admin/spray
1
0
Fork 0
mirror of https://github.com/chainreactors/spray.git synced 2025-06-21 18:30:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

enhance: skip not same host redirect

Browse Source
This commit is contained in:
M09Ic 2024-10-30 16:11:05 +08:00
parent 5cb9aa119d
commit 0ca5c02de7
2 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
internal/pool/brutepool.go
View File

@ -315,7 +315,7 @@ func (pool *BrutePool) Invoke(v interface{}) {
// 手动处理重定向 // 手动处理重定向
if bl.IsValid && unit.source != parsers.CheckSource && bl.RedirectURL != "" { if bl.IsValid && unit.source != parsers.CheckSource && bl.RedirectURL != "" {
//pool.wg.Add(1) bl.SameDomain = pool.checkHost(bl.RedirectURL)
pool.doRedirect(bl, unit.depth) pool.doRedirect(bl, unit.depth)
} }
@ -508,7 +508,7 @@ func (pool *BrutePool) Handler() {
func (pool *BrutePool) checkRedirect(redirectURL string) bool { func (pool *BrutePool) checkRedirect(redirectURL string) bool {
if pool.random.RedirectURL == "" { if pool.random.RedirectURL == "" {
// 如果random的redirectURL为空, 此时该项 // 如果random的redirectURL为空, 忽略
return true return true
} }
@ -562,7 +562,9 @@ func (pool *BrutePool) PreCompare(resp *ihttp.Response) error {
return nil return nil
} }
func (pool *BrutePool) checkHostname(u string) bool { // same host return true
// diff host return false
func (pool *BrutePool) checkHost(u string) bool {
if v, err := url.Parse(u); err == nil { if v, err := url.Parse(u); err == nil {
if v.Host == "" { if v.Host == "" {
return true return true
@ -582,8 +584,19 @@ func (pool *BrutePool) BaseCompare(bl *pkg.Baseline) bool {
} }
var status = -1 var status = -1
// 30x状态码的特殊处理
if bl.RedirectURL != "" {
if bl.SameDomain && strings.HasSuffix(bl.RedirectURL, bl.Url.Path+"/") {
bl.Reason = pkg.ErrFuzzyRedirect.Error()
return false
}
}
// 使用与baseline相同状态码, 需要在fuzzystatus中提前配置 // 使用与baseline相同状态码, 需要在fuzzystatus中提前配置
base, ok := pool.baselines[bl.Status] // 挑选对应状态码的baseline进行compare base, ok := pool.baselines[bl.Status] // 挑选对应状态码的baseline进行compare
if bl.IsBaseline {
ok = false
}
if !ok { if !ok {
if pool.random.Status == bl.Status { if pool.random.Status == bl.Status {
// 当other的状态码与base相同时, 会使用base // 当other的状态码与base相同时, 会使用base
@ -596,15 +609,7 @@ func (pool *BrutePool) BaseCompare(bl *pkg.Baseline) bool {
} }
} }
// 30x状态码的特殊处理 if ok {
if bl.RedirectURL != "" {
if pool.checkHostname(bl.RedirectURL) && strings.HasSuffix(bl.RedirectURL, bl.Url.Path+"/") {
bl.Reason = pkg.ErrFuzzyRedirect.Error()
return false
}
}
if ok && !bl.IsBaseline {
if status = base.Compare(bl); status == 1 { if status = base.Compare(bl); status == 1 {
bl.Reason = pkg.ErrCompareFailed.Error() bl.Reason = pkg.ErrCompareFailed.Error()
return false return false
@ -704,6 +709,9 @@ func (pool *BrutePool) doRedirect(bl *pkg.Baseline, depth int) {
if depth >= pool.MaxRedirect { if depth >= pool.MaxRedirect {
return return
} }
if !bl.SameDomain {
return // 不同域名的重定向不处理
}
reURL := pkg.FormatURL(bl.Url.Path, bl.RedirectURL) reURL := pkg.FormatURL(bl.Url.Path, bl.RedirectURL)
pool.wg.Add(1) pool.wg.Add(1)
go func() { go func() {

1
pkg/baseline.go
View File

@ -125,6 +125,7 @@ type Baseline struct {
URLs []string `json:"-"` URLs []string `json:"-"`
Collected bool `json:"-"` Collected bool `json:"-"`
Retry int `json:"-"` Retry int `json:"-"`
SameDomain bool `json:"-"`
IsBaseline bool `json:"-"` IsBaseline bool `json:"-"`
} }