Java HttpURLConnection 使用弱密码进行连接
我正在开发 Java 中的漏洞扫描器,以检查允许使用弱密码套件进行连接的网站。例如,我会尝试使用 56 位“SSL_DHE_RSA_WITH_DES_CBC_SHA”(或其他弱密码)进行连接,如果我得到 200 OK,则该网站容易受到攻击。到目前为止,我的情况如下:
1- HttpURLConnection 在使用默认密码时始终工作良好,但如果我尝试使用“System.setProperty() 来设置弱密码,我要么得到“密码不支持的异常”(对于大多数情况)当我尝试连接()时,密码套件)或“连接被拒绝”异常。我知道连接被拒绝是我对不接受弱密码的网站的回答,但是如何获取实际的 http 响应标头(带有拒绝代码)而不是异常?
2-我实际上对在 SSL 级别(第 6 层)上查找漏洞不感兴趣,而是在 HTTP 级别(第 7 层)上查找漏洞,并且我知道 http 标头在某些情况下可能具有欺骗性,但我对此表示同意。
总之,我需要这样的东西仅适用于弱密码套件:
URL url = new URL(ip);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
con.connect();
System.out.println("Response Code : " + con.getResponseCode());
I am working on a vulnerability scanner in Java to check for websites that allow connections using weak cipher suites. So I would, for example, try to connect using 56 bits "SSL_DHE_RSA_WITH_DES_CBC_SHA" (or other weak ciphers) and if I get say 200 OK, the website is vulnerable. Here is where I am so far:
1- HttpURLConnection works good all the time with default ciphers but if I try to use "System.setProperty() to set a weak cipher, I either get "cipher not supported exception (for most of the cipher suites) or "connection rejected" exception when I try to connect(). I know connection rejected is my answer to the websites that don't accept weak ciphers, but how do I get the actual http reponse header (with rejection code) instead of the exception?
2- I am actually not interested in finding vulnerability on the SSL level (layer 6) but on HTTP level (layer 7) and I know that http header may be deceptive in some instances, but I am OK with that.
In summary, I need something like this to work for Weak Cipher Suites only:
URL url = new URL(ip);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
con.connect();
System.out.println("Response Code : " + con.getResponseCode());
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你不知道。 SSL 连接尚未形成,因此没有任何内容可供传输 HTTP 标头。您得到的是 SSLException。
此声明没有任何意义。该漏洞存在于 SSL 级别。在 SSL 连接完成之前,没有 HTTP(s) 级别的连接,但它会失败。
You don't. The SSL connection isn't formed so there is nothing for HTTP headers to be transmitted over. What you get is the SSLException.
This statement doesn't make any sense. The vulnerability exists at the SSL level. There is no HTTP(s)-level connection until the SSL connection is complete, and it fails instead.