From 5153c704612263e80d0b1ac4194ffc7261c48eb6 Mon Sep 17 00:00:00 2001 From: yumusb Date: Tue, 1 Dec 2020 17:28:15 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E5=BD=93=E6=97=A0POST=E5=8F=82=E6=95=B0?= =?UTF-8?q?=E6=97=B6=E4=BD=BF=E7=94=A8GET=E8=AF=B7=E6=B1=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/request.js | 315 +++++++++++++++++++++++++++------------------ 1 file changed, 192 insertions(+), 123 deletions(-) diff --git a/modules/request.js b/modules/request.js index c42ce39e..ee76deee 100644 --- a/modules/request.js +++ b/modules/request.js @@ -111,6 +111,19 @@ class Request { .send('request-error-' + opts['hash'], "Blacklist URL"); } let _request = superagent.post(opts['url']); + + + let _postData = Object.assign({}, opts.body, opts.data); + + //logger.debug(_postData); + let getFlag = 1; + for (var n in _postData) { + getFlag = 0; + } + if(getFlag===1){ + _request = superagent.get(opts['url']); + } + // 设置headers _request.set('User-Agent', USER_AGENT); // 自定义headers @@ -118,38 +131,137 @@ class Request { _request.set(_, opts.headers[_]); } // 自定义body - let _postData = Object.assign({}, opts.body, opts.data); - if (opts['useChunk'] == 1) { - logger.debug("request with Chunked"); - let _postarr = []; - for (var key in _postData) { - if (_postData.hasOwnProperty(key)) { - let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) { - return unescape($1); - }); // 后续可能需要二次处理的在这里追加 - _postarr.push(`${key}=${_tmp}`); + //let _postData = Object.assign({}, opts.body, opts.data); + + if(getFlag==0){ + if (opts['useChunk'] == 1) { + logger.debug("request with Chunked"); + let _postarr = []; + for (var key in _postData) { + if (_postData.hasOwnProperty(key)) { + let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) { + return unescape($1); + }); // 后续可能需要二次处理的在这里追加 + _postarr.push(`${key}=${_tmp}`); + } } - } - let antstream = new AntRead(_postarr.join("&"), { - 'step': parseInt(opts['chunkStepMin']), - 'stepmax': parseInt(opts['chunkStepMax']) - }); - let _datasuccess = false; // 表示是否是 404 类shell - _request - .proxy(APROXY_CONF['uri']) - .type('form') - // .set('Content-Type', 'application/x-www-form-urlencoded') - .timeout(opts.timeout || REQ_TIMEOUT) - .ignoreHTTPS(opts['ignoreHTTPS']) - .parse((res, callback) => { - this.parse(opts['tag_s'], opts['tag_e'], (chunk) => { - event - .sender - .send('request-chunk-' + opts['hash'], chunk); - }, res, (err, ret) => { - let buff = ret ? - ret : + let antstream = new AntRead(_postarr.join("&"), { + 'step': parseInt(opts['chunkStepMin']), + 'stepmax': parseInt(opts['chunkStepMax']) + }); + let _datasuccess = false; // 表示是否是 404 类shell + _request + .proxy(APROXY_CONF['uri']) + .type('form') + // .set('Content-Type', 'application/x-www-form-urlencoded') + .timeout(opts.timeout || REQ_TIMEOUT) + .ignoreHTTPS(opts['ignoreHTTPS']) + .parse((res, callback) => { + this.parse(opts['tag_s'], opts['tag_e'], (chunk) => { + event + .sender + .send('request-chunk-' + opts['hash'], chunk); + }, res, (err, ret) => { + let buff = ret ? + ret : + Buffer.from(); + // 自动猜测编码 + let encoding = detectEncoding(buff, { + defaultEncoding: "unknown" + }); + logger.debug("detect encoding:", encoding); + encoding = encoding != "unknown" ? + encoding : + opts['encode']; + let text = iconv.decode(buff, encoding); + if (err && text == "") { + return event + .sender + .send('request-error-' + opts['hash'], err); + }; + // 回调数据 + event + .sender + .send('request-' + opts['hash'], { + text: text, + buff: buff, + encoding: encoding + }); + _datasuccess = true; + callback(null, ret); + }); + }) + .on('error', (err) => { + if (_datasuccess == false) { + return event + .sender + .send('request-error-' + opts['hash'], err); + } + }); + antstream.pipe(_request); + } else { + // 通过替换函数方式来实现发包方式切换, 后续可改成别的 + const old_send = _request.send; + let _postarr = []; + if (opts['useMultipart'] == 1) { + _request.send = _request.field; + for (var key in _postData) { + if (_postData.hasOwnProperty(key)) { + let _tmp = (_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) { + return