資源簡介
XSS攻擊檢測代碼,刪除bin生成的class,直接使用src加載.java 就好了,開發采用的myeclipse,使用其他工具的注意修改,
代碼片段和文件信息
package?file;
import?java.io.IOException;
import?java.io.UnsupportedEncodingException;
import?java.net.URL;
import?java.net.URLDecoder;
import?java.util.base64;
import?java.util.regex.Matcher;
import?java.util.regex.Pattern;
import?file.FreatureExtraction;
public?class?Decode?{
/*@function?對輸入的數字進行預處理
?*?@param?:輸入的url
????*/
public?static?String?PreProcess(String?data)?throws?IOException
{
if(null==data)
{
return?null;
}
String?tmp=data;//=replaceBlank(data.toLowerCase());
tmp?=?tmp.replaceAll(“%(?![0-9a-fA-F]{2})“?“%25“);//進行預處理
String?urlStr?=?URLDecoder.decode(tmp?“UTF-8“);?//UTF8解碼
String?htmlStr=?StringUtils.unescapeHtml3(urlStr);
?? ????//base64解碼?
//?byte?[]?asbyte?=base64.getDecoder().decode(urlStr);
//?String?base64Str?=new?String(asbyte“utf-8“);
//?System.out.println(base64Str);
?tmp=replaceBlank(htmlStr).toLowerCase();
//?System.out.println(htmlStr);
?return?htmlStr.toLowerCase();
???}
/*@function?獲得數據的Http請求中的遞交參數,將參數分組;
?*@param?獲取的url
?*@return?url?get的字符分組
?*?GET?http://192.168.43.28/main.php?usr=admin&passwd=456456?HTTP/1.1
?*
?*/
public?String[]?UrlGet(String?url)?throws?IOException
{
String?array[];
String?str?=PreProcess(url);
System.out.println(str);
String?regex?=?new?String(“(\\w+):\\/\\/(.+)\\/(.+)\\?(.*)\\s*http\\/“);
Pattern?pattern??=Pattern.compile(regex);
Matcher?m?=pattern.matcher(str);
if(m.find())
{
String?Pout?=?m.group();
String?reg=?new?String(“\\?(.*)\\s*http\\/“);
Matcher?m1?=Pattern.compile(reg).matcher(Pout);
if(m1.find())
{
String?end=replaceBlank(m1.group(1)).toLowerCase();
String?regex1?=new?String(“&“);
array?=end.split(regex1);
System.out.println(end);
return?array;
}
System.out.println(Pout);
//String?regex1?=new?String(“&“);
//array?=Pout.split(regex1);
return?null;
}
else{
System.out.println(“沒有找到匹配字符“);
return?null;
}
}
/*
?*?@param:輸入的Get數據寶
?*?@return:返回捕獲的數據
?*/
//提取Header中的URL部分
static?String?GetURL(String?url)?throws?IOException
{
String?str?=PreProcess(url);
System.out.println(str);
String?regex?=?new?String(“(\\w+):\\/\\/(.+)\\/(.+)\\?(.*)\\s*http\\/“);
Pattern?pattern??=Pattern.compile(regex);
Matcher?m?=pattern.matcher(str);
if(m.find())
{
String?Pout?=?m.group();
return?Pout ;
????}
else{
return?null;
}
}
//!去掉字符川中所有的空格和字符
? ?public??static?String?replaceBlank(String?str)?{
????????String?dest?=?““;
????????if?(str!=null)?{
???????? //正則表達式
???? ????Pattern?p?=?Pattern.compile(“\\s*|\t|\r|\n|\f“);
????????????Matcher?m?=?p.matcher(str);
????????????dest?=?m.replaceAll(““);
????????}
????????return?dest;
????}
???
