Merge pull request #32 from zema1/feat-jspx

feat: add jspx

.github/actions/action.yml

@@ -23,4 +23,4 @@ runs:
     - if: inputs.jar == 'true'
       shell: bash
       working-directory: ./assets
-      run: jar cvf assets.war suo5.jsp
+      run: jar cvf assets.war suo5.jsp suo5.jspx

.github/workflows/test.yml

@@ -48,19 +48,23 @@ jobs:
           - image: expertsystems/resin
             mount: /var/resin/webapps/ROOT/assets
     env:
-      SUO5_URL: http://127.0.0.1:8080/assets/suo5.jsp
+      SUO5_JSP_URL: http://127.0.0.1:8080/assets/suo5.jsp
+      SUO5_JSPX_URL: http://127.0.0.1:8080/assets/suo5.jspx
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions
       - run: |
           set -ex
           docker run -it --rm -d -p8080:8080 -v ${{ github.workspace }}/assets:${{ matrix.mount }} ${{ matrix.image }}
-          bash ./.github/workflows/ready.sh ${{ env.SUO5_URL }} 30
-          curl -v ${{ env.SUO5_URL }}
+          bash ./.github/workflows/ready.sh ${{ env.SUO5_JSP_URL }} 30
+          curl -v ${{ env.SUO5_JSP_URL }}
           chmod +x ./suo5
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode full
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode half
 
   jetty-test:
     name: Jetty
@@ -84,19 +88,23 @@ jobs:
         mount:
           - /var/lib/jetty/webapps/ROOT/assets
     env:
-      SUO5_URL: http://127.0.0.1:8080/assets/suo5.jsp
+      SUO5_JSP_URL: http://127.0.0.1:8080/assets/suo5.jsp
+      SUO5_JSPX_URL: http://127.0.0.1:8080/assets/suo5.jspx
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions
       - run: |
           set -ex
           docker run -it --rm -d -p8080:8080 -v ${{ github.workspace }}/assets:${{ matrix.mount }} ${{ matrix.image }}
-          bash ./.github/workflows/ready.sh ${{ env.SUO5_URL }} 30
-          curl -v ${{ env.SUO5_URL }}
+          bash ./.github/workflows/ready.sh ${{ env.SUO5_JSP_URL }} 30
+          curl -v ${{ env.SUO5_JSP_URL }}
           chmod +x ./suo5
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode full
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode half 
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode half 
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode half 
 
   jboss-test:
     name: JBoss
@@ -111,19 +119,23 @@ jobs:
           - image: vulhub/jboss:as-6.1.0
             mount: /jboss-6.1.0.Final/server/default/deploy/ROOT.war/assets
     env:
-      SUO5_URL: http://127.0.0.1:8080/assets/suo5.jsp
+      SUO5_JSP_URL: http://127.0.0.1:8080/assets/suo5.jsp
+      SUO5_JSPX_URL: http://127.0.0.1:8080/assets/suo5.jspx
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions
       - run: |
           set -ex
           docker run -it --rm -d -p8080:8080 -v ${{ github.workspace }}/assets:${{ matrix.mount }} ${{ matrix.image }}
-          bash ./.github/workflows/ready.sh ${{ env.SUO5_URL }} 30
-          curl -v ${{ env.SUO5_URL }}
+          bash ./.github/workflows/ready.sh ${{ env.SUO5_JSP_URL }} 30
+          curl -v ${{ env.SUO5_JSP_URL }}
           chmod +x ./suo5
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode full
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode half
 
   websphere-test:
     name: WebSphere
@@ -140,7 +152,8 @@ jobs:
         deploy:
           - /config/dropins
     env:
-      SUO5_URL: http://127.0.0.1:9080/assets/suo5.jsp
+      SUO5_JSP_URL: http://127.0.0.1:9080/assets/suo5.jsp
+      SUO5_JSPX_URL: http://127.0.0.1:9080/assets/suo5.jspx
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions
@@ -154,11 +167,14 @@ jobs:
           docker ps -a
           bash ./.github/workflows/ready.sh http://127.0.0.1:9080 60
           sleep 10
-          curl -v ${{ env.SUO5_URL }}
+          curl -v ${{ env.SUO5_JSP_URL }}
           chmod +x ./suo5
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode full
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode half
 
