1. 增加“关于”按钮

2. 增加对设置 Http 代理的支持
feihong-cs · Oct 4, 2020 · daa40a1 · daa40a1
1 parent 6791c92
commit daa40a1
Show file tree

Hide file tree

Showing 7 changed files with 415 additions and 81 deletions.
diff --git a/src/main/java/com/shiroexploit/gui/AboutPane.java b/src/main/java/com/shiroexploit/gui/AboutPane.java
@@ -0,0 +1,124 @@
+package com.shiroexploit.gui;
+
+import javafx.event.ActionEvent;
+import javafx.event.EventHandler;
+import javafx.geometry.Insets;
+import javafx.geometry.Pos;
+import javafx.scene.control.Button;
+import javafx.scene.control.TextArea;
+import javafx.scene.layout.BorderPane;
+import javafx.scene.layout.Pane;
+import javafx.stage.Stage;
+
+public class AboutPane {
+    private BorderPane borderPane;
+    private Button closeButton;
+
+    public AboutPane(){
+        drawPane();
+        addEventListeners();
+    }
+
+    public Pane getPane(){
+        return borderPane;
+    }
+
+    private void drawPane() {
+        borderPane = new BorderPane();
+        closeButton = new Button("关闭");
+
+        borderPane.setPadding(new Insets(20,20,20,20));
+        TextArea textArea = new TextArea();
+        textArea.setWrapText(true);
+        textArea.setEditable(false);
+        textArea.getStyleClass().add("text-area");
+        textArea.setText("ShiroExploit v2.51 Final by 飞鸿\n" +
+                "你可以从 https://github.com/feihong-cs/ShiroExploit/releases 下载最新的版本\n" +
+                "\n" +
+                "如果你有bug反馈或者好的建议，或者有合作开发新工具的想法，或者有合肥地区好的工作机会推荐可以通过 [email protected] 联系我\n" +
+                "\n" +
+                "改动日志：\n" +
+                "ShiroExploit v2.51 Final \n" +
+                "\t1. 增加 2 种新的回显方式 TomcatEcho2, JBossEcho，将 WeblogicEcho1 和 WeblogicEcho2 进行了合并\n" +
+                "\t2. 默认不启用 WindowEcho, Use with caution\n" +
+                "\t3. Shiro550VerifierUsingEcho 回退到 URLDNS 方法时，由原先的使用 ceye.io 修改为使用 dnslog.cn\n" +
+                "\t4. 增加对设置 Http 代理的支持\n" +
+                "\t5. 增加 About 按钮\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.5 Final\n" +
+                "\t1. 反编译了网上流传的 xary 的 gadget，参考其 tomcat echo 的代码对原本的 tomcat 回显代码进行优化\n" +
+                "\t2. 对 AutoFindRequest LinuxEcho WindowsEcho 的代码进行优化\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.43 Final\n" +
+                "\t1. 针对一个误报case：在使用反序列 SimplePrincipalCollection 方式寻找 key 时，即使 key 正确，也非常罕见的依然返回 rememberMe=deleteMe 的情况进行优化\n" +
+                "\t2. 修复使用默认 User-agent（Java/版本号）导致的漏报case\n" +
+                "\t3. 当使用 ceye.io/dnslog.cn/jrmp/echo 方式时，当使用反序列化 SimplePrincipalCollection 方式未找到 key 时，回退到 URLDNS 的方式，以最大程度的减少漏报\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.42 Final\n" +
+                "\t1. 修复一个误报case, case描述：key错误的时候返回2个 deleteMe，key正确的时候返回一个 deleteMe，导致误报\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.41 Final\n" +
+                "\t1. 使用反序列化 SimplePrincipalCollection 的方式检测有效 key，提升检测效率\n" +
+                "\t2. 剔除 keys.conf.big 中无效的 key\n" +
+                "\t3. 修改 DNSLog.cn 无法访问时错误的提示语\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.4 Final\n" +
+                "\t1. 增加对多种回显方式的支持\n" +
+                "\t2. 为 Shiro721 添加回显支持\n" +
+                "\t3. 为 Shiro721 利用 Padding Oracle 生成 cookie 过程增加容错机制\n" +
+                "\t4. Shiro721 不需要再选择操作系统\n" +
+                "\t5. 修复自定义 rememberMe cookie 名称时，Shiro 721 验证出错的 bug\n" +
+                "\t6. 检测到漏洞后，反弹 shell 或者 部署 webshell 修改为下拉框的方式\n" +
+                "\t7. 为使用 ceye/dnslog/jrmp 的方式提供获取 webshell 的支持\n" +
+                "\t8. 修改起始 UI，增加对 Key/Gadget/EchoType 的手工指定，支持多选\n" +
+                "\t9. 参考 https://xz.aliyun.com/t/6227 缩小 ysoserial 生成的 payload 的体积\n" +
+                "\t10. 更新 keys.conf.big（感谢AgeloVito提供）\n" +
+                "\t11. 为 Shiro721 部分回显方式生成的 Cookie 提供缓存支持\n" +
+                "\t12. 执行命令时，如果存在多个 Gadget/EchoType，随机选择一个\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.3\n" +
+                "\t1. 修复之前漏洞检测失败的bug\n" +
+                "\t2. 修复关闭窗口后程序依然运行的bug\n" +
+                "\t3. 增加反弹shell的功能\n" +
+                "\t4. 增加使用第三方（ceye.io）之外DNSLog平台检测key的功能\n" +
+                "\t5. 优化UI，增加等待效果\n" +
+                "\t6. 使用 https://github.com/wh1t3p1g/ysoserial 替代原有的 ysoserial.jar，增加 PayloadType\n" +
+                "\t7. 其他小改动\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.11\n" +
+                "\t1. 完善对 Https 的支持\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.1\n" +
+                "\t1. 将部分配置从硬编码的方式修改为从配置文件读取\n" +
+                "\t2. 支持解析复杂Http请求\n" +
+                "\t3. 修复服务器为 Windows系统时无法检测漏洞的Bug\n" +
+                "\n" +
+                "\n" +
+                "ShiroExploit v2.0\n" +
+                "\t1. 增加GUI支持，使用更加简单快捷\n" +
+                "\n");
+
+        borderPane.setCenter(textArea);
+        borderPane.setBottom(closeButton);
+        borderPane.setAlignment(closeButton, Pos.CENTER);
+        borderPane.setMargin(closeButton, new Insets(10,0,10,0));
+    }
+
+    private void addEventListeners(){
+        closeButton.setOnAction(new EventHandler<ActionEvent>() {
+            @Override
+            public void handle(ActionEvent event) {
+                Stage currentStage = (Stage) borderPane.getScene().getWindow();
+                currentStage.close();
+            }
+        });
+    }
+}
diff --git a/src/main/java/com/shiroexploit/gui/ConfigPane.java b/src/main/java/com/shiroexploit/gui/ConfigPane.java
@@ -43,56 +43,6 @@ public class ConfigPane {
     private TextField staticFilePathField = new TextField();
     private boolean used = false;
 
-    public void update(){
-        // 等于0表示使用的是ceye
-        if(Config.getInstance().getCheckMethod() == 0){
-            typeGroup.selectToggle(ceyeButton);
-
-            middlePane.setDisable(true);
-            bottomPane.setDisable(true);
-            staticFilePathField.setDisable(true);
-        }else if(Config.getInstance().getCheckMethod() == 1){
-            typeGroup.selectToggle(dnsLogButton);
-
-            middlePane.setDisable(true);
-            bottomPane.setDisable(true);
-            staticFilePathField.setDisable(true);
-        } else if(Config.getInstance().getCheckMethod() == 3){
-            typeGroup.selectToggle(echoButton);
-            staticFilePathField.setText(Config.getInstance().getStaticFilePath());
-
-            middlePane.setDisable(true);
-            bottomPane.setDisable(true);
-            staticFilePathField.setDisable(false);
-        }else{
-            typeGroup.selectToggle(oobServiceButton);
-            staticFilePathField.setDisable(true);
-
-            String address = Config.getInstance().getJRMPServiceAddress();
-            if(address != null && !address.equals("")){
-                ipAddress.setText(address);
-            }
-
-            int httpPort = Config.getInstance().getHTTPServicePort();
-            if(httpPort != 0){
-                httpServicePort.setText(httpPort + "");
-            }
-
-            int JRMPPort = Config.getInstance().getHTTPServicePort();
-            if(JRMPPort != 0){
-                httpServicePort.setText(JRMPPort + "");
-            }
-
-
-            boolean flag = Config.getInstance().isSkipIfFound();
-            if(flag){
-                skipIfFound.selectToggle(yesForSkip);
-            }else{
-                skipIfFound.selectToggle(noForSkip);
-            }
-        }
-    }
-
     public ConfigPane(StartPane pane){
         this.previousPane = pane;
         drawPane();
@@ -149,7 +99,7 @@ public void changed(ObservableValue<? extends Toggle> observable, Toggle oldValu
             @Override
             public void handle(ActionEvent event) {
                 Stage currentStage = (Stage)vBox.getScene().getWindow();
-                currentStage.close();
+                currentStage.hide();
                 Stage previous = (Stage)previousPane.getPane().getScene().getWindow();
                 previous.show();
             }

diff --git a/src/main/java/com/shiroexploit/gui/ProxyConfigPane.java b/src/main/java/com/shiroexploit/gui/ProxyConfigPane.java
@@ -0,0 +1,152 @@
+package com.shiroexploit.gui;
+
+import com.shiroexploit.util.Config;
+import javafx.beans.value.ChangeListener;
+import javafx.beans.value.ObservableValue;
+import javafx.event.ActionEvent;
+import javafx.event.EventHandler;
+import javafx.geometry.Insets;
+import javafx.geometry.Pos;
+import javafx.scene.control.Button;
+import javafx.scene.control.CheckBox;
+import javafx.scene.control.Label;
+import javafx.scene.control.TextField;
+import javafx.scene.layout.GridPane;
+import javafx.scene.layout.HBox;
+import javafx.scene.layout.Pane;
+import javafx.stage.Stage;
+
+public class ProxyConfigPane {
+    private CheckBox enableProxy = new CheckBox("启用代理");
+    private TextField ipTextField = new TextField();
+    private TextField portTextField = new TextField();
+    private Button confirm = new Button("确定");
+    private Button cancel = new Button("取消");
+    private GridPane gridPane = new GridPane();
+    private StartPane previous;
+
+    public ProxyConfigPane(StartPane startPane){
+        previous = startPane;
+        drawPane();
+        addListeners();
+    }
+
+    public Pane getPane(){
+        return gridPane;
+    }
+
+    public void update(){
+        enableProxy.setSelected(Config.getInstance().isProxyEnabled());
+        ipTextField.setText(Config.getInstance().getProxyIP());
+        portTextField.setText(String.valueOf(Config.getInstance().getProxyPort()));
+    }
+
+    private void drawPane(){
+        gridPane.setPadding(new Insets(10,10,10,10));
+        gridPane.setHgap(10);
+        gridPane.setVgap(20);
+        gridPane.setAlignment(Pos.CENTER);
+
+        enableProxy.setSelected(false);
+        gridPane.setColumnSpan(enableProxy, 2);
+        gridPane.add(enableProxy, 0, 0);
+
+        Label labelForIP = new Label("IP地址");
+        ipTextField.setPrefWidth(200);
+        ipTextField.setDisable(true);
+        gridPane.add(labelForIP, 0, 1);
+        gridPane.add(ipTextField, 1,1);
+
+        Label labelForPort = new Label("端口");
+        portTextField.setPrefWidth(200);
+        portTextField.setDisable(true);
+        gridPane.add(labelForPort, 0, 2);
+        gridPane.add(portTextField,1 ,2);
+
+        HBox hBox = new HBox();
+        hBox.setAlignment(Pos.CENTER);
+        hBox.getChildren().addAll(confirm, cancel);
+        hBox.setMargin(confirm, new Insets(0,10,0,0));
+        gridPane.setColumnSpan(hBox, 2);
+        gridPane.add(hBox, 0, 3);
+    }
+
+
+    private void addListeners(){
+        enableProxy.selectedProperty().addListener(new ChangeListener<Boolean>() {
+            @Override
+            public void changed(ObservableValue<? extends Boolean> observable, Boolean oldValue, Boolean newValue) {
+                if(newValue){
+                    ipTextField.setDisable(false);
+                    portTextField.setDisable(false);
+                }else{
+                    ipTextField.setDisable(true);
+                    portTextField.setDisable(true);
+                }
+            }
+        });
+
+        confirm.setOnAction(new EventHandler<ActionEvent>() {
+            @Override
+            public void handle(ActionEvent event) {
+                if(enableProxy.isSelected()){
+                    String ip = ipTextField.getText().trim();
+                    String port = portTextField.getText().trim();
+
+                    if(ip.isEmpty()) {
+                        PromptMessageUI.getAlert("输入错误","IP地址不能为空");
+                        return;
+                    }
+
+                    if(port.isEmpty()) {
+                        PromptMessageUI.getAlert("输入错误","端口不能为空");
+                        return;
+                    }
+
+                    try{
+                        Integer.parseInt(port);
+                    }catch(NumberFormatException e){
+                        PromptMessageUI.getAlert("输入错误","端口号输入错误");
+                        return;
+                    }
+
+                    try{
+                        String[] parts = ip.split("\\.");
+                        if(parts.length != 4){
+                            PromptMessageUI.getAlert("输入错误","IP地址输入错误");
+                            return;
+                        }
+
+                        for(String part : parts){
+                            Integer.parseInt(part);
+                        }
+                    }catch(NumberFormatException e){
+                        PromptMessageUI.getAlert("输入错误","IP地址输入错误");
+                        return;
+                    }
+
+                    Config.getInstance().setProxyEnabled(true);
+                    Config.getInstance().setProxyIP(ip);
+                    Config.getInstance().setProxyPort(Integer.parseInt(port));
+                }else{
+                    Config.getInstance().setProxyEnabled(false);
+                }
+
+                Stage currentStage = (Stage)gridPane.getScene().getWindow();
+                currentStage.hide();
+                Stage pre = (Stage)previous.getPane().getScene().getWindow();
+                pre.show();
+            }
+        });
+
+        cancel.setOnAction(new EventHandler<ActionEvent>() {
+            @Override
+            public void handle(ActionEvent event) {
+                Stage currentStage = (Stage)gridPane.getScene().getWindow();
+                currentStage.hide();
+                Stage pre = (Stage)previous.getPane().getScene().getWindow();
+                pre.show();
+            }
+        });
+    }
+}