資源簡介
XSS攻擊是一種常見的web攻擊手段,這里提供了一種XSS檢測原型系統。用Java實現,檢測準確率在95%以上,可直接在Class下運行。
代碼片段和文件信息
package?file;
import?java.io.IOException;
import?java.io.UnsupportedEncodingException;
import?java.net.URL;
import?java.net.URLDecoder;
import?java.util.base64;
import?java.util.regex.Matcher;
import?java.util.regex.Pattern;
import?file.FreatureExtraction;
public?class?Decode?{
/*@function?對輸入的數字進行預處理
?*?@param?:輸入的url
????*/
public?static?String?PreProcess(String?data)?throws?IOException
{
if(null==data)
{
return?null;
}
String?tmp=data;//=replaceBlank(data.toLowerCase());
tmp?=?tmp.replaceAll(“%(?![0-9a-fA-F]{2})“?“%25“);//進行預處理
String?urlStr?=?URLDecoder.decode(tmp?“UTF-8“);?//UTF8解碼
String?htmlStr=?StringUtils.unescapeHtml3(urlStr);
?? ????//base64解碼?
//?byte?[]?asbyte?=base64.getDecoder().decode(urlStr);
//?String?base64Str?=new?String(asbyte“utf-8“);
//?System.out.println(base64Str);
?tmp=replaceBlank(htmlStr).toLowerCase();
//?System.out.println(htmlStr);
?return?htmlStr.toLowerCase();
???}
/*@function?獲得數據的Http請求中的遞交參數,將參數分組;
?*@param?獲取的url
?*@return?url?get的字符分組
?*?GET?http://192.168.43.28/main.php?usr=admin&passwd=456456?HTTP/1.1
?*
?*/
public?String[]?UrlGet(String?url)?throws?IOException
{
String?array[];
String?str?=PreProcess(url);
System.out.println(str);
String?regex?=?new?String(“(\\w+):\\/\\/(.+)\\/(.+)\\?(.*)\\s*http\\/“);
Pattern?pattern??=Pattern.compile(regex);
Matcher?m?=pattern.matcher(str);
if(m.find())
{
String?Pout?=?m.group();
String?reg=?new?String(“\\?(.*)\\s*http\\/“);
Matcher?m1?=Pattern.compile(reg).matcher(Pout);
if(m1.find())
{
String?end=replaceBlank(m1.group(1)).toLowerCase();
String?regex1?=new?String(“&“);
array?=end.split(regex1);
System.out.println(end);
return?array;
}
System.out.println(Pout);
//String?regex1?=new?String(“&“);
//array?=Pout.split(regex1);
return?null;
}
else{
System.out.println(“沒有找到匹配字符“);
return?null;
}
}
/*
?*?@param:輸入的Get數據寶
?*?@return:返回捕獲的數據
?*/
//提取Header中的URL部分
static?String?GetURL(String?url)?throws?IOException
{
String?str?=PreProcess(url);
System.out.println(str);
String?regex?=?new?String(“(\\w+):\\/\\/(.+)\\/(.+)\\?(.*)\\s*http\\/“);
Pattern?pattern??=Pattern.compile(regex);
Matcher?m?=pattern.matcher(str);
if(m.find())
{
String?Pout?=?m.group();
return?Pout ;
????}
else{
return?null;
}
}
//!去掉字符川中所有的空格和字符
? ?public??static?String?replaceBlank(String?str)?{
????????String?dest?=?““;
????????if?(str!=null)?{
???????? //正則表達式
???? ????Pattern?p?=?Pattern.compile(“\\s*|\t|\r|\n|\f“);
????????????Matcher?m?=?p.matcher(str);
????????????dest?=?m.replaceAll(““);
????????}
????????return?dest;
????}
???
public?static?void?main(String[]?args)?throws?IOException?{
String?test=?new?String(“GET6787?http://comet.blog.sina.com.cn ?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????目錄???????????0??2017-03-17?12:34??XSSDefender\
?????文件?????????410??2017-03-13?15:23??XSSDefender\.classpath
?????文件?????????387??2017-03-13?08:36??XSSDefender\.project
?????目錄???????????0??2017-03-13?08:41??XSSDefender\.settings\
?????文件??????????74??2017-03-13?08:41??XSSDefender\.settings\org.eclipse.core.resources.prefs
?????文件?????????598??2017-03-13?08:36??XSSDefender\.settings\org.eclipse.jdt.core.prefs
?????目錄???????????0??2017-03-23?08:59??XSSDefender\bin\
?????目錄???????????0??2017-03-23?08:59??XSSDefender\bin\SensitiveWord\
?????文件????????3424??2017-03-23?08:59??XSSDefender\bin\SensitiveWord\SensitiveWordInit.class
?????文件????????4114??2017-03-23?08:59??XSSDefender\bin\SensitiveWord\SensitivewordFilter.class
?????目錄???????????0??2017-03-23?08:59??XSSDefender\bin\XSSAttackTest\
?????文件????????4101??2017-03-24?09:34??XSSDefender\bin\XSSAttackTest\XSSTest.class
?????目錄???????????0??2017-03-23?15:31??XSSDefender\bin\file\
?????文件????????2874??2017-03-23?08:59??XSSDefender\bin\file\Decode.class
?????文件?????????795??2017-03-23?08:59??XSSDefender\bin\file\Filter.class
?????文件???????10086??2017-03-23?08:59??XSSDefender\bin\file\FreatureExtraction.class
?????文件????????3802??2017-03-23?08:59??XSSDefender\bin\file\HttpHeader.class
?????文件?????????707??2017-03-23?08:59??XSSDefender\bin\file\LogTable$1.class
?????文件????????1365??2017-03-23?08:59??XSSDefender\bin\file\LogTable.class
?????文件????????1095??2017-03-23?08:59??XSSDefender\bin\file\MaxEnt$Feature.class
?????文件?????????788??2017-03-23?08:59??XSSDefender\bin\file\MaxEnt$Instance.class
?????文件????????6305??2017-03-23?08:59??XSSDefender\bin\file\MaxEnt.class
?????文件????????1668??2017-03-23?08:59??XSSDefender\bin\file\Pair.class
?????文件????????1317??2017-03-23?15:09??XSSDefender\bin\file\ProxyTask$DataSendThread.class
?????文件????????9494??2017-03-23?15:09??XSSDefender\bin\file\ProxyTask.class
?????文件????????3018??2017-03-23?08:59??XSSDefender\bin\file\ReadData.class
?????文件????????2120??2017-03-23?08:59??XSSDefender\bin\file\SocketProxy.class
?????文件????????6919??2017-03-23?08:59??XSSDefender\bin\file\StringUtils.class
?????文件?????????795??2017-03-24?14:15??XSSDefender\bin\file\XSSGUif
?????文件????????1655??2017-03-24?14:15??XSSDefender\bin\file\XSSGUif
?????文件????????2626??2017-03-24?14:15??XSSDefender\bin\file\XSSGUif
............此處省略39個文件信息
評論
共有 條評論
川公網安備 51152502000135號