   tongweb-test:
     name: TongWeb
@@ -171,7 +187,8 @@ jobs:
           - image: boyingking/tongweb-auto
             deploy: /home/tw6/tongweb6/applications/console/assets
     env:
-      SUO5_URL: http://127.0.0.1:9060/console/assets/suo5.jsp
+      SUO5_JSP_URL: http://127.0.0.1:9060/console/assets/suo5.jsp
+      SUO5_JSPX_URL: http://127.0.0.1:9060/console/assets/suo5.jspx
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions
@@ -185,12 +202,15 @@ jobs:
           docker ps -a
           bash ./.github/workflows/ready.sh http://127.0.0.1:9060 30
           sleep 10
-          curl -v ${{ env.SUO5_URL }}
+          curl -v ${{ env.SUO5_JSP_URL }}
           chmod +x ./suo5
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -no-gzip
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode full -no-gzip
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode half -no-gzip
-        
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -no-gzip
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode full -no-gzip
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode half -no-gzip
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -no-gzip
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode full -no-gzip
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode half -no-gzip
+  
 
   weblogic-test:
     name: Weblogic
@@ -212,7 +232,8 @@ jobs:
           - image: vulhub/weblogic:10.3.6.0-2017
             deploy: /root/Oracle/Middleware/user_projects/domains/base_domain/autodeploy/
     env:
-      SUO5_URL: http://127.0.0.1:7001/assets/suo5.jsp
+      SUO5_JSP_URL: http://127.0.0.1:7001/assets/suo5.jsp
+      SUO5_JSPX_URL: http://127.0.0.1:7001/assets/suo5.jspx
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions
@@ -235,11 +256,14 @@ jobs:
           bash ./.github/workflows/ready.sh http://127.0.0.1:7001 60
           docker cp ./assets/assets.war weblogic-test:${{ matrix.deploy }}
           sleep 10
-          curl -v ${{ env.SUO5_URL }}
+          curl -v ${{ env.SUO5_JSP_URL }}
           chmod +x ./suo5
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode full
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode half
 
   tomcat-test:
     name: Tomcat
@@ -283,22 +307,32 @@ jobs:
           - tomcat:10.1-jre17
         mount:
           - /usr/local/tomcat/webapps/ROOT/assets
+        jspx:
+          - true
         include:
           - image: nortthon/tomcat5
             mount: /opt/tomcat/webapps/ROOT/assets
+            jspx: true
           - image: consol/tomcat-4.1
             mount: /opt/tomcat/webapps/ROOT/assets
+            jspx: false
     env:
-      SUO5_URL: http://127.0.0.1:8080/assets/suo5.jsp
+      SUO5_JSP_URL: http://127.0.0.1:8080/assets/suo5.jsp
+      SUO5_JSPX_URL: http://127.0.0.1:8080/assets/suo5.jspx
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions
       - run: |
           set -ex
           docker run -it --rm -d -p8080:8080 -v ${{ github.workspace }}/assets:${{ matrix.mount }} ${{ matrix.image }}
-          bash ./.github/workflows/ready.sh ${{ env.SUO5_URL }} 30
-          curl -v ${{ env.SUO5_URL }}
+          bash ./.github/workflows/ready.sh ${{ env.SUO5_JSP_URL }} 30
+          curl -v ${{ env.SUO5_JSP_URL }}
           chmod +x ./suo5
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode full
-          ./suo5 -debug -t ${{ env.SUO5_URL }} -T https://www.bing.com -mode half
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode full
+          ./suo5 -debug -t ${{ env.SUO5_JSP_URL }} -T https://www.bing.com -mode half
+          if [ "${{ matrix.jspx }}" = "true" ]; then
+            ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com
+            ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode full
+            ./suo5 -debug -t ${{ env.SUO5_JSPX_URL }} -T https://www.bing.com -mode half
+          fi

CHANGELOG.md

@@ -1,5 +1,19 @@
 # 更新记录
 
+## [0.9.0] 2023.06-29
+
+- 增加脏数据跳过逻辑, 自动计算偏移 #11
+- 增加 `jspx` 形式的服务端, 通过全部中间件的测试 #31
+- 允许连接测试时的 `EOF` 的情况，解决部分 Listener 内存马连不上的问题
+
+### 修复
+- 修复上游代理对连接测试的这个请求不生效的问题
+
+## [0.8.0] 2023.05-23
+
+### 修复
+- 上一个版本因上游库忘记更新导致的连接超时问题 #28 #29
+
 ## [0.7.0] 2023-05-17
 
 ### 新增

README.md

@@ -55,7 +55,7 @@ USAGE:
    suo5 [global options] command [command options] [arguments...]
 
