filter修改参数

  前景:公司项目web渗透测试中提出管理登录时,传输密码不能为明文,需要加密传输,但是迫于系统架构,后端代码不能修改,只能在filter中解密参数。

  1.前端加密处理:

 1 <script type="text/javascript"> 
 2     $(function() { 
 3         $("#loginBtn").click(function() {
 4             //对数据加密   
 5             var password = encode64($("#pwdInput").val());
 6             $("#pwdInput").val(password);
 7             document.login.submit();  //login为form表单name 
 8         }) 
 9     }) 
10     // base64加密开始 
11     var keyStr = "ABCDEFGHIJKLMNOP" + "QRSTUVWXYZabcdef" + "ghijklmnopqrstuv"   + "wxyz0123456789+/" + "="; 
12     function encode64(input) {  
13         var output = "";  
14         var chr1, chr2, chr3 = ""; 
15         var enc1, enc2, enc3, enc4 = "";  
16         var i = 0;  
17         do {   
18             chr1 = input.charCodeAt(i++);   
19             chr2 = input.charCodeAt(i++);   
20             chr3 = input.charCodeAt(i++);  
21             enc1 = chr1 >> 2;  
22             enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);  
23             enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);  
24             enc4 = chr3 & 63;  
25             if (isNaN(chr2)) {    
26                 enc3 = enc4 = 64;   
27             } else if (isNaN(chr3)) {   
28                 enc4 = 64;  
29             }   
30             output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2)     + keyStr.charAt(enc3) + keyStr.charAt(enc4);  
31             chr1 = chr2 = chr3 = "";  
32             enc1 = enc2 = enc3 = enc4 = "";  
33         } while (i < input.length); 
34         return output; 
35     } // base64加密结束
36 </script>

  2.后端解密:

 1   private static byte[] base64DecodeChars = new byte[] { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
 2             -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
 3             -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4,
 4             5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26,
 5             27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1,
 6             -1, -1, -1 };
 7 
 8     /** * 解密 * @param str * @return */
 9     public static byte[] decode(String str) {
10         byte[] data = str.getBytes();
11         int len = data.length;
12         ByteArrayOutputStream buf = new ByteArrayOutputStream(len);
13         int i = 0;
14         int b1, b2, b3, b4;
15         while (i < len) {
16             do {
17                 b1 = base64DecodeChars[data[i++]];
18             } while (i < len && b1 == -1);
19             if (b1 == -1) {
20                 break;
21             }
22             do {
23                 b2 = base64DecodeChars[data[i++]];
24             } while (i < len && b2 == -1);
25             if (b2 == -1) {
26                 break;
27             }
28             buf.write((int) ((b1 << 2) | ((b2 & 0x30) >>> 4)));
29             do {
30                 b3 = data[i++];
31                 if (b3 == 61) {
32                     return buf.toByteArray();
33                 }
34                 b3 = base64DecodeChars[b3];
35             } while (i < len && b3 == -1);
36             if (b3 == -1) {
37                 break;
38             }
39             buf.write((int) (((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2)));
40             do {
41                 b4 = data[i++];
42                 if (b4 == 61) {
43                     return buf.toByteArray();
44                 }
45                 b4 = base64DecodeChars[b4];
46             } while (i < len && b4 == -1);
47             if (b4 == -1) {
48                 break;
49             }
50             buf.write((int) (((b3 & 0x03) << 6) | b4));
51         }
52         return buf.toByteArray();
53     }

