Skip to content
This repository has been archived by the owner on Sep 12, 2024. It is now read-only.

Commit

Permalink
[Debug] fix target connect func
Browse files Browse the repository at this point in the history
  • Loading branch information
jweny committed Aug 10, 2021
1 parent 4be32b0 commit f16742a
Show file tree
Hide file tree
Showing 7 changed files with 76 additions and 38 deletions.
7 changes: 1 addition & 6 deletions api/routers/v1/plugin/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -234,12 +234,7 @@ func Run(c *gin.Context) {

oreq, err := util.GenOriginalReq(run.Target)
if err != nil {
c.JSON(msg.ErrResp("原始请求生成失败"))
return
}
verify := util.VerifyTargetConnection(oreq)
if !verify {
c.JSON(msg.ErrResp("测试目标连通性测试不通过"))
c.JSON(msg.ErrResp("目标连通性不通过/原始请求生成失败"))
return
}
poc, err := rule.ParseJsonPoc(run.JsonPoc)
Expand Down
2 changes: 1 addition & 1 deletion pkg/conf/default.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ const ConfigFileName = "config.yaml"
const ServiceName = "pocassist"
const Website = "https://pocassist.jweny.top/"

const Version = "1.0.2"
const Version = "1.0.4"
const Banner = `
_ _
_ __ ___ ___ __ _ ___ ___(_)___| |_
Expand Down
85 changes: 68 additions & 17 deletions pkg/util/request.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/valyala/fasthttp"
"golang.org/x/time/rate"
"io/ioutil"
"net"
"net/http"
"net/url"
"regexp"
Expand Down Expand Up @@ -217,6 +218,8 @@ func ParseFasthttpResponse(originalResp *fasthttp.Response, req *fasthttp.Reques
return resp, nil
}



func DoFasthttpRequest(req *fasthttp.Request, redirect bool) (*proto.Response, error) {
LimitWait()
defer fasthttp.ReleaseRequest(req)
Expand Down Expand Up @@ -346,25 +349,12 @@ func UnzipResponseBody(response *fasthttp.Response) ([]byte, error) {
return body, err
}

func GenOriginalReq(url string) (*http.Request, error) {
// 生成原始请求
if strings.HasPrefix(url, "http://") || strings.HasPrefix(url, "https://") {
} else {
url = "http://" + url
}
originalReq, err := http.NewRequest("GET", url, nil)
func VerifyPortConnection(targetAddr string) bool {
_, err := TcpSend(targetAddr, nil)
if err != nil {
log.Error("util/requests.go:GenOriginalReq original request gen error", url, err)
return nil, err
return false
}
originalReq.Header.Set("Host", originalReq.Host)
originalReq.Header.Set("Accept-Encoding", "gzip, deflate")
originalReq.Header.Set("Accept","*/*")
originalReq.Header.Set("User-Agent", conf.GlobalConfig.HttpConfig.Headers.UserAgent)
originalReq.Header.Set("Accept-Language","en")
originalReq.Header.Set("Connection","close")

return originalReq, nil
return true
}

func VerifyTargetConnection(originalReq *http.Request) bool {
Expand Down Expand Up @@ -398,6 +388,67 @@ func VerifyTargetConnection(originalReq *http.Request) bool {
return true
}

func VerifyInputTarget(target string) (bool, string) {
// 连通性校验改到这里
// 1.不带https/http协议 && 不带端口:放弃检查(icmp限制太多)
// 2.带端口:tcp 端口
// 3.带https/http协议不带端口:tcp 80/443
// 生成原始请求
verify := true
// 有端口
if len(strings.Split(target,":")) > 1 {
// 带端口
if strings.HasPrefix(target, "http://") || strings.HasPrefix(target, "https://"){