 VERSION:
-   v0.7.0
+   v0.9.0
 
 COMMANDS:
    help, h  Shows a list of commands or help for one command

README_EN.md

@@ -50,32 +50,33 @@ Windows 11 and MacOS already come with this component, other systems will have a
 ### Command line
 
 ```text
-NAME:
-   suo5 - A super http proxy tunnel
-
 USAGE:
    suo5 [global options] command [command options] [arguments...]
 
 VERSION:
-   v0.3.0
+   v0.9.0
 
 COMMANDS:
-   help, h Shows a list of commands or help for one command
+   help, h  Shows a list of commands or help for one command
 
 GLOBAL OPTIONS:
-   --target value, -t value set the remote server url, ex: http://localhost:8080/tomcat_debug_war_exploded/
-   --listen value, -l value set the listen address of socks5 server (default: "127.0.0.1:1111")
-   --method value, -m value http request method (default: "POST")
-   --no-auth disable socks5 authentication (default: true)
-   --auth value socks5 creds, username:password, leave empty to auto generate
-   --mode value connection mode, choices are auto, full, half (default: "auto")
-   --ua value the user-agent used to send request (default: "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.1.2.3")
-   --timeout value http request timeout in seconds (default: 10)
-   --buf-size value set the request max body size (default: 327680)
-   --proxy value use upstream socks5 proxy
-   --debug, -d debug the traffic, print more details (default: false)
-   --help, -h show help
-   --version, -v print the version
+   --target value, -t value                               set the remote server url, ex: http://localhost:8080/tomcat_debug_war_exploded/
+   --listen value, -l value                               set the listen address of socks5 server (default: "127.0.0.1:1111")
+   --method value, -m value                               http request method (default: "POST")
+   --redirect value, -r value                             redirect to the url if host not matched, used to bypass load balance
+   --no-auth                                              disable socks5 authentication (default: true)
+   --auth value                                           socks5 creds, username:password, leave empty to auto generate
+   --mode value                                           connection mode, choices are auto, full, half (default: "auto")
+   --ua value                                             the user-agent used to send request (default: "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.1.2.3")
+   --header value, -H value [ --header value, -H value ]  use extra header, ex -H 'Cookie: abc'
+   --timeout value                                        http request timeout in seconds (default: 10)
+   --buf-size value                                       set the request max body size (default: 327680)
+   --proxy value                                          use upstream proxy, support both socks5 and http(s), eg: socks5://127.0.0.1:7890
+   --debug, -d                                            debug the traffic, print more details (default: false)
+   --no-heartbeat, --nh                                   disable heartbeat to the remote server which will send data every 5s (default: false)
+   --no-gzip, --ng                                        disable gzip compression, which will improve compatibility with some old servers (default: false)
+   --help, -h                                             show help
+   --version, -v                                          print the version
 ```
 
 The command line version is exactly the same as the GUI version, You can refer to the GUI version to use it. The

assets/README.md

@@ -2,12 +2,13 @@
 
 > 注意：suo5.jsp 请勿放到编辑器格式化之类的，否则在 weblogic 等服务中可能会无法使用，主要是换行导致的。
 
-实战中推荐使用内存马的方式来加载, jsp 的方式容易被安全设备检测到。
 
-- `suo5.jsp` servlet 的实现
+- `suo5.jsp`
+- `suo5.jspx`
 - `Suo5Filter.java` 一个简易的 Filter 实现，可以改造后用于 Filter 型内存马注入
 
-如果想要其他版本的，可以利用 git 的 release tag 进入。
+实战中推荐使用内存马的方式来加载, 其次是 jspx，再然后是 jsp。 深度使用的同学建议自行修改部分特征以免流量被识别，在功能做完善之前安全对抗不是这个项目的发力点。
+
 
 ## 测试通过的中间件
 
@@ -17,4 +18,11 @@
 - Weblogic 10,12,14
 - Jboss 4,6
 - Jetty 9,10,11
-- WebSphere 8,9,22,23
+- WebSphere 8,9,22,23
+- Resin 4
+
+## 为何显示连接成功但无法使用？
+
+首先请确保使用的是最新版本，如果你遇到的环境是 `泛微OA(resin)`、`Jira(tomcat)` 等，请尝试使用内存马的版本，很多时候 jsp(x) 不行但是内存马是可以的。
+
+从根本上讲，有部分情况 `suo5` 是无法支持的，这并非是程序 bug，而是工作原理使然，`suo5` 要求目标的响应是流式的，如果目标中间件或是负载均衡对响应有缓存，这种只能使用传统代理来构建隧道了。