unescape($1) + }); + _postarr[key] = _tmp; + } + } + } else { + if(opts['addMassData']==1){ + for (let i = 0; i < randomInt(num_min, num_max); i++) { //将混淆流量放入到payload数组中 + _postData[randomString(randomInt(varname_min, varname_max))] = randomString(randomInt(data_min, data_max)); + } + _postData=randomDict(_postData); + //logger.debug(_postData); + } + _request.send = old_send; + for (var key in _postData) { + if (_postData.hasOwnProperty(key)) { + let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) { + return unescape($1) + }); // 后续可能需要二次处理的在这里追加 + _postarr.push(`${key}=${_tmp}`); + } + } + //console.log(_postarr); + //logger.debug(_postarr); + _postarr = _postarr.join('&'); + } + _request + .proxy(APROXY_CONF['uri']) + .type('form') + // 超时 + .timeout(opts.timeout || REQ_TIMEOUT) + // 忽略HTTPS + .ignoreHTTPS(opts['ignoreHTTPS']) + .send(_postarr) + .buffer(true) + .parse((res, callback) => { + this.parse(opts['tag_s'], opts['tag_e'], (chunk) => { + event + .sender + .send('request-chunk-' + opts['hash'], chunk); + }, res, callback); + }) + .end((err, ret) => { + if (!ret) { + // 请求失败 TIMEOUT + return event + .sender + .send('request-error-' + opts['hash'], err); + } + let buff = ret.hasOwnProperty('body') ? + ret.body : Buffer.from(); + // 解码 + let text = ""; // 自动猜测编码 let encoding = detectEncoding(buff, { defaultEncoding: "unknown" @@ -158,7 +270,7 @@ class Request { encoding = encoding != "unknown" ? encoding : opts['encode']; - let text = iconv.decode(buff, encoding); + text = iconv.decode(buff, encoding); if (err && text == "") { return event .sender @@ -172,104 +284,61 @@ class Request { buff: buff, encoding: encoding }); - _datasuccess = true; - callback(null, ret); }); - }) - .on('error', (err) => { - if (_datasuccess == false) { - return event - .sender - .send('request-error-' + opts['hash'], err); - } - }); - antstream.pipe(_request); - } else { - // 通过替换函数方式来实现发包方式切换, 后续可改成别的 - const old_send = _request.send; - let _postarr = []; - if (opts['useMultipart'] == 1) { - _request.send = _request.field; - for (var key in _postData) { - if (_postData.hasOwnProperty(key)) { - let _tmp = (_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) { - return unescape($1) - }); - _postarr[key] = _tmp; - } - } - } else { - if(opts['addMassData']==1){ - for (let i = 0; i < randomInt(num_min, num_max); i++) { //将混淆流量放入到payload数组中 - _postData[randomString(randomInt(varname_min, varname_max))] = randomString(randomInt(data_min, data_max)); - } - _postData=randomDict(_postData); - //logger.debug(_postData); - } - _request.send = old_send; - for (var key in _postData) { - if (_postData.hasOwnProperty(key)) { - let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) { - return unescape($1) - }); // 后续可能需要二次处理的在这里追加 - _postarr.push(`${key}=${_tmp}`); - } - } - //console.log(_postarr); - //logger.debug(_postarr); - _postarr = _postarr.join('&'); } + }else{ + //GET请求 _request - .proxy(APROXY_CONF['uri']) - .type('form') - // 超时 - .timeout(opts.timeout || REQ_TIMEOUT) - // 忽略HTTPS - .ignoreHTTPS(opts['ignoreHTTPS']) - .send(_postarr) - .buffer(true) - .parse((res, callback) => { - this.parse(opts['tag_s'], opts['tag_e'], (chunk) => { - event - .sender - .send('request-chunk-' + opts['hash'], chunk); - }, res, callback); - }) - .end((err, ret) => { - if (!ret) { - // 请求失败 TIMEOUT - return event - .sender - .send('request-error-' + opts['hash'], err); - } - let buff = ret.hasOwnProperty('body') ? - ret.body : - Buffer.from(); - // 解码 - let text = ""; - // 自动猜测编码 - let encoding = detectEncoding(buff, { - defaultEncoding: "unknown" - }); - logger.debug("detect encoding:", encoding); - encoding = encoding != "unknown" ? - encoding : - opts['encode']; - text = iconv.decode(buff, encoding); - if (err && text == "") { - return event - .sender - .send('request-error-' + opts['hash'], err); - }; - // 回调数据 + .proxy(APROXY_CONF['uri']) + //.type('form') + // 超时 + .timeout(opts.timeout || REQ_TIMEOUT) + // 忽略HTTPS + .ignoreHTTPS(opts['ignoreHTTPS']) + //.send(_postarr) + .buffer(true) + .parse((res, callback) => { + this.parse(opts['tag_s'], opts['tag_e'], (chunk) => { event .sender - .send('request-' + opts['hash'], { - text: text, - buff: buff, - encoding: encoding - }); + .send('request-chunk-' + opts['hash'], chunk); + }, res, callback); + }) + .end((err, ret) => { + if (!ret) { + // 请求失败 TIMEOUT + return event + .sender + .send('request-error-' + opts['hash'], err); + } + let buff = ret.hasOwnProperty('body') ? + ret.body : + Buffer.from(); + // 解码 + let text = ""; + // 自动猜测编码 + let encoding = detectEncoding(buff, { + defaultEncoding: "unknown" }); + logger.debug("detect encoding:", encoding); + encoding = encoding != "unknown" ? + encoding : + opts['encode']; + text = iconv.decode(buff, encoding); + if (err && text == "") { + return event + .sender + .send('request-error-' + opts['hash'], err); + }; + // 回调数据 + event + .sender + .send('request-' + opts['hash'], { + text: text, + buff: buff, + encoding: encoding + }); + }); } } From 4a969cdce24b2761eeeb90c92e0c0dcfdc573127 Mon Sep 17 00:00:00 2001 From: yumusb Date: Tue, 8 Dec 2020 13:49:58 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8DJSP=E7=9B=B8=E5=85=B3?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source/modules/settings/encoders.js | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/source/modules/settings/encoders.js b/source/modules/settings/encoders.js index f47835f1..f603821d 100644 --- a/source/modules/settings/encoders.js +++ b/source/modules/settings/encoders.js @@ -59,6 +59,11 @@ class Encoders { icon: 'file-code-o', type: 'button', text: "PHP" + }, { + id: 'new_jsp', + icon: 'file-code-o', + type: 'button', + text: "JSP" }, { type: 'separator' }, { @@ -85,6 +90,11 @@ class Encoders { icon: 'file-code-o', type: 'button', text: "PHP" + },{ + id: 'new_jsp_decoder', + icon: 'file-code-o', + type: 'button', + text: "JSP" }, { type: 'separator' }, { @@ -129,6 +139,9 @@ class Encoders { case "new_aspx": that.createEncoder(id); break; + case "new_jsp": + that.createEncoder(id); + break; case "new_php": case "new_php_rsa": that.createEncoder(id); @@ -139,6 +152,9 @@ class Encoders { case "new_php_decoder": that.createEncoder(id, 'decoder'); break; + case "new_jsp_decoder": + that.createEncoder(id, 'decoder'); + break; case "new_custom_decoder": that.createEncoder(id, 'decoder'); break; @@ -747,12 +763,14 @@ module.exports = { asp: [], aspx: [], php: [], + jsp: [], custom: [] }; var encoders_path = { asp: [], aspx: [], php: [], + jsp: [], custom: [] }; let userencoder_path = path.join(remote.process.env.AS_WORKDIR, 'antData/encoders'); From 6b110cf71dcb636c129b1d55a00d07980d4551af Mon Sep 17 00:00:00 2001 From: yumusb Date: Tue, 8 Dec 2020 13:59:33 +0800 Subject: [PATCH 3/4] fix RSA padding --- source/core/base.js | 1 + 1 file changed, 1 insertion(+) diff --git a/source/core/base.js b/source/core/base.js index b0520cc1..64e0945e 100644 --- a/source/core/base.js +++ b/source/core/base.js @@ -73,6 +73,7 @@ class Base { */ rsaEncrypt() { let key = new NodeRSA(); + key.setOptions({encryptionScheme: 'pkcs1'}); try { let priKey = fs.readFileSync(path.join(remote.process.env.AS_WORKDIR, `antData/key_rsa`)); if (priKey.length > 0) { From c7d7ab98b0d498fa47df0deef43f4e1c44affc32 Mon Sep 17 00:00:00 2001 From: yumusb Date: Tue, 8 Dec 2020 14:43:37 +0800 Subject: [PATCH 4/4] fix something about jsp --- source/modules/settings/encoders.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/modules/settings/encoders.js b/source/modules/settings/encoders.js index f603821d..4d146de7 100644 --- a/source/modules/settings/encoders.js +++ b/source/modules/settings/encoders.js @@ -193,6 +193,7 @@ class Encoders { combobox.put("asp", "ASP"); combobox.put("aspx", "ASPX"); combobox.put("php", "PHP"); + combobox.put("jsp", "JSP"); combobox.put("custom", "CUSTOM"); grid.attachEvent("onEditCell", function (stage, rId, cInd, nValue, oValue) { @@ -812,12 +813,14 @@ module.exports = { asp: [], aspx: [], php: [], + jsp:[], custom: [] }; var decoders_path = { asp: [], aspx: [], php: [], + jsp:[], custom: [] }; let userdecoder_path = path.join(remote.process.env.AS_WORKDIR, 'antData/encoders');