JAVA-Exploit编写(2)--HttpClient库使用
目录
1. HttpClient简介
1.1 Apache HttpClient 特性
1.2 Apache HttpClient 使用流程
2. 依赖导入
3. HttpClient属性
4. GET方式请求
4.1 test2.php
4.2 不携带参数请求
4.3 携带参数提交
4.4 支持URIBuilder对象的使用
5. POST请求
5.1 test3.php
5.2 单个参数提交
5.3 多个参数提交
5.4 设置请求的配置信息
6. 设置代理访问
6.1 test4.php
6.2 在配置中添加代理
7. 处理异常
1. HttpClient简介
Httpclient是客户端的http通信实现库,这个类库的作用是接收和发送http报文,使用这个类库,它相比传统的HttpURLConnection增加了灵活性和易用性,对与http的操作会简单一些
Httpclient 支持了在 HTTP /1.1 规范中定义的所有 HTTP 方法:GET,HEAD.POST, PUT, DELETETRACE和 OPTIONS。对于每个方法类型,都有一个特定的类来支持:HttpGet, HttpHead,HttpPost,HttpPut, HttpDelete和 HttpOptions.
1.1 Apache HttpClient 特性
基于标准、纯净的 Java 语言。实现了 HTTP 1.0 和 HTTP 1.1
以可扩展的面向对象的结构实现了 HTTP 全部的方法(GET, POST,PUT,DELETE,HEAD, OPTIONS,andTRACE)。
支持 HTTPS 协议。
通过 HTTP 代理建立透明的连接。
利用 CONNECT 方法通过 HTTP 代理建立隧道的 HITPS 连接。Basic, Digest, NTLMV1, NTLMV2, NTLM2 Session, SNPNEGO/Kerberos 认证方案,中便携可靠的套接字工厂使它更容易的使用第三方解决力案。连接管埋器支持多线程应用。支持设置最大连接数,同时支持设置每个主机的最大连接数,发现并关闭过期的连接.
插件式的白定义认证方案。
自动处理 Set-cookie 中的 Cookie。
插件式的自定义 Cookie 策略。
Request 的输出流可以避免流中内容直接缓冲到 Socket 服务器.
Response 的输入流可以有效的从 Socket 服务器直接读取相应内容。
在 HTTP 1.0 和 HTTP 1.1 中利用 KeepAlive 保持持久连接。
直接获取服务器发送的 response code 和 headers。
设置连接超时的能力。
实验性的支持 HTTP 1.1 response caching。
源代码基于 Apache License 可免费获取。
1.2 Apache HttpClient 使用流程
使用 Httpclient 发送请求、接收响应很简单,一般需要如下几步即:
创建HttpClient 对象
创建请求方法的实例,并指定请求 URL.如果需要发送 GET 请求,创建 HttpGet 对象;如果需要发送POST 请求,创建 HttpPost 对象。
如果需要发送请求参数,可调用 HttpGet、HttpPost 共同的 setParams(HttpParams params)方法来添加请求参数;对于 HttpPost 对象而言,也可调用,setEntity()
调用HttpClient 对象excute()发送请求,该请求会返回一个HttpResponse对象
调用 HttpResponse 的 getAllHeaders0)、getHeaders(String name)等方法可获取服务器的响应头;调用HttpResponse 的 getEntity() 方法可获取 HttpEntity 对象,该对象包装了服务器的响应内容。程序可通过该对象获取服务器的响应内容。
释放连接。无论执行方法是否成功,都必须释放连接
2. 依赖导入
在创建项目时,通过Maven进行构建.
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.8</version>
</dependency>3. HttpClient属性
//创建什么方法就new什么对象
new HttpGet()
new HttpPost()
//创建一个HttpGet对象
HttpGet httpGet = new HttpGet(urlstr);
//设置请求的参数(需要什么设置什么)
httpGet.setHeader("Content-Type","application/json");
httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0); Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3");
//发送请求
CloseableHttpResponse response = httpClient.execute(httpGet);
if(response.getStatusLine().getStatusCode() == 200){
// 获得响应的正文
response.getEntity();
//获取响应实体
res = EntityUtils.toString(response.getEntity());
}
return res;
}4. GET方式请求
4.1 test2.php
<?php
var_dump($_GET);4.2 不携带参数请求
package com.deger;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
public class HttpclientTest {
public static void main(String[] args) throws IOException {
System.out.println(doget("http://127.0.0.1/test2.php?username=hacker"));
}
public static String doget(String urlstr) throws IOException {
//接收值
String res = null;
//HttpClients对象
CloseableHttpClient httpClient = HttpClients.createDefault();
//创建一个HttpGet对象
HttpGet httpGet = new HttpGet(urlstr);
new HttpPost();
//设置请求头
httpGet.setHeader("Content-Type","application/json");
httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0); Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3");
//发送请求
CloseableHttpResponse response = httpClient.execute(httpGet);
if(response.getStatusLine().getStatusCode() == 200){
// 获得响应的正文
response.getEntity();
//获取响应实体
res = EntityUtils.toString(response.getEntity());
}
return res;
}
}
4.3 携带参数提交
//增加了在参数列表中的值,以及在
package com.deger;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
public class HttpclientTest {
public static void main(String[] args) throws IOException {
// System.out.println(doget("http://127.0.0.1/test2.php?username=hacker"));
System.out.println(doget("http://127.0.0.1/test2.php","hacker"));
}
public static String doget(String urlstr,String params) throws IOException {
//接收值
String res = null;
//HttpClients对象
CloseableHttpClient httpClient = HttpClients.createDefault();
//创建一个HttpGet对象
// HttpGet httpGet = new HttpGet(urlstr);
//携带参数提交
HttpGet httpGet = new HttpGet(urlstr + "?"+ params);
new HttpPost();
//设置请求头
httpGet.setHeader("Content-Type","application/json");
httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0); Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3");
//发送请求
CloseableHttpResponse response = httpClient.execute(httpGet);
if(response.getStatusLine().getStