How to change values of url query in python?

Question

 url = "http://www.example.com?type=a&type1=b&type2=c"
 urllist = get_urllist(url)
 trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"]

def get_urllist(url): 
    url_parsed = urlparse.urlparse(url)
    #extract the query parameters of the URL 
    query =  urlparse.parse_qs(url_parsed.query)
    #get the list of query 
    query_list = query_list(query)
    #Get Base url 
    url = urlparse._replace(query=None).geturl()
    #modify url to get url_list 
    for query in query_list : 
       # change the original query to get the expected result 


 return url_list 


def query_list(query):
     for t in trigger:
         for key, value in query.items():
            query[key] += t
         query_list.append(query) 

     return query_list

How to return a list of URLs by changing the query parameter values?

Original url = "http://www.example.com?type=a&type1=b&type2=c"

Expected Result:

Url_list= ["http://www.example.com?type=a'OR '1'='1'&type1=b'OR '1'='1'&type2=c'OR '1'='1'","http://www.example.com?type=a'OR '1'='2'&type1=b'OR '1'='2'&type2=c'OR '1'='2'","http://www.example.com?type=a'OR a=a&type1=b'OR a=a&type2=c''OR a=a" ]

Answer 1

In Python2.x

You can use urlparse.urlparse function and ParseResult._replace method:

import urlparse
url = "http://www.example.com?type=a&type1=b&type2=c"
trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"]

parsed = urlparse.urlparse(url)
querys = parsed.query.split("&")
result = []
for pairs in trigger:
    new_query = "&".join([ "{}{}".format(query, pairs) for query in querys])
    parsed = parsed._replace(query=new_query)
    result.append(urlparse.urlunparse(parsed))

Note

The urlparse module is renamed to urllib.parse in Python 3. The 2to3 tool will automatically adapt imports when converting your sources to Python 3.

In Python3.x

You can use urlparse.urlparse function as well.

import urllib.parse as urlparse
url = "http://www.example.com?type=a&type1=b&type2=c"
trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"]

parsed = urlparse.urlparse(url)
querys = parsed.query.split("&")
result = []
for pairs in trigger:
    new_query = "&".join([ "{}{}".format(query, pairs) for query in querys])
    parsed = parsed._replace(query=new_query)
    result.append(urlparse.urlunparse(parsed))

DEMO OUTPUT:

["http://www.example.com?type=a'or '1'='1'&type1=b'or '1'='1'&type2=c'or '1'='1'", "http://www.example.com?type=a 'OR '1'='2'&type1=b 'OR '1'='2'&type2=c 'OR '1'='2'", "http://www.example.com?type=a'OR a=a&type1=b'OR a=a&type2=c'OR a=a"]

Answer 2

You can use the package furl.

from furl import furl

url = furl("http://www.example.com?type=a&type1=b&type2=c")
url.set({"type": "a'or '1'='1'"})
url.url

gives the output: http://www.example.com?type=a%27or+%271%27%3D%271%27

and decoded: http://www.example.com?type=a'or '1'='1'

Answer 3

Here is a simple example:

def patch_url(url, **kwargs):
    from urllib.parse import urlparse, urlencode, parse_qsl
    return urlparse(url)._replace(query=urlencode(
        dict(parse_qsl(urlparse(url).query), **kwargs))).geturl()


assert patch_url("https://httpbin.org/get?hello=world", hello="human") \
       == "https://httpbin.org/get?hello=human"

Answer 4

To avoid using the private method _replace() I just made a new SplitResult, replacing the old params where necessary.

p = parse.urlsplit(url)
url = parse.SplitResult("https", *p[1:]).geturl()

I'm using urlsplit() which returns SplitResult, but I would imagine you can do the same thing with ParseResult returned from urlparse(). Both are named tuples. Everthing is described in the docs

For the query specifically, also do parse_qs() to get a dict of params and urlencode() to get back a query string.

>>> parse.urlencode({"a":1, "b":"yes", "c":[1,2,3]}, doseq=False)
'a=1&b=yes&c=%5B1%2C+2%2C+3%5D'
>>> parse.urlencode({"a":1, "b":"yes", "c":[1,2,3]}, doseq=True)
'a=1&b=yes&c=1&c=2&c=3'