}else {
target = "http://" + target
}
} else {
// 不带端口
if strings.HasPrefix(target, "http://"){
// 输入 http
verify = VerifyPortConnection(net.JoinHostPort(target, "80"))
} else if strings.HasPrefix(target, "https://") {
// 输入 https
verify = VerifyPortConnection(net.JoinHostPort(target, "443"))
} else {
// 不校验
target = "http://" + target
}
}
return verify, target
}

func GenOriginalReq(target string) (*http.Request, error) {
verify, fixTarget := VerifyInputTarget(target)
if !verify {
errMsg := fmt.Errorf("util/requests.go:GenOriginalReq %s can not connect", target)
log.Error(errMsg)
return nil, errMsg
}
originalReq, err := http.NewRequest("GET", fixTarget, nil)
if err != nil {
errMsg := fmt.Errorf("util/requests.go:GenOriginalReq %s original request gen error %v", target, err)
log.Error(errMsg)
return nil, errMsg
}
originalReq.Header.Set("Host", originalReq.Host)
originalReq.Header.Set("Accept-Encoding", "gzip, deflate")
originalReq.Header.Set("Accept","*/*")
originalReq.Header.Set("User-Agent", conf.GlobalConfig.HttpConfig.Headers.UserAgent)
originalReq.Header.Set("Accept-Language","en")
originalReq.Header.Set("Connection","close")

// 检查fixUrl连通性
verify = VerifyTargetConnection(originalReq)
if !verify {
errMsg := fmt.Errorf("util/requests.go:GenOriginalReq %s can not connect", fixTarget)
log.Error(errMsg)
return nil, errMsg
}
return originalReq, nil
}

func GetOriginalReqBody(originalReq *http.Request) ([]byte, error){
var data []byte
if originalReq.Body != nil && originalReq.Body != http.NoBody {
Expand Down
5 changes: 2 additions & 3 deletions pkg/util/request_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"crypto/tls"
"fmt"
"github.com/valyala/fasthttp"
"net/http"
"strings"
"testing"
"time"
Expand All @@ -21,8 +20,8 @@ func TestVerifyTargetConnection(t *testing.T) {
// fmt.Println(0)
//}

originalReq, _ := http.NewRequest("GET", "http://www.jweny.com/", nil)
fmt.Println(VerifyTargetConnection(originalReq))
//originalReq, _ := http.NewRequest("GET", "http://www.jweny.com/", nil)
//fmt.Println(VerifyTargetConnection(originalReq))


//req := fasthttp.AcquireRequest()
Expand Down
2 changes: 1 addition & 1 deletion pkg/util/version.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import (
"strings"
)

// 版本对比方法
// SingleVersionCompare 版本对比方法
// <=0没有漏洞 >0有漏洞
func SingleVersionCompare(verCurrent string, verVul string) (int, error) {
partsCurrent := strings.Split(verCurrent, ".")
Expand Down
8 changes: 0 additions & 8 deletions poc/rule/parallel.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"github.com/jweny/pocassist/pkg/conf"
"github.com/jweny/pocassist/pkg/db"
log "github.com/jweny/pocassist/pkg/logging"
"github.com/jweny/pocassist/pkg/util"
"github.com/panjf2000/ants/v2"
"gopkg.in/yaml.v2"
"net/http"
Expand Down Expand Up @@ -129,13 +128,6 @@ func TaskConsumer(){
db.ErrorTask(item.Task.Id)
continue
}
// 检查可用性
verify := util.VerifyTargetConnection(item.OriginalReq)
if !verify {
log.Error("[rule/parallel.go:TaskConsumer target can not connect]", item.OriginalReq.URL.String())
db.ErrorTask(item.Task.Id)
continue
}
RunPlugins(item)
}
}
Expand Down
5 changes: 3 additions & 2 deletions poc/scripts/poc-go-shiro-unserialize-550.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,9 @@ func ShiroJavaUnserilize(args *ScriptScanArgs) (*util.ScanResult, error) {
}

isShiro := false
for key, _ := range resp.Headers {
if key == "rememberMe" {
if _, ok := resp.Headers["set-cookie"]; ok {
v := resp.Headers["set-cookie"]
if strings.Contains(v,"rememberMe") {
isShiro = true
}
}
Expand Down

0 comments on commit f16742a

Please sign in to comment.