感谢whami-root提交的pr，1、增加自定义请求头、post参数。2、优化post型shiro的探测和利用。

Author: SummerSec

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>org.example</groupId>
     <artifactId>shiro_attack</artifactId>
-    <version>4.5.3-SNAPSHOT</version>
+    <version>4.5.4-SNAPSHOT</version>
     <build>
         <plugins>
             <plugin>

src/main/java/com/summersec/attack/UI/MainController.java

@@ -47,6 +47,10 @@ public class MainController {
     @FXML
     private ComboBox<String> methodOpt;
     @FXML
+    private TextField globalHeader;
+    @FXML
+    private TextField post_data;
+    @FXML
     private TextField shiroKeyWord;
     @FXML
     private TextField targetAddress;
@@ -209,8 +213,17 @@ public void initAttack() {
         String shiroKeyWordText = this.shiroKeyWord.getText();
         String targetAddressText = this.targetAddress.getText();
         String httpTimeoutText = this.httpTimeout.getText();
+        //自定义请求头
+        Map<String, String> myheader= new HashMap<>() ;
+        if(!this.globalHeader.getText().equals("")) {
+            String header[] = this.globalHeader.getText().split(":",2);
+//        myheader(this.globalHeader.getText() -> this.globalHeader.getText().split(":"))
+            myheader.put(header[0], header[1]);
+        }
+//        this.globalHeader = myheader
+        String postData = (String)this.post_data.getText();
         String reqMethod = (String)this.methodOpt.getValue();
-        this.attackService = new AttackService(reqMethod, targetAddressText, shiroKeyWordText, httpTimeoutText);
+        this.attackService = new AttackService(reqMethod, targetAddressText, shiroKeyWordText, httpTimeoutText,myheader,postData);
         if (this.aesGcmOpt.isSelected()) {
             AttackService.aesGcmCipherType = 1;
         } else {
@@ -225,6 +238,7 @@ public void initContext() {
     }
 
     public void initComBoBox() {
+//        ObservableList<String> methods = FXCollections.observableArrayList(new String[]{"GET", "POST","复杂请求"});
         ObservableList<String> methods = FXCollections.observableArrayList(new String[]{"GET", "POST"});
         this.methodOpt.setPromptText("GET");
         this.methodOpt.setValue("GET");
@@ -294,8 +308,10 @@ private void initToolbar() {
             typeCombo.getSelectionModel().select(0);
             Label IPLabel = new Label("IP地址：");
             TextField IPText = new TextField();
+            IPText.setText("127.0.0.1");
             Label PortLabel = new Label("端口：");
             TextField PortText = new TextField();
+            PortText.setText("8080");
             Label userNameLabel = new Label("用户名：");
             TextField userNameText = new TextField();
             Label passwordLabel = new Label("密码：");

src/main/java/com/summersec/attack/core/AttackService.java

@@ -1,7 +1,3 @@
-//
-// Source code recreated from a .class file by IntelliJ IDEA
-// (powered by Fernflower decompiler)
-//
 
 package com.summersec.attack.core;
 
@@ -50,15 +46,19 @@ public class AttackService {
     public static String gadget = null;
     public static String realShiroKey = null;
     public static Map<String, String> globalHeader = null;
+    public static String postData = null;
     private final MainController mainController;
     public int flagCount = 0;
 
-    public AttackService(String method, String url, String shiroKeyWord, String timeout) {
+    public AttackService(String method, String url, String shiroKeyWord, String timeout, Map<String, String> globalHeader, String postData) {
         this.mainController = (MainController)ControllersFactory.controllers.get(MainController.class.getSimpleName());
         this.url = url;
         this.method = method;
         this.timeout = Integer.parseInt(timeout) * 1000;
         this.shiroKeyWord = shiroKeyWord;
+        this.globalHeader = globalHeader;
+        this.postData = postData;
+
     }
 
     public HashMap<String, String> getCombineHeaders(HashMap<String, String> header) {
@@ -78,15 +78,20 @@ public String headerHttpRequest(HashMap<String, String> header) {
         HashMap combineHeaders = this.getCombineHeaders(header);
         Proxy proxy = (Proxy)MainController.currentProxy.get("proxy");
         try {
-            result = cn.hutool.http.HttpUtil.createRequest(Method.valueOf(this.method),this.url).setProxy(proxy).headerMap(combineHeaders,true).setFollowRedirects(false).execute().toString();
-            if (result.contains("Host")){
+/*            result = cn.hutool.http.HttpUtil.createRequest(Method.valueOf(this.method),this.url).setProxy(proxy).headerMap(combineHeaders,true).setFollowRedirects(false).execute().toString();
+            return result;*/
+/*            if (result.contains("Host")){
                 return result;
-            }
+            }*/
             if (this.method.equals("GET")) {
-                result = HttpUtil.getHeaderByHttpRequest(this.url, "UTF-8", combineHeaders, this.timeout);
+                result = cn.hutool.http.HttpUtil.createRequest(Method.valueOf(this.method),this.url).setProxy(proxy).headerMap(combineHeaders,true).setFollowRedirects(false).execute().toString();
 
             } else {
-                result = HttpUtil.postHeaderByHttpRequest(this.url, "UTF-8", "", combineHeaders, this.timeout);
+//                result = HttpUtil.postHeaderByHttpRequest(this.url, "UTF-8", this.postData, combineHeaders, this.timeout);
+//                result = bodyHttpRequest(combineHeaders, this.postData);
+                result = HttpUtil.postHttpReuest(this.url, this.postData, "UTF-8", combineHeaders, "application/x-www-form-urlencoded", this.timeout);
+                System.out.println(result);
+
             }
         } catch (Exception var5) {
             this.mainController.logTextArea.appendText(Utils.log(var5.getMessage()));

src/main/java/com/summersec/attack/utils/HttpUtil.java

@@ -246,7 +246,9 @@ public static String httpRequestAddHeader(String requestUrl, int timeOut, String
                 }
 
                 inputStream = ((URLConnection)httpUrlConn).getInputStream();
-                result = readString(inputStream, encoding);
+//                result = readString(inputStream, encoding);
+                Map<String, List<String>> inputStreamHeaders = ((URLConnection)httpUrlConn).getHeaderFields();
+                result = inputStreamHeaders.toString()+readString(inputStream, encoding);
                 String var30 = result;
                 return var30;
             } catch (IOException var23) {