admin/spray
1
0
Fork 0
mirror of https://github.com/chainreactors/spray.git synced 2025-09-15 19:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

支持跟随重定向

Browse Source
This commit is contained in:
M09Ic 2022-11-29 21:55:27 +08:00
parent 0233c3017b
commit fed6fbb3ae
3 changed files with 52 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
internal/pool.go
View File

@ -23,6 +23,7 @@ var (
) )
var max = 2147483647 var max = 2147483647
var maxRedirect = 3
func NewPool(ctx context.Context, config *pkg.Config) (*Pool, error) { func NewPool(ctx context.Context, config *pkg.Config) (*Pool, error) {
pctx, cancel := context.WithCancel(ctx) pctx, cancel := context.WithCancel(ctx)
@ -92,15 +93,22 @@ func NewPool(ctx context.Context, config *pkg.Config) (*Pool, error) {
bl = &pkg.Baseline{UrlString: pool.BaseURL + unit.path, IsValid: false, ErrString: reqerr.Error(), Reason: ErrRequestFailed.Error()} bl = &pkg.Baseline{UrlString: pool.BaseURL + unit.path, IsValid: false, ErrString: reqerr.Error(), Reason: ErrRequestFailed.Error()}
pool.failedBaselines = append(pool.failedBaselines, bl) pool.failedBaselines = append(pool.failedBaselines, bl)
} else { } else {
if unit.source != WordSource { if unit.source != WordSource && unit.source != RedirectSource {
bl = pkg.NewBaseline(req.URI(), req.Host(), resp) bl = pkg.NewBaseline(req.URI(), req.Host(), resp)
} else { } else {
if unit.source != WordSource || pool.MatchExpr != nil { if pool.MatchExpr != nil {
// 如果非wordsource, 或自定义了match函数, 则所有数据送入tempch中 // 如果非wordsource, 或自定义了match函数, 则所有数据送入tempch中
bl = pkg.NewBaseline(req.URI(), req.Host(), resp) bl = pkg.NewBaseline(req.URI(), req.Host(), resp)
} else if err = pool.PreCompare(resp); err == nil { } else if err = pool.PreCompare(resp); err == nil {
// 通过预对比跳过一些无用数据, 减少性能消耗 // 通过预对比跳过一些无用数据, 减少性能消耗
bl = pkg.NewBaseline(req.URI(), req.Host(), resp) bl = pkg.NewBaseline(req.URI(), req.Host(), resp)
if err != ErrRedirect && bl.RedirectURL != "" {
if bl.RedirectURL != "" && !strings.HasPrefix(bl.RedirectURL, "http") {
bl.RedirectURL = "/" + strings.TrimLeft(bl.RedirectURL, "/")
bl.RedirectURL = pool.BaseURL + bl.RedirectURL
}
pool.addRedirect(bl, unit.reCount)
}
pool.addFuzzyBaseline(bl) pool.addFuzzyBaseline(bl)
} else { } else {
bl = pkg.NewInvalidBaseline(req.URI(), req.Host(), resp, err.Error()) bl = pkg.NewInvalidBaseline(req.URI(), req.Host(), resp, err.Error())
@ -149,6 +157,9 @@ func NewPool(ctx context.Context, config *pkg.Config) (*Pool, error) {
go pool.check() go pool.check()
} }
pool.bar.Done() pool.bar.Done()
case RedirectSource:
bl.FrontURL = unit.frontUrl
pool.tempCh <- bl
} }
}) })
@ -234,7 +245,7 @@ func (p *Pool) Init() error {
// 自定协议升级 // 自定协议升级
// 某些网站http会重定向到https, 如果发现随机目录出现这种情况, 则自定将baseurl升级为https // 某些网站http会重定向到https, 如果发现随机目录出现这种情况, 则自定将baseurl升级为https
rurl, err := url.Parse(p.base.RedirectURL) rurl, err := url.Parse(p.base.RedirectURL)
if err == nil && rurl.Host == p.base.Url.Host && p.base.Url.Scheme == "http" && rurl.Scheme == "https" { if err == nil && rurl.Hostname() == p.base.Url.Hostname() && p.base.Url.Scheme == "http" && rurl.Scheme == "https" {
logs.Log.Importantf("baseurl %s upgrade http to https", p.BaseURL) logs.Log.Importantf("baseurl %s upgrade http to https", p.BaseURL)
p.BaseURL = strings.Replace(p.BaseURL, "http", "https", 1) p.BaseURL = strings.Replace(p.BaseURL, "http", "https", 1)
} }
@ -260,6 +271,22 @@ func (p *Pool) Init() error {
return nil return nil
} }
func (p *Pool) addRedirect(bl *pkg.Baseline, reCount int) {
if reCount >= maxRedirect {
return
}
if uu, err := url.Parse(bl.RedirectURL); err == nil && uu.Hostname() == p.index.Url.Hostname() {
p.wg.Add(1)
_ = p.pool.Invoke(&Unit{
path: uu.Path,
source: RedirectSource,
frontUrl: bl.UrlString,
reCount: reCount + 1,
})
}
}
func (p *Pool) Run(ctx context.Context, offset, limit int) { func (p *Pool) Run(ctx context.Context, offset, limit int) {
p.Statistor.Offset = offset p.Statistor.Offset = offset
Loop: Loop:
@ -316,7 +343,7 @@ func (p *Pool) PreCompare(resp *ihttp.Response) error {
return ErrWaf return ErrWaf
} }
if CheckRedirect != nil && !CheckRedirect(string(resp.GetHeader("Location"))) { if CheckRedirect != nil && !CheckRedirect(resp.GetHeader("Location")) {
return ErrRedirect return ErrRedirect
} }

3
internal/types.go
View File

@ -45,6 +45,7 @@ const (
CheckSource sourceType = iota + 1 CheckSource sourceType = iota + 1
InitRandomSource InitRandomSource
InitIndexSource InitIndexSource
RedirectSource
WordSource WordSource
WafSource WafSource
) )
@ -56,4 +57,6 @@ func newUnit(path string, source sourceType) *Unit {
type Unit struct { type Unit struct {
path string path string
source sourceType source sourceType
frontUrl string
reCount int
} }

22
pkg/baseline.go
View File

@ -68,9 +68,9 @@ type Baseline struct {
Header []byte `json:"-"` Header []byte `json:"-"`
Raw []byte `json:"-"` Raw []byte `json:"-"`
HeaderLength int `json:"header_length"` HeaderLength int `json:"header_length"`
RedirectURL string `json:"redirect_url"` RedirectURL string `json:"redirect_url,omitempty"`
FrontURL string `json:"front_url,omitempty"`
Status int `json:"status"` Status int `json:"status"`
IsDynamicUrl bool `json:"is_dynamic_url"` // 判断是否存在动态的url
Spended int `json:"spended"` // 耗时, 毫秒 Spended int `json:"spended"` // 耗时, 毫秒
Title string `json:"title"` Title string `json:"title"`
Frameworks Frameworks `json:"frameworks"` Frameworks Frameworks `json:"frameworks"`
@ -183,6 +183,11 @@ func (bl *Baseline) Additional(key string) string {
func (bl *Baseline) Format(probes []string) string { func (bl *Baseline) Format(probes []string) string {
var line strings.Builder var line strings.Builder
if bl.FrontURL != "" {
line.WriteString("\t")
line.WriteString(bl.FrontURL)
line.WriteString(" -> ")
}
line.WriteString(bl.UrlString) line.WriteString(bl.UrlString)
if bl.Host != "" { if bl.Host != "" {
line.WriteString(" (" + bl.Host + ")") line.WriteString(" (" + bl.Host + ")")
@ -208,7 +213,11 @@ func (bl *Baseline) Format(probes []string) string {
func (bl *Baseline) String() string { func (bl *Baseline) String() string {
var line strings.Builder var line strings.Builder
//line.WriteString("[+] ") if bl.FrontURL != "" {
line.WriteString("\t")
line.WriteString(bl.FrontURL)
line.WriteString(" --> ")
}
line.WriteString(bl.UrlString) line.WriteString(bl.UrlString)
if bl.Host != "" { if bl.Host != "" {
line.WriteString(" (" + bl.Host + ")") line.WriteString(" (" + bl.Host + ")")
@ -230,14 +239,13 @@ func (bl *Baseline) String() string {
line.WriteString(strconv.Itoa(bl.Status)) line.WriteString(strconv.Itoa(bl.Status))
line.WriteString(" - ") line.WriteString(" - ")
line.WriteString(strconv.Itoa(bl.BodyLength)) line.WriteString(strconv.Itoa(bl.BodyLength))
line.WriteString(bl.Additional("title"))
line.WriteString(bl.Frameworks.ToString())
if bl.RedirectURL != "" { if bl.RedirectURL != "" {
line.WriteString(" -> ") line.WriteString(" --> ")
line.WriteString(bl.RedirectURL) line.WriteString(bl.RedirectURL)
line.WriteString(" ") line.WriteString(" ")
} }
line.WriteString(bl.Additional("title"))
line.WriteString(bl.Frameworks.ToString())
return line.String() return line.String()
} }