Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

当无POST参数时使用GET请求 #266

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

当无POST参数时使用GET请求 #266

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5153c70
当无POST参数时使用GET请求
yumusb Dec 1, 2020
4a969cd
修复JSP相关问题
yumusb Dec 8, 2020
6b110cf
fix RSA padding
yumusb Dec 8, 2020
c7d7ab9
fix something about jsp
yumusb Dec 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
315 changes: 192 additions & 123 deletions modules/request.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,45 +111,157 @@ class Request {
.send('request-error-' + opts['hash'], "Blacklist URL");
}
let _request = superagent.post(opts['url']);


let _postData = Object.assign({}, opts.body, opts.data);

//logger.debug(_postData);
let getFlag = 1;
for (var n in _postData) {
getFlag = 0;
}
if(getFlag===1){
_request = superagent.get(opts['url']);
}

// 设置headers
_request.set('User-Agent', USER_AGENT);
// 自定义headers
for (let _ in opts.headers) {
_request.set(_, opts.headers[_]);
}
// 自定义body
let _postData = Object.assign({}, opts.body, opts.data);
if (opts['useChunk'] == 1) {
logger.debug("request with Chunked");
let _postarr = [];
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
//let _postData = Object.assign({}, opts.body, opts.data);

if(getFlag==0){
if (opts['useChunk'] == 1) {
logger.debug("request with Chunked");
let _postarr = [];
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
}
}
}
let antstream = new AntRead(_postarr.join("&"), {
'step': parseInt(opts['chunkStepMin']),
'stepmax': parseInt(opts['chunkStepMax'])
});
let _datasuccess = false; // 表示是否是 404 类shell
_request
.proxy(APROXY_CONF['uri'])
.type('form')
// .set('Content-Type', 'application/x-www-form-urlencoded')
.timeout(opts.timeout || REQ_TIMEOUT)
.ignoreHTTPS(opts['ignoreHTTPS'])
.parse((res, callback) => {
this.parse(opts['tag_s'], opts['tag_e'], (chunk) => {
event
.sender
.send('request-chunk-' + opts['hash'], chunk);
}, res, (err, ret) => {
let buff = ret ?
ret :
let antstream = new AntRead(_postarr.join("&"), {
'step': parseInt(opts['chunkStepMin']),
'stepmax': parseInt(opts['chunkStepMax'])
});
let _datasuccess = false; // 表示是否是 404 类shell
_request
.proxy(APROXY_CONF['uri'])
.type('form')
// .set('Content-Type', 'application/x-www-form-urlencoded')
.timeout(opts.timeout || REQ_TIMEOUT)
.ignoreHTTPS(opts['ignoreHTTPS'])
.parse((res, callback) => {
this.parse(opts['tag_s'], opts['tag_e'], (chunk) => {
event
.sender
.send('request-chunk-' + opts['hash'], chunk);
}, res, (err, ret) => {
let buff = ret ?
ret :
Buffer.from();
// 自动猜测编码
let encoding = detectEncoding(buff, {
defaultEncoding: "unknown"
});
logger.debug("detect encoding:", encoding);
encoding = encoding != "unknown" ?
encoding :
opts['encode'];
let text = iconv.decode(buff, encoding);
if (err && text == "") {
return event
.sender
.send('request-error-' + opts['hash'], err);
};
// 回调数据
event
.sender
.send('request-' + opts['hash'], {
text: text,
buff: buff,
encoding: encoding
});
_datasuccess = true;
callback(null, ret);
});
})
.on('error', (err) => {
if (_datasuccess == false) {
return event
.sender
.send('request-error-' + opts['hash'], err);
}
});
antstream.pipe(_request);
} else {
// 通过替换函数方式来实现发包方式切换, 后续可改成别的
const old_send = _request.send;
let _postarr = [];
if (opts['useMultipart'] == 1) {
_request.send = _request.field;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = (_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
});
_postarr[key] = _tmp;
}
}
} else {
if(opts['addMassData']==1){
for (let i = 0; i < randomInt(num_min, num_max); i++) { //将混淆流量放入到payload数组中
_postData[randomString(randomInt(varname_min, varname_max))] = randomString(randomInt(data_min, data_max));
}
_postData=randomDict(_postData);
//logger.debug(_postData);
}
_request.send = old_send;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
}
}
//console.log(_postarr);
//logger.debug(_postarr);
_postarr = _postarr.join('&');
}
_request
.proxy(APROXY_CONF['uri'])
.type('form')
// 超时
.timeout(opts.timeout || REQ_TIMEOUT)
// 忽略HTTPS
