Search code examples
pythonurlparseurl-parsing

How to change values of url query in python?

 url = "http://www.example.com?type=a&type1=b&type2=c"
 urllist = get_urllist(url)
 trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"]

def get_urllist(url): 
    url_parsed = urlparse.urlparse(url)
    #extract the query parameters of the URL 
    query =  urlparse.parse_qs(url_parsed.query)
    #get the list of query 
    query_list = query_list(query)
    #Get Base url 
    url = urlparse._replace(query=None).geturl()
    #modify url to get url_list 
    for query in query_list : 
       # change the original query to get the expected result 


 return url_list 


def query_list(query):
     for t in trigger:
         for key, value in query.items():
            query[key] += t
         query_list.append(query) 

     return query_list

How to return a list of URLs by changing the query parameter values?

Original url = "http://www.example.com?type=a&type1=b&type2=c"

Expected Result:

Url_list= ["http://www.example.com?type=a'OR '1'='1'&type1=b'OR '1'='1'&type2=c'OR '1'='1'","http://www.example.com?type=a'OR '1'='2'&type1=b'OR '1'='2'&type2=c'OR '1'='2'","http://www.example.com?type=a'OR a=a&type1=b'OR a=a&type2=c''OR a=a" ]

Solution

  • In Python2.x

    You can use urlparse.urlparse function and ParseResult._replace method:

    import urlparse
url = "http://www.example.com?type=a&type1=b&type2=c"
trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"]

parsed = urlparse.urlparse(url)
querys = parsed.query.split("&")
result = []
for pairs in trigger:
    new_query = "&".join([ "{}{}".format(query, pairs) for query in querys])
    parsed = parsed._replace(query=new_query)
    result.append(urlparse.urlunparse(parsed))

    Note

    The urlparse module is renamed to urllib.parse in Python 3. The 2to3 tool will automatically adapt imports when converting your sources to Python 3.

    In Python3.x

    You can use urlparse.urlparse function as well.

    import urllib.parse as urlparse
url = "http://www.example.com?type=a&type1=b&type2=c"
trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"]

parsed = urlparse.urlparse(url)
querys = parsed.query.split("&")
result = []
for pairs in trigger:
    new_query = "&".join([ "{}{}".format(query, pairs) for query in querys])
    parsed = parsed._replace(query=new_query)
    result.append(urlparse.urlunparse(parsed))

    DEMO OUTPUT:

    ["http://www.example.com?type=a'or '1'='1'&type1=b'or '1'='1'&type2=c'or '1'='1'", "http://www.example.com?type=a 'OR '1'='2'&type1=b 'OR '1'='2'&type2=c 'OR '1'='2'", "http://www.example.com?type=a'OR a=a&type1=b'OR a=a&type2=c'OR a=a"]