封面

qianniaoge · Jul 19, 2021 · edcc66f · edcc66f
1 parent 65d768e
commit edcc66f
Show file tree

Hide file tree

Showing 7 changed files with 537 additions and 14 deletions.
diff --git a/pom.xml b/pom.xml
@@ -91,6 +91,26 @@
       <version>9.0.46</version>
     </dependency>
 
+    <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore -->
+    <dependency>
+      <groupId>org.apache.httpcomponents</groupId>
+      <artifactId>httpcore</artifactId>
+      <version>4.4.14</version>
+    </dependency>
+
+    <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
+    <dependency>
+      <groupId>org.apache.httpcomponents</groupId>
+      <artifactId>httpclient</artifactId>
+      <version>4.5.13</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-lang3</artifactId>
+      <version>3.12.0</version>
+    </dependency>
+
   </dependencies>
 
   <build>

diff --git a/src/main/java/cn/safe6/core/BurstJob.java b/src/main/java/cn/safe6/core/BurstJob.java
@@ -1,10 +1,14 @@
 package cn.safe6.core;
 
 import cn.safe6.Controller;
-import cn.safe6.util.HttpTool;
+import cn.safe6.util.HttpClientUtil;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.*;
 import javafx.application.Platform;
 
 
+import java.util.Collection;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Callable;
@@ -19,6 +23,7 @@ public class BurstJob implements Callable<String> {
     private Map<String,String> params;
     private List<String> keys;
     final private Controller controller = (Controller) ControllersFactory.controllers.get(Controller.class.getSimpleName());
+    final private Map<String,Object> paramsContext = ControllersFactory.paramsContext;
 
 
     public BurstJob(String url, String method, Map<String,String> params, List<String> keys) {
@@ -29,13 +34,29 @@ public BurstJob(String url, String method, Map<String,String> params, List<Strin
     }
 
     @Override
-    public String call() throws Exception {
+    public String call() {
 
         try {
             Controller.logUtil.printInfoLog("开始爆破默认key");
+            //错误包长度
+
+            Map<String, Object> header = (Map<String, Object>)paramsContext.get("header");
+            if (header==null){
+                header = new HashMap<>();
+            }
+            //在原有cookie后面追加
+            header.put("cookie",header.get("cookie")+";"+paramsContext.get("rmeValue")+"=123456");
+            int errLen= HttpClientUtil.httpGetRequest(url,header).length();
             for (String key : keys) {
                 Controller.logUtil.printInfoLog("检测"+key);
-                String res = HttpTool.getHttpReuest(url, "application/x-www-form-urlencoded", "UTF-8");
+                if(paramsContext.get("method").equals(Constants.METHOD_GET)){
+                    header.put("cookie",header.get("cookie")+";"+paramsContext.get("rmeValue")+"=");
+                    String data = HttpClientUtil.httpGetRequest(url,header);
+                   // if (errLen==data.length())
+
+
+
+                }
             }
         }catch (Exception e){
             e.printStackTrace();

diff --git a/src/main/java/cn/safe6/core/Constants.java b/src/main/java/cn/safe6/core/Constants.java
@@ -19,9 +19,9 @@ public interface Constants {
 
     String AUTHOR = "Safe6Sec";
 
-    String BASICINFO = "[*]本工具提供给安全测试人员,安全工程师,进行安全自查使用,请勿非法使用\r\n" +
-            "[*]作者博客:  http://www.safe6.cn/\r\n"+
-            "[*]Bug反馈:  https://github.com/safe6Sec/ShiroExp\r\n";
+    String BASICINFO = "[*] 本工具提供给安全测试人员,安全工程师,进行安全自查使用,请勿非法使用\r\n" +
+            "[*] 作者博客:  http://www.safe6.cn/\r\n"+
+            "[*] Bug反馈:  https://github.com/safe6Sec/ShiroExp\r\n";
 
 
     String[] ENCODING = {