public?static?void?main(String[]?args)?throws?IOException?{
String?test=?new?String(“GET6787?http://comet.blog.sina.com.cn ?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件????????410??2017-03-13?15:23??XSS攻擊檢測\XSSClear\.classpath
?????文件????????387??2017-03-13?08:36??XSS攻擊檢測\XSSClear\.project
?????文件?????????74??2017-03-13?08:41??XSS攻擊檢測\XSSClear\.settings\org.eclipse.core.resources.prefs
?????文件????????598??2017-03-13?08:36??XSS攻擊檢測\XSSClear\.settings\org.eclipse.jdt.core.prefs
?????文件??????????0??2017-03-24?14:20??XSS攻擊檢測\XSSClear\data\log\log.txt
?????文件??????11963??2017-03-24?14:21??XSS攻擊檢測\XSSClear\data\result.txt
?????文件???????1838??2017-03-17?09:01??XSS攻擊檢測\XSSClear\data\Sensitive.txt
?????文件?????355043??2017-03-21?16:43??XSS攻擊檢測\XSSClear\data\test_black.txt
?????文件?????158835??2017-03-24?09:11??XSS攻擊檢測\XSSClear\data\test_white.txt
?????文件???????2852??2017-03-21?16:29??XSS攻擊檢測\XSSClear\data\train_black.txt
?????文件???????1488??2017-03-16?15:09??XSS攻擊檢測\XSSClear\data\train_white.txt
?????文件?????162575??2017-03-24?09:11??XSS攻擊檢測\XSSClear\data\white
?????文件??????48562??2017-03-23?10:41??XSS攻擊檢測\XSSClear\data\white.txt
?????文件?????174206??2017-03-13?15:23??XSS攻擊檢測\XSSClear\jgoodies-forms-1.8.0-sources.jar
?????文件?????131647??2017-03-13?15:23??XSS攻擊檢測\XSSClear\jgoodies-forms-1.8.0.jar
?????文件???????3406??2017-03-17?14:13??XSS攻擊檢測\XSSClear\src\file\Decode.java
?????文件????????514??2017-03-17?14:27??XSS攻擊檢測\XSSClear\src\file\Filter.java
?????文件???????8364??2017-03-17?09:01??XSS攻擊檢測\XSSClear\src\file\FreatureExtraction.java
?????文件???????3314??2017-03-15?13:57??XSS攻擊檢測\XSSClear\src\file\HttpHeader.java
?????文件???????1828??2017-03-15?09:49??XSS攻擊檢測\XSSClear\src\file\LogTable.java
?????文件???????8464??2017-03-14?18:27??XSS攻擊檢測\XSSClear\src\file\MaxEnt.java
?????文件???????1308??2017-03-13?08:42??XSS攻擊檢測\XSSClear\src\file\Pair.java
?????文件???????9400??2017-03-23?15:09??XSS攻擊檢測\XSSClear\src\file\ProxyTask.java
?????文件???????2749??2017-03-13?08:43??XSS攻擊檢測\XSSClear\src\file\ReadData.java
?????文件???????1485??2017-03-15?14:49??XSS攻擊檢測\XSSClear\src\file\SocketProxy.java
?????文件???????9981??2017-03-17?13:38??XSS攻擊檢測\XSSClear\src\file\StringUtils.java
?????文件??????14990??2017-03-24?14:15??XSS攻擊檢測\XSSClear\src\file\XSSGUif
?????文件???????4586??2017-03-16?09:59??XSS攻擊檢測\XSSClear\src\SensitiveWord\SensitivewordFilter.java
?????文件???????4057??2017-03-16?09:42??XSS攻擊檢測\XSSClear\src\SensitiveWord\SensitiveWordInit.java
?????文件???????3365??2017-03-24?09:34??XSS攻擊檢測\XSSClear\src\XSSAttackTest\XSSTest.java
............此處省略12個文件信息
- 上一篇:JSP+Application聊天室
- 下一篇:java面向對象程序設計答案
評論
共有 條評論
川公網安備 51152502000135號