mirror of https://github.com/qwqdanchun/fscan.git
优化poc模块正则Set-Cookie时的结果
This commit is contained in:
parent
ecb0cd9e5f
commit
0f01d63d8a
|
@ -148,7 +148,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) {
|
||||||
variableMap["response"] = resp
|
variableMap["response"] = resp
|
||||||
// 先判断响应页面是否匹配search规则
|
// 先判断响应页面是否匹配search规则
|
||||||
if rule.Search != "" {
|
if rule.Search != "" {
|
||||||
result := doSearch(strings.TrimSpace(rule.Search), GetHeader(resp.Headers)+string(resp.Body))
|
result := doSearch(rule.Search, GetHeader(resp.Headers)+string(resp.Body))
|
||||||
if result != nil && len(result) > 0 { // 正则匹配成功
|
if result != nil && len(result) > 0 { // 正则匹配成功
|
||||||
for k, v := range result {
|
for k, v := range result {
|
||||||
variableMap[k] = v
|
variableMap[k] = v
|
||||||
|
@ -202,6 +202,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) {
|
||||||
func doSearch(re string, body string) map[string]string {
|
func doSearch(re string, body string) map[string]string {
|
||||||
r, err := regexp.Compile(re)
|
r, err := regexp.Compile(re)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
fmt.Println("[-] regexp.Compile error: ", err)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
result := r.FindStringSubmatch(body)
|
result := r.FindStringSubmatch(body)
|
||||||
|
@ -210,7 +211,11 @@ func doSearch(re string, body string) map[string]string {
|
||||||
paramsMap := make(map[string]string)
|
paramsMap := make(map[string]string)
|
||||||
for i, name := range names {
|
for i, name := range names {
|
||||||
if i > 0 && i <= len(result) {
|
if i > 0 && i <= len(result) {
|
||||||
paramsMap[name] = result[i]
|
if strings.HasPrefix(re, "Set-Cookie:") && strings.Contains(name, "cookie") {
|
||||||
|
paramsMap[name] = optimizeCookies(result[i])
|
||||||
|
} else {
|
||||||
|
paramsMap[name] = result[i]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return paramsMap
|
return paramsMap
|
||||||
|
@ -218,6 +223,23 @@ func doSearch(re string, body string) map[string]string {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func optimizeCookies(rawCookie string) (output string) {
|
||||||
|
// Parse the cookies
|
||||||
|
parsedCookie := strings.Split(rawCookie, "; ")
|
||||||
|
for _, c := range parsedCookie {
|
||||||
|
nameVal := strings.Split(c, "=")
|
||||||
|
if len(nameVal) >= 2 {
|
||||||
|
switch strings.ToLower(nameVal[0]) {
|
||||||
|
case "expires", "max-age", "path", "domain", "version", "comment", "secure", "samesite", "httponly":
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
output += fmt.Sprintf("%s=%s; ", nameVal[0], strings.Join(nameVal[1:], "="))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
func newReverse() *Reverse {
|
func newReverse() *Reverse {
|
||||||
letters := "1234567890abcdefghijklmnopqrstuvwxyz"
|
letters := "1234567890abcdefghijklmnopqrstuvwxyz"
|
||||||
randSource := rand.New(rand.NewSource(time.Now().UnixNano()))
|
randSource := rand.New(rand.NewSource(time.Now().UnixNano()))
|
||||||
|
|
|
@ -30,6 +30,9 @@ func NewEnv(c *CustomLib) (*cel.Env, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func Evaluate(env *cel.Env, expression string, params map[string]interface{}) (ref.Val, error) {
|
func Evaluate(env *cel.Env, expression string, params map[string]interface{}) (ref.Val, error) {
|
||||||
|
if expression == "" {
|
||||||
|
return types.Bool(true), nil
|
||||||
|
}
|
||||||
ast, iss := env.Compile(expression)
|
ast, iss := env.Compile(expression)
|
||||||
if iss.Err() != nil {
|
if iss.Err() != nil {
|
||||||
//fmt.Printf("compile: ", iss.Err())
|
//fmt.Printf("compile: ", iss.Err())
|
||||||
|
@ -105,7 +108,7 @@ func NewEnvOption() CustomLib {
|
||||||
cel.Declarations(
|
cel.Declarations(
|
||||||
decls.NewIdent("request", decls.NewObjectType("lib.Request"), nil),
|
decls.NewIdent("request", decls.NewObjectType("lib.Request"), nil),
|
||||||
decls.NewIdent("response", decls.NewObjectType("lib.Response"), nil),
|
decls.NewIdent("response", decls.NewObjectType("lib.Response"), nil),
|
||||||
//decls.NewIdent("reverse", decls.NewObjectType("lib.Reverse"), nil),
|
decls.NewIdent("reverse", decls.NewObjectType("lib.Reverse"), nil),
|
||||||
),
|
),
|
||||||
cel.Declarations(
|
cel.Declarations(
|
||||||
// functions
|
// functions
|
||||||
|
@ -625,7 +628,7 @@ func DoRequest(req *http.Request, redirect bool) (*Response, error) {
|
||||||
resp, err := ParseResponse(oResp)
|
resp, err := ParseResponse(oResp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
common.LogError("[-]ParseResponse error: " + err.Error())
|
common.LogError("[-]ParseResponse error: " + err.Error())
|
||||||
return nil, err
|
//return nil, err
|
||||||
}
|
}
|
||||||
return resp, err
|
return resp, err
|
||||||
}
|
}
|
||||||
|
@ -675,42 +678,20 @@ func ParseResponse(oResp *http.Response) (*Response, error) {
|
||||||
resp.Headers = header
|
resp.Headers = header
|
||||||
resp.ContentType = oResp.Header.Get("Content-Type")
|
resp.ContentType = oResp.Header.Get("Content-Type")
|
||||||
body, err := getRespBody(oResp)
|
body, err := getRespBody(oResp)
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
resp.Body = body
|
resp.Body = body
|
||||||
return &resp, nil
|
return &resp, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func getRespBody(oResp *http.Response) ([]byte, error) {
|
func getRespBody(oResp *http.Response) (body []byte, err error) {
|
||||||
var body []byte
|
body, err = io.ReadAll(oResp.Body)
|
||||||
if oResp.Header.Get("Content-Encoding") == "gzip" {
|
if strings.Contains(oResp.Header.Get("Content-Encoding"), "gzip") {
|
||||||
gr, err := gzip.NewReader(oResp.Body)
|
reader, err1 := gzip.NewReader(bytes.NewReader(body))
|
||||||
if err != nil {
|
if err1 == nil {
|
||||||
if err == io.EOF {
|
body, err = io.ReadAll(reader)
|
||||||
err = nil
|
|
||||||
}
|
|
||||||
return nil, err
|
|
||||||
}
|
}
|
||||||
defer gr.Close()
|
|
||||||
for {
|
|
||||||
buf := make([]byte, 1024)
|
|
||||||
n, err := gr.Read(buf)
|
|
||||||
if err != nil && err != io.EOF {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if n == 0 {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
body = append(body, buf...)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
raw, err := ioutil.ReadAll(io.LimitReader(oResp.Body, 10240))
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
defer oResp.Body.Close()
|
|
||||||
body = raw
|
|
||||||
}
|
}
|
||||||
return body, nil
|
if err == io.EOF {
|
||||||
|
err = nil
|
||||||
|
}
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue