Coder Social home page Coder Social logo

trident's Introduction

Trident(三叉戟)

Java Code Security Component (JAVA代码安全组件)

目前支持的功能如下:

  1. URL白名单验证 (已完成)
  2. checkSSRF (已完成)
  3. checkReferer (未做)
  4. csrfToken (未做)
  5. xssEncode (未做)
  6. getRealIP (已完成)

URL白名单验证

URL绕过

URL白名单绕过可查考https://joychou.org/web/url-whitelist-bypass.html

验证逻辑

  1. 取URL一级域名
  2. 判断是否在域名白名单列表内

验证代码

合法URL返回true,非法URL返回false。

// URL白名单组件测试
checkURL urlCheck = new checkURL();
String[] urlWList = {"joychou.com", "joychou.me"};
Boolean ret = urlCheck.checkUrlWlist("http://test.joychou.org", urlWList);
System.out.println(ret);

checkSSRF

验证逻辑

  1. 取URL的Host
  2. 取Host的IP
  3. 判断是否是内网IP,是内网IP直接return,不再往下执行
  4. 请求URL
  5. 如果有跳转,取出跳转URL,执行第1步

验证代码

如果是内网IP,返回false,表示checkSSRF不通过,否则返回true,即合法返回true。URL只支持HTTP协议。

// SSRF组件测试
SSRF check = new SSRF();
String url = "http://dns_rebind.joychou.me";
ret = check.checkSSRF(url);
if (ret){
    String con = Request.Get(url).execute().returnContent().toString();
    System.out.println(con);
}
else {
    System.out.println("Bad boy. The url is illegal");
}

绕过姿势

以上代码在设置TTL为0的情况,可以用DNS Rebinding绕过。

但是,只要Java不设置TTL为0,该代码逻辑上不存在被绕过风险。

具体绕过细节可查看https://joychou.org/web/use-dnsrebinding-to-bypass-ssrf-in-java.html

获取真实IP

用这份代码,必须保证,前面Proxy有把真实IP放到X-Real-IP头。

proxy_set_header X-Real-IP $remote_addr;

造成漏洞的代码和配置,详情查看https://joychou.org/web/how-to-get-real-ip.html

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.