如何在通过python请求模块发送请求时选择特定的密码 [英] How to select specific the cipher while sending request via python request module

问题描述

用例:我想通过 python 请求模块找出主机名支持多少密码.

Usecase: I want to find out how many ciphers are supported by the hostname with python request module.

我找不到提供密码名称以请求模块挂钩的方法.任何人都可以建议提供指定密码的方法.

I am not able to find a way to provide the cipher name to request module hook. Can anyone suggest the way to provide the way to specify cipher.

import ssl

from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager


class Ssl3HttpAdapter(HTTPAdapter):
    """"Transport adapter" that allows us to use SSLv3."""

    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = PoolManager(
            num_pools=connections, maxsize=maxsize,
            block=block, ssl_version=ssl.PROTOCOL_SSLv3)

推荐答案

如果您使用的是 2.12.0+ 版本的请求，Configuring TLS With Requests，它描述了允许您配置 SSLContext 的新功能(请注意，这篇博文是在OP问了这个问题):

If you are using requests version 2.12.0+, there is a blog post on Configuring TLS With Requests, which describes new functionality to allow you to configure the SSLContext (note that this blog post was written after the OP asked the question):

Requests v2.12.0 添加的特性是 urllib3 现在接受一个ConnectionPool 对象的构造函数中的 SSLContext 对象.这SSLContext 将用作底层 TLS 的工厂连接，因此应用于它的所有设置也将应用于那些低级连接.

The feature added in Requests v2.12.0 is that urllib3 now accepts an SSLContext object in the constructors for ConnectionPool objects. This SSLContext will be used as the factory for the underlying TLS connection, and so all settings applied to it will also be applied to those low-level connections.

最好的方法是使用 SSLContext 工厂函数requests.packages.urllib3.util.ssl_.create_urllib3_context.这是类似于 Python 的 ssl.create_default_context 函数，但适用Requests 和 urllib3 的更严格的默认 TLS 配置都用.此函数将返回一个 SSLContext 对象，然后可以应用了进一步的配置.最重要的是，该功能还需要一些参数来允许覆盖默认配置.

The best way to do this is to use the SSLContext factory function requests.packages.urllib3.util.ssl_.create_urllib3_context. This is analogous to Python’s ssl.create_default_context function but applies the more-strict default TLS configuration that Requests and urllib3 both use. This function will return an SSLContext object that can then have further configuration applied. On top of that, the function also takes a few arguments to allow overriding default configuration.

要提供新的 SSLContext 对象，您需要编写一个适合给定主机的 TransportAdapter.

To provide the new SSLContext object, you will need to write a TransportAdapter that is appropriate for the given host.

以下示例代码是如何使用此方法在请求中重新启用 3DES 的示例.

The following sample code is given as an example of how to re-enable 3DES in Requests using this method.

import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context

# This is the 2.11 Requests cipher string, containing 3DES.
CIPHERS = (
    'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
    'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
    '!eNULL:!MD5'
)


class DESAdapter(HTTPAdapter):
    """
    A TransportAdapter that re-enables 3DES support in Requests.
    """
    def init_poolmanager(self, *args, **kwargs):
        context = create_urllib3_context(ciphers=CIPHERS)
        kwargs['ssl_context'] = context
        return super(DESAdapter, self).init_poolmanager(*args, **kwargs)

    def proxy_manager_for(self, *args, **kwargs):
        context = create_urllib3_context(ciphers=CIPHERS)
        kwargs['ssl_context'] = context
        return super(DESAdapter, self).proxy_manager_for(*args, **kwargs)

s = requests.Session()
s.mount('https://some-3des-only-host.com', DESAdapter())
r = s.get('https://some-3des-only-host.com/some-path')

还有一种可能的破解方法，您可以在 请求模块的 github 页面，或在 https://stackoverflow.com/a/32651967/2364215> 但它修改了底层库代码，我不推荐它(请求模块的作者也不推荐，你会在该页面上找到).另一方面，如果您使用的是较旧的请求包并且无法升级，则它可能是您的最佳选择.它相当于覆盖 urllib3 模块的 DEFAULT_CIPHERS:

There is also a hack possible, which you can read on the github pages for the requests module, or at https://stackoverflow.com/a/32651967/2364215 but it modifies the underlying library code, I don't recommend it (neither do the authors of the requests module, as you will find on that page). On the other hand, if you are on an older requests package and you can't upgrade, it may be your best option. It amounts to overriding the urllib3 module's DEFAULT_CIPHERS:

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':RC4-SHA' 

如果您有其他代码在修改后会使用requests模块，但不需要修改，您可能需要将DEFAULT_CIPHERS恢复到之前的值.

If you have other code that will use the requests module after doing the modification, but doesn't need the modification, you may want to restore DEFAULT_CIPHERS to its previous value.

这篇关于如何在通过python请求模块发送请求时选择特定的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！