admin/spray
1
0
Fork 0
mirror of https://github.com/chainreactors/spray.git synced 2025-09-15 11:40:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

添加周期性waf检查和连通性检查

Browse Source
This commit is contained in:
M09Ic 2022-09-23 01:39:00 +08:00
parent fd299db8c4
commit 4687a7cf1b
1 changed files with 39 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
internal/pool.go
View File

@ -21,13 +21,15 @@ var (
func NewPool(ctx context.Context, config *pkg.Config, outputCh chan *baseline) (*Pool, error) { func NewPool(ctx context.Context, config *pkg.Config, outputCh chan *baseline) (*Pool, error) {
pctx, cancel := context.WithCancel(ctx) pctx, cancel := context.WithCancel(ctx)
pool := &Pool{ pool := &Pool{
Config: config, Config: config,
ctx: pctx, ctx: pctx,
client: pkg.NewClient(config.Thread, 2), client: pkg.NewClient(config.Thread, 2),
worder: words.NewWorder(config.Wordlist), worder: words.NewWorder(config.Wordlist),
outputCh: outputCh, outputCh: outputCh,
tempCh: make(chan *baseline, config.Thread), tempCh: make(chan *baseline, config.Thread),
wg: &sync.WaitGroup{}, wg: &sync.WaitGroup{},
checkPeriod: 100,
errPeriod: 10,
} }
switch config.Mod { switch config.Mod {
@ -71,7 +73,15 @@ func NewPool(ctx context.Context, config *pkg.Config, outputCh chan *baseline) (
switch unit.source { switch unit.source {
case CheckSource: case CheckSource:
pool.baseline = bl if pool.baseline == nil {
//初次check覆盖baseline
pool.baseline = bl
} else if bl.Err != nil {
logs.Log.Warn("maybe ip banned by waf")
} else if !pool.baseline.Equal(bl) {
logs.Log.Warn("maybe trigger risk control")
}
case WordSource: case WordSource:
// 异步进行性能消耗较大的深度对比 // 异步进行性能消耗较大的深度对比
pool.tempCh <- bl pool.tempCh <- bl
@ -95,23 +105,28 @@ type Pool struct {
bar *pkg.Bar bar *pkg.Bar
ctx context.Context ctx context.Context
//baseReq *http.Request //baseReq *http.Request
baseline *baseline baseline *baseline
outputCh chan *baseline outputCh chan *baseline
tempCh chan *baseline tempCh chan *baseline
totalCount int reqCount int
errorCount int errorCount int
genReq func(s string) (*fasthttp.Request, error) checkPeriod int
errPeriod int
genReq func(s string) (*fasthttp.Request, error)
//wordlist []string //wordlist []string
worder *words.Worder worder *words.Worder
wg *sync.WaitGroup wg *sync.WaitGroup
} }
func (p *Pool) Init() error { func (p *Pool) check() {
//for i := 0; i < p.baseReqCount; i++ {
p.wg.Add(1) p.wg.Add(1)
_ = p.pool.Invoke(newUnit(pkg.RandPath(), CheckSource)) _ = p.pool.Invoke(newUnit(pkg.RandPath(), CheckSource))
//} //}
p.wg.Wait() p.wg.Wait()
}
func (p *Pool) Init() error {
p.check()
// todo 分析baseline // todo 分析baseline
// 检测基本访问能力 // 检测基本访问能力
@ -119,6 +134,8 @@ func (p *Pool) Init() error {
return p.baseline.Err return p.baseline.Err
} }
p.baseline.Collect()
if p.baseline.RedirectURL != "" { if p.baseline.RedirectURL != "" {
CheckRedirect = func(redirectURL string) bool { CheckRedirect = func(redirectURL string) bool {
if redirectURL == p.baseline.RedirectURL { if redirectURL == p.baseline.RedirectURL {
@ -143,8 +160,13 @@ Loop:
if !ok { if !ok {
break Loop break Loop
} }
p.totalCount++ p.reqCount++
p.wg.Add(1) p.wg.Add(1)
if p.reqCount%p.checkPeriod == 0 {
go p.check()
} else if p.reqCount%p.errPeriod == 0 {
go p.check()
}
_ = p.pool.Invoke(newUnit(u, WordSource)) _ = p.pool.Invoke(newUnit(u, WordSource))
case <-time.NewTimer(time.Duration(p.DeadlineTime) * time.Second).C: case <-time.NewTimer(time.Duration(p.DeadlineTime) * time.Second).C:
break Loop break Loop