cn-kali-team
commented
1 month ago 好像是个bug,没把body序列化成功,我更新一下,yaml这样写就可以了 等这个跑完就可以重新下载了,https://github.com/emo-crab/observer_ward/actions/runs/10954538367 感谢反馈
id: 0example
info:
name: 0example
author: cn-kali-team
tags: detect,tech,0example
severity: info
metadata:
product: 0example
vendor: 00_unknown
verified: true
http:
- method: POST
path:
- '{{BaseURL}}/doLogin'
headers:
Content-Type: application/x-www-form-urlencoded
body: "username=admin&password=admin"
matchers:
- type: word
words:
- "Set-Cookie: rememberMe=deleteMe"
case-insensitive: true
如下面的POST请求,服务器响应包返回了Set-Cookie: rememberMe=deleteMe; ,但是只有POST请求才会返回rememberMe,才能识别到这是一个shiro框架,但是我不知道怎么识别POST请求的指纹
POST /doLogin HTTP/1.0 Host: x.x.x.x Content-Length: 29 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=2A260DA9B747EA338FB38A6466836B75 Connection: close
username=admin&password=admin