在XSS测试中用JAVA模拟POST请求
时间:2018-10-10 13:02:01
手机看文章
扫描二维码
随时随地手机看文章
[导读]该场景应用在XSS测试,这个过程我们针对某一特定的请求,进行测试import java.io.BufferedReader;
import java.io.BufferedWriter;
import
该场景应用在XSS测试,这个过程我们针对某一特定的请求,进行测试
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.Socket;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.List;
/**
*
* @author jingmin
*
*/
class ServerConn {
private int m_port = 0;
private Socket m_socket = null;
private String m_ip = null;
public void setPort(int port) {
this.m_port = port;
}
public void setIp(String ip) {
this.m_ip = ip;
}
/***
*
* @param post_URL
* @param Accept
* @param User_agent
* @param Accept_Lan
* @param Content_type
* @param Accept_enCoder
* @param Host
* @param Connection
* @param Cookie
* @param Cache_control
* @throws
*/
public String setHeader(String post_URL, String Accept_type, String Refer,
String Accept_Lan, String User_agent, String Content_Type,
String request, String Accept_encode, String Host,
String Connection, String Cookie, String Cache_control,
Listdata) {
String Header = "";
String Enter = "rn";
if (post_URL != "") {
Header += "POST " + post_URL + " HTTP/1.1" + Enter;
} else {
return null;
}
if (Host != "") {
Header += "Host: " + Host + Enter;
}
if (User_agent != "") {
Header += "User-Agent: " + User_agent + Enter;
}
if (Accept_type != "") {
Header += "Accept: " + Accept_type + Enter;
}
if (Accept_Lan != "") {
Header += "Accept-Language: " + Accept_Lan + Enter;
}
if (Accept_encode != "") {
Header += "Accept-Encoding: " + Accept_encode + Enter;
}
if (Content_Type != "") {
Header += "Content-Type: " + Content_Type + Enter;
}
if (request != "") {
Header += "X-Requested-With: " + request + Enter;
}
if (Refer != "") {
Header += "Referer: " + Refer + Enter;
}
int nLength = 0;
for (int i = 0; i < data.size(); i++) {
nLength += data.get(i).length();
}
nLength++;
Header += "Content-Length: " + nLength + Enter;
if (Cookie != "") {
Header += "Cookie: " + Cookie + Enter;
}
if (Connection != "") {
Header += "Connection: " + Connection + Enter;
}
if (Cache_control != "") {
Header += "Cache-Control: " + Cache_control + Enter;
}
Header += Enter;
try {
for (int i = 0; i < data.size(); i++) {
if (i % 2 == 0) {
if ((i + 1) < data.size()) {
String tmp = URLEncoder.encode(data.get(i), "utf-8")
+ "="
+ URLEncoder.encode(data.get(i + 1), "utf-8");
Header += tmp;
if (i + 2 >= data.size()) {
break;
} else {
Header += "&";
}
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return Header;
}
public int Connect() {
BufferedReader br = null;
BufferedWriter bw = null;
OutputStreamWriter ow = null;
try {
m_socket = new Socket(m_ip, m_port);
br = new BufferedReader(new InputStreamReader(
m_socket.getInputStream()));
ow = new OutputStreamWriter(m_socket.getOutputStream());
bw = new BufferedWriter(new BufferedWriter(ow));
Listmm = new ArrayList();
mm.add("option");
mm.add("ljw1");
String result = setHeader(
"/view/Index.ashx",
"text/html,*/*;q=0.01",
"http://inventiontool.net/",
"zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
"Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0",
"application/x-www-form-urlencoded; charset=UTF-8",
"XMLHttpRequest",
"gzip,deflate",
"inventiontool.net",
"keep-alive",
"Hm_lvt_f5127c6793d40d199f68042b8a63e725=1444853303,1445609377; Hm_lvt_b83513d98d2b70b2f807abde70212fec=1444853303,1445609380",
"no-cache", mm);
bw.write(result);
bw.flush();
String get_result = null;
while ((get_result = br.readLine()) != null) {
System.out.println(get_result);
}
System.out.println("接受完成");
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
br.close();
bw.close();
m_socket.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return 0;
}
}
public class Hello {
public static void main(String[] args) {
System.out.println("we begin..");
ServerConn sc = new ServerConn();
sc.setIp("115.24.160.250");
sc.setPort(80);
sc.Connect();
}
}
这里呢,我们需要进行做下笔记
1.进行POST请求的时候,其中请求头部和post数据两者之间需要两个rn!!!!!!!!
2.如果出现HTTP 400 BAD REQUEST,需要注意两个点,一个是 Content-type,另一个则是Content-Length这两个值一定得正确!!!,才行
3.中途出现了中文乱码问题,我们在eclipse中进行设置了编码问题,只需要进行编码设置为UTF-8
下载文档
