2025-01-16 10:32:36 +08:00
|
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
2025-02-18 18:16:48 +08:00
|
|
|
|
"encoding/json"
|
2025-01-16 10:32:36 +08:00
|
|
|
|
"fmt"
|
|
|
|
|
|
"io"
|
|
|
|
|
|
"log"
|
|
|
|
|
|
"net/http"
|
|
|
|
|
|
"net/url"
|
|
|
|
|
|
"strings"
|
|
|
|
|
|
"time"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
2025-02-18 18:16:48 +08:00
|
|
|
|
type Result struct {
|
|
|
|
|
|
Host string `json:"host"` // JSON 标签用于自定义字段名
|
|
|
|
|
|
Path string `json:"path"`
|
|
|
|
|
|
Result string `json:"result"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-01-16 10:32:36 +08:00
|
|
|
|
func scan() {
|
|
|
|
|
|
for {
|
|
|
|
|
|
time.Sleep(3 * time.Second)
|
|
|
|
|
|
logs.Range(func(key any, value any) bool {
|
|
|
|
|
|
// fmt.Println("The type of x is", reflect.TypeOf(value))
|
|
|
|
|
|
var r *RequestResponseLog
|
|
|
|
|
|
if rr, ok := value.(*RequestResponseLog); ok {
|
|
|
|
|
|
r = rr
|
|
|
|
|
|
} else {
|
|
|
|
|
|
fmt.Printf("Value is not of type RequestResponseLog\n")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// fmt.Println(r)
|
|
|
|
|
|
if r.Request.Header != nil && r.Response.Header != nil {
|
2025-02-18 18:16:48 +08:00
|
|
|
|
|
|
|
|
|
|
result, err := sendHTTPAndKimi(r) // 主要
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
fmt.Println(err)
|
|
|
|
|
|
} else {
|
|
|
|
|
|
var resultOutput Result
|
|
|
|
|
|
resultOutput.Host = r.Request.URL.Host
|
|
|
|
|
|
resultOutput.Path = r.Request.URL.Path
|
|
|
|
|
|
resultOutput.Result = result
|
|
|
|
|
|
jsonData, err := json.Marshal(resultOutput)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
log.Fatalf("Error marshaling to JSON: %v", err)
|
|
|
|
|
|
}
|
|
|
|
|
|
logs.Delete(key)
|
|
|
|
|
|
fmt.Println(string(jsonData))
|
|
|
|
|
|
return true // 返回true继续遍历,返回false停止遍历
|
|
|
|
|
|
}
|
2025-01-16 10:32:36 +08:00
|
|
|
|
}
|
|
|
|
|
|
return true
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-02-18 18:16:48 +08:00
|
|
|
|
func sendHTTPAndKimi(r *RequestResponseLog) (string, error) {
|
2025-01-16 10:32:36 +08:00
|
|
|
|
resp1 := string(r.Response.Body)
|
|
|
|
|
|
|
|
|
|
|
|
fullURL := &url.URL{
|
|
|
|
|
|
Scheme: r.Request.URL.Scheme,
|
|
|
|
|
|
Host: r.Request.URL.Host,
|
|
|
|
|
|
Path: r.Request.URL.Path,
|
|
|
|
|
|
RawQuery: r.Request.URL.RawQuery,
|
|
|
|
|
|
}
|
|
|
|
|
|
// fmt.Println(fullURL.String())
|
|
|
|
|
|
if isNotSuffix(fullURL.String(), suffixes) {
|
|
|
|
|
|
req, err := http.NewRequest(r.Request.Method, fullURL.String(), strings.NewReader(string(r.Request.Body)))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
fmt.Println("创建请求失败:", err)
|
2025-02-18 18:16:48 +08:00
|
|
|
|
return "", err
|
2025-01-16 10:32:36 +08:00
|
|
|
|
}
|
|
|
|
|
|
req.Header = r.Request.Header
|
|
|
|
|
|
req.Header.Set("Cookie", cookie2)
|
|
|
|
|
|
client := &http.Client{}
|
|
|
|
|
|
resp, err := client.Do(req)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
fmt.Println("请求失败:", err)
|
2025-02-18 18:16:48 +08:00
|
|
|
|
return "", err
|
2025-01-16 10:32:36 +08:00
|
|
|
|
}
|
|
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
bodyBytes, err := io.ReadAll(resp.Body)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
fmt.Println("Error reading response body:", err)
|
2025-02-18 18:16:48 +08:00
|
|
|
|
return "", err
|
2025-01-16 10:32:36 +08:00
|
|
|
|
}
|
|
|
|
|
|
// 将响应体转换为字符串
|
|
|
|
|
|
resp2 := string(bodyBytes)
|
|
|
|
|
|
// 输出响应体字符串
|
|
|
|
|
|
fmt.Println("Response1 Body:", resp1)
|
|
|
|
|
|
fmt.Println("Response2 Body:", resp2)
|
2025-02-06 15:37:33 +08:00
|
|
|
|
result, err := detectPrivilegeEscalation(AI, resp1, resp2)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
fmt.Println("Error:", err)
|
2025-02-18 18:16:48 +08:00
|
|
|
|
return "", err
|
2025-01-16 10:32:36 +08:00
|
|
|
|
}
|
2025-02-18 18:16:48 +08:00
|
|
|
|
// log.Println("Result:", result)
|
|
|
|
|
|
return result, nil
|
2025-01-16 10:32:36 +08:00
|
|
|
|
|
2025-02-18 18:16:48 +08:00
|
|
|
|
}
|
|
|
|
|
|
return "白名单后缀接口", nil
|
2025-01-16 10:32:36 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2025-02-06 15:37:33 +08:00
|
|
|
|
func detectPrivilegeEscalation(AI string, resp1, resp2 string) (string, error) {
|
|
|
|
|
|
var result string
|
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
|
|
|
|
switch AI {
|
|
|
|
|
|
case "kimi":
|
2025-02-18 18:20:26 +08:00
|
|
|
|
result, err = kimi(resp1, resp2) // 调用 kimi 检测是否越权
|
2025-02-06 15:37:33 +08:00
|
|
|
|
case "deepseek":
|
2025-02-18 18:20:26 +08:00
|
|
|
|
result, err = deepSeek(resp1, resp2) // 调用 deepSeek 检测是否越权
|
2025-02-06 15:37:33 +08:00
|
|
|
|
default:
|
2025-02-18 18:20:26 +08:00
|
|
|
|
result, err = kimi(resp1, resp2) // 默认调用 kimi 检测是否越权
|
2025-02-06 15:37:33 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return "", err
|
|
|
|
|
|
}
|
|
|
|
|
|
return result, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-01-16 10:32:36 +08:00
|
|
|
|
func isNotSuffix(s string, suffixes []string) bool {
|
|
|
|
|
|
for _, suffix := range suffixes {
|
|
|
|
|
|
if strings.HasSuffix(s, suffix) {
|
|
|
|
|
|
return false
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