  3.filter修改post参数值

    3.1修改filter

 1            MyHttpServletRequestWrapper requestWrapper = new MyHttpServletRequestWrapper(request);
 2             String captcha = (String) requestWrapper.getParameter("captcha");
 3             log.debug("filter get captcha:" + captcha);
 4             if (StringUtil.isNotNull(captcha)
 5                     && captcha.equalsIgnoreCase("" + request.getSession().getAttribute("captcha"))) {
 6                 captcha = QueryCaptchaUtil.QueryCaptcha();
 7                 session.removeAttribute("captcha"); // 验证码登录后销毁
 8                 session.setAttribute("captcha", captcha);
 9                 certService.setCertProperty(request);
10                 // 1.获取需要处理的参数
11                 String userPassword = requestWrapper.getParameter("userPassword");13                 // 2.把处理后的参数放回去
14                 requestWrapper.setParameter("userPassword", new String(decode(userPassword)));
15                 // 3.放行,把我们的requestWrapper放到方法当中
16                 chain.doFilter(requestWrapper, response);
17                 return;
18             }

 

    3.2 MyHttpServletRequestWrapper.java

  1 import java.io.BufferedReader;
  2 import java.io.ByteArrayInputStream;
  3 import java.io.IOException;
  4 import java.io.InputStreamReader;
  5 import java.util.HashMap;
  6 import java.util.Iterator;
  7 import java.util.Map;
  8 import java.util.Set;
  9 
 10 import javax.servlet.ReadListener;
 11 import javax.servlet.ServletInputStream;
 12 import javax.servlet.http.HttpServletRequest;
 13 import javax.servlet.http.HttpServletRequestWrapper;
 14 
 15 /**
 16  * 重写 HttpServletRequestWrapper 处理表单、ajax请求
 17  * 
 18  * @author dongzhihao
 19  *
 20  */
 21 public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {
 22     
 23     //private final byte[] body;
 24 
 25     // 用于存储请求参数
 26     private Map<String, Object> params = new HashMap<String, Object>();
 27 
 28     // 构造方法
 29     public MyHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
 30         super(request);
 31         //body = parseBodyToBytes(request);
 32         // 把请求参数添加到我们自己的map当中
 33         this.params.putAll(request.getParameterMap());
 34     }
 35 
 36     @Override
 37     public String getQueryString() {
 38         StringBuffer buffer = new StringBuffer();
 39         Set<String> keySet = params.keySet();
 40         int i = 0;
 41         for (Iterator<String> iterator = keySet.iterator(); iterator.hasNext();) {
 42             if (i != 0) {
 43                 buffer.append("&");
 44             }
 45             String key = (String) iterator.next();
 46             Object obj = params.get(key);
 47             if (obj instanceof String[]) {
 48                 String[] new_name = (String[]) obj;
 49                 obj=new_name[0];
 50             }
 51             buffer.append(key + "=").append(obj);
 52             i++;
 53         }
 54         System.out.println(buffer.toString());
 55         return buffer.toString();
 56     }
 57 
 58     /**
 59      * 添加参数到map中
 60      * 
 61      * @param name
 62      * @param value
 63      */
 64     public void setParameter(String name, Object value) {
 65         if (value != null) {
 66             System.out.println(value);
 67             if (value instanceof String[]) {
 68                 params.put(name, (String[]) value);
 69             } else if (value instanceof String) {
 70                 params.put(name, value);
 71             } else {
 72                 params.put(name, new String[] { String.valueOf(value) });
 73             }
 74         }
 75     }
 76     
 77     
 78     
 79 
 80     @Override
 81     public BufferedReader getReader() throws IOException {
 82         return new BufferedReader(new InputStreamReader(getInputStream()));
 83     }
 84 
 85     @Override
 86     public ServletInputStream getInputStream() throws IOException {
 87         final ByteArrayInputStream bais = new ByteArrayInputStream(getQueryString().getBytes());
 88         return new ServletInputStream() {
 89             @Override
 90             public int read() throws IOException {
 91                 return bais.read();
 92             }
 93 
 94             @Override
 95             public boolean isFinished() {
 96                 return false;
 97             }
 98 
 99             @Override
100             public boolean isReady() {
101                 return false;
102             }
103 
104             @Override
105             public void setReadListener(ReadListener arg0) {
106             }
107         };
108     }
109 
110 }

 

转载于:https://www.cnblogs.com/D-ZH/p/11453239.html

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值