.34.249" # SO
verb = "TRACE"

conn = httplib.HTTPSConnection(ip, context=ssl_context)
conn.request(verb, "/")
r = conn.getresponse()
print r.read(), r.status, r.reason