使用普通socket来模拟与Mysql Server建立连接及发送查询SQL,如下代码所示:
Socket socket = new Socket("127.0.0.1",3306);
OutputStream out = socket.getOutputStream();
BufferedOutputStream bos = new BufferedOutputStream(out);
//建立连接报文信息 来自wireshark(捕捉终端执行mysql -u root -p -h 127.0.0.1时对应的login request信息)
String hexs = "bb00000185a67f0000000001210000000000000000000000000000000000000000000000726f6f740014c2ee436b504f4f78089396223ad76f21fd5aee566d7973716c5f6e61746976655f70617373776f7264006a035f6f730964656269616e362e300c5f636c69656e745f6e616d65086c69626d7973716c045f7069640531363638330f5f636c69656e745f76657273696f6e06352e362e3137095f706c6174666f726d067838365f36340c70726f6772616d5f6e616d65056d7973716c";
byte[] bytes = convertHexStrToByteArray(hexs); //将上述的16进制信息转为byte数组 如"bb"--> -69
int packetLen = 191;
bos.write(bytes, 0, packetLen);
bos.flush();
//执行查询命令 select 'hello' 来自wireshark
hexs = "0f0000000373656c656374202768656c6c6f27";
bytes = convertHexStrToByteArray(hexs);
bos.write(bytes,0,19);
bos.flush();
//读取查询SQL的返回
InputStream in = socket.getInputStream();
BufferedInputStream bis = new BufferedInputStream(in);
byte[] buf = new byte[1024];
int len = bis.read(buf);
System.out.println(new String(buf, len-14, 5));
byte[] convertHexStrToByteArray(String hexs){
byte[] a = new byte[hexs.length()/2];
int index = 0;
for(int i=0; i<hexs.length(); i+=2){
String e = hexs.substring(i, i+2);
a[index++] = convertIntToByte(Integer.valueOf(e, 16));
}
return a;
}
private byte convertIntToByte(int i) {
if(i<= 127)
return (byte)i;
else
return (byte)(i-256);
}
上述程序运行后对应的Wireshark抓取信息为:
上述代码中的第1行对应140~144, 上述代码第10行对应145~147, 剩下的对应发送查询命令(select 'hello')了.
补充:
报文信息来自wireshark,如下所示:
2. 上述Login Request中的报文信息未包含密码, 即服务端启动时指定了--skip-grant-tables, 否则不能成功建立连接. 因为每次密码的值都会变化,且不能用同一个(类似于网页上的校验码).如下所示:
注意:服务端每次返回的两个Salt值都不同
客户端根据服务端返回的Salt生成密码.见如下测试代码:
@Test
public void test_generate_password() throws NoSuchAlgorithmException, UnsupportedEncodingException{
String seed = "{k*,=.lXV%RMn_rB/b$*";
String password = "root";
String passwordEncoding = null;
byte[] result = Security.scramble411(password, seed, passwordEncoding );
String hexString = convertByteArrayToHexString(result);
Assertions.assertThat(hexString).isEqualTo("7be382c1bd847210ca83161991d133b6f713709a");
}
/**
* byte array --> hex string
* byte --> int (负数转为正: 256-|x|)
* int --> hex
*/
private String convertByteArrayToHexString(byte[] result) {
StringBuilder sb = new StringBuilder();
for(byte b : result){
int i = b;
if(i<0)
i = 256-(i*-1);
String hex = Integer.toHexString(i);
if(hex.length()==1)
sb.append("0");
sb.append(Integer.toHexString(i));
}
return sb.toString();
}
3. 经过测试,若在建立连接过程中中断时间超过10秒,则服务端会主动发fin包中断连接.连接建立完成后,就没有这个限制.