FormData和Payload是浏览器传输给接口的两种格式,这两种方式浏览器是通过Content-Type来进行区分的。
如果是 application/x-www-form-urlencoded的话,则为formdata方式;
如果是 application/json或multipart/form-data的话,则为 request payload
的方式。
1、 multipart/form-data抓包案例1
POST https://account.com.cn/oauth/token HTTP/1.1
Host: account.com.cn
Accept: */*
Content-Length: 687
Content-Type: multipart/form-data; boundary=------------------------e9b65d04803ea52c
--------------------------e9b65d04803ea52c
Content-Disposition: form-data; name="client_id"
studio10001
--------------------------e9b65d04803ea52c
Content-Disposition: form-data; name="client_secret"
clientSecret
--------------------------e9b65d04803ea52c
Content-Disposition: form-data; name="grant_type"
studio
--------------------------e9b65d04803ea52c
Content-Disposition: form-data; name="password"
password
--------------------------e9b65d04803ea52c
Content-Disposition: form-data; name="username"
13226617607
--------------------------e9b65d04803ea52c
Content-Disposition: form-data; name="lang"
zh_CN
--------------------------e9b65d04803ea52c--
HTTP/1.1 200
Cache-Control: no-store
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Date: Wed, 17 Jun 2020 13:59:42 GMT
Content-Length: 170
python请求方式1
from requests_toolbelt import MultipartEncoder
import requests
url = 'https://account.com.cn/oauth/token'
fields = {
'client_id': 'studio10001',
'client_secret': 'clientSecret',
'grant_type': 'studio',
'password': 'password',
'username': '13226617607',
'lang': 'zh_CN'
}
self._me = MultipartEncoder(fields=fields)
headers = {'Content-Type': self._me.content_type}
result = requests.post(url=url, data=self._me, headers=headers, proxies=proxies, verify=False)
print('获取token结果:', result.json())
multipart/form-data抓包案例2
image.png
python请求方式2
from urllib.parse import urlencode
headers = {"Content-Type": "application/x-www-form-urlencoded"}
url = 'https://support.com.cn/admin/user/' + ID + '/abuse-point'
data = {
"userName": userName, # 用户名
"point": point, # 金币数值
"memo": memo # 备注
}
data = urlencode(data)
result = session.post(url=url, headers=headers, data=data, verify=False)
2、 application/json抓包案例
POST http://*****.com HTTP/1.1
Host: support1.com.cn:8090
Accept: */*
Content-Type: application/json
Content-Length: 698
{
"access_token": "38b9ac08-1ed5-4571-8673-1d8f00f890f6",
"act_custName": "***** ",
"act_phone": "13226617607",
"session_id": "20200617215838698"
}
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 2
python请求方式
import requests
headers = {"Content-Type": "application/x-www-form-urlencoded"}
url = 'https://support.com.cn/admin/user/' + ID + '/abuse-point'
data = {
"userName": userName, # 用户名
"point": point, # 金币数值
"memo": memo # 备注
}
data = urlencode(data)
result = session.post(url=url, headers=headers, data=data, verify=False)
在application/json模拟请求中,我们的请求数据data是一个字典类型,实际上在传输过程中,data会转换为文本形式,我们只需要确保传输内容中有中括号就行,如{"key":"value"},就算我们先将字典转化为字符串,照样可以请求成功。
通常来说,我习惯将数据先创建为字典类型(主要是比较好处理和观看方便)
# 字典转为字符串方式1
import json
data = json.dumps(data)
# 字典转为字符串方式2
data = str(data)
# 字典转为字符串方式1
import json
data = json.dumps(data)
网友评论