.ignoreHTTPS(opts['ignoreHTTPS'])
.send(_postarr)
.buffer(true)
.parse((res, callback) => {
this.parse(opts['tag_s'], opts['tag_e'], (chunk) => {
event
.sender
.send('request-chunk-' + opts['hash'], chunk);
}, res, callback);
})
.end((err, ret) => {
if (!ret) {
// 请求失败 TIMEOUT
return event
.sender
.send('request-error-' + opts['hash'], err);
}
let buff = ret.hasOwnProperty('body') ?
ret.body :
Buffer.from();
// 解码
let text = "";
// 自动猜测编码
let encoding = detectEncoding(buff, {
defaultEncoding: "unknown"
Expand All @@ -158,7 +270,7 @@ class Request {
encoding = encoding != "unknown" ?
encoding :
opts['encode'];
let text = iconv.decode(buff, encoding);
text = iconv.decode(buff, encoding);
if (err && text == "") {
return event
.sender
Expand All @@ -172,104 +284,61 @@ class Request {
buff: buff,
encoding: encoding
});
_datasuccess = true;
callback(null, ret);
});
})
.on('error', (err) => {
if (_datasuccess == false) {
return event
.sender
.send('request-error-' + opts['hash'], err);
}
});
antstream.pipe(_request);
} else {
// 通过替换函数方式来实现发包方式切换, 后续可改成别的
const old_send = _request.send;
let _postarr = [];
if (opts['useMultipart'] == 1) {
_request.send = _request.field;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = (_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
});
_postarr[key] = _tmp;
}
}
} else {
if(opts['addMassData']==1){
for (let i = 0; i < randomInt(num_min, num_max); i++) { //将混淆流量放入到payload数组中
_postData[randomString(randomInt(varname_min, varname_max))] = randomString(randomInt(data_min, data_max));
}
_postData=randomDict(_postData);
//logger.debug(_postData);
}
_request.send = old_send;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
}
}
//console.log(_postarr);
//logger.debug(_postarr);
_postarr = _postarr.join('&');
}
}else{
//GET请求
_request
.proxy(APROXY_CONF['uri'])
.type('form')
// 超时
.timeout(opts.timeout || REQ_TIMEOUT)
// 忽略HTTPS
.ignoreHTTPS(opts['ignoreHTTPS'])
.send(_postarr)
.buffer(true)
.parse((res, callback) => {
this.parse(opts['tag_s'], opts['tag_e'], (chunk) => {
event
.sender
.send('request-chunk-' + opts['hash'], chunk);
}, res, callback);
})
.end((err, ret) => {
if (!ret) {
// 请求失败 TIMEOUT
return event
.sender
.send('request-error-' + opts['hash'], err);
}
let buff = ret.hasOwnProperty('body') ?
ret.body :
Buffer.from();
// 解码
let text = "";
// 自动猜测编码
let encoding = detectEncoding(buff, {
defaultEncoding: "unknown"
});
logger.debug("detect encoding:", encoding);
encoding = encoding != "unknown" ?
encoding :
opts['encode'];
text = iconv.decode(buff, encoding);
if (err && text == "") {
return event
.sender
.send('request-error-' + opts['hash'], err);
};
// 回调数据
.proxy(APROXY_CONF['uri'])
//.type('form')
// 超时
.timeout(opts.timeout || REQ_TIMEOUT)
// 忽略HTTPS
.ignoreHTTPS(opts['ignoreHTTPS'])
//.send(_postarr)
.buffer(true)
.parse((res, callback) => {
this.parse(opts['tag_s'], opts['tag_e'], (chunk) => {
event
.sender
.send('request-' + opts['hash'], {
text: text,
buff: buff,
encoding: encoding
});
.send('request-chunk-' + opts['hash'], chunk);
}, res, callback);
})
.end((err, ret) => {
if (!ret) {
// 请求失败 TIMEOUT
return event
.sender
.send('request-error-' + opts['hash'], err);
}
let buff = ret.hasOwnProperty('body') ?
ret.body :
Buffer.from();
// 解码
let text = "";
// 自动猜测编码
let encoding = detectEncoding(buff, {
defaultEncoding: "unknown"
});
logger.debug("detect encoding:", encoding);
encoding = encoding != "unknown" ?
encoding :
opts['encode'];
text = iconv.decode(buff, encoding);
if (err && text == "") {
return event
.sender
.send('request-error-' + opts['hash'], err);
};
// 回调数据
event
.sender
.send('request-' + opts['hash'], {
text: text,
buff: buff,
encoding: encoding
});
});
}
}

Expand Down
1 change: 1 addition & 0 deletions source/core/base.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ class Base {
*/
rsaEncrypt() {
let key = new NodeRSA();
key.setOptions({encryptionScheme: 'pkcs1'});
try {
let priKey = fs.readFileSync(path.join(remote.process.env.AS_WORKDIR, `antData/key_rsa`));
if (priKey.length > 0) {
Expand Down
Loading