Git Product home page Git Product logo

caidaomitmproxy's Introduction

CaidaoMitmProxy

基于HTTP代理中转菜刀过WAF,基于菜刀20160622版本修改和测试。理论上是支持低版本菜刀。本人没测试希望大家来帮忙测试下。

安装

  • pip[3] install pydes
  • pip[3] install mitmproxy

使用

  1. 替换 caidao.conf 文件(使用 PHP DES 加密脚本的时候才需要替换)
  2. 将支持 DES 加密的 Webshell 上传到服务器的 Web目录
  3. 运行下列代码开启代理中转(使用 -p 可以自定以端口)
Windowsmitmdump -k -s 插件路径
Linuxmitmproxy -k -s 插件路径
  1. 用Proxifier等其他工具将菜刀或者域名加进代理规则即可。默认监听是8080
  2. 用菜刀直接连接就能开始食用啦

Shell

  • [√] PHP
  • [√] JSP
  • [√] ASPX
  • [×] ASP

注意事项

  1. caidao.conf 文件在 caidaoconf 目录
  2. HTTP代理中转没有测试是否支持HTTPS

参考

https://xz.aliyun.com/t/2739

https://github.com/ekgg/Caidao-AES-Version

法律

该项目仅供合法的渗透测试以及爱好者参考学习,请各位遵守《中华人民共和国网络安全法》以及相应地方的法律,禁止使用该项目进行违法操作,否则自行承担相关责任!

caidaomitmproxy's People

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar

caidaomitmproxy's Issues

tomcat cdmp.jsp http 500

HTTP Status 500 – Internal Server Error
Type 异常报告

消息 在 [271] 行处理 [/cdmp.jsp] 时发生异常

描述 服务器遇到一个意外的情况,阻止它完成请求。

Exception

org.apache.jasper.JasperException: 在 [271] 行处理 [/cdmp.jsp] 时发生异常

268: return null;
269: Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
270: cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key.getBytes(cs), "DES"));
271: bytes = cipher.doFinal(bytes);
272: return new String(bytes, cs);
273: }
274:

tomcat cdmp.jsp http 500

HTTP Status 500 – Internal Server Error
Type 异常报告

消息 java.lang.ArrayIndexOutOfBoundsException: 1

描述 服务器遇到一个意外的情况,阻止它完成请求。

Exception

org.apache.jasper.JasperException: java.lang.ArrayIndexOutOfBoundsException: 1
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:599)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:515)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
Root Cause

java.lang.ArrayIndexOutOfBoundsException: 1
org.apache.jsp.cdmp_jsp._jspService(cdmp_jsp.java:407)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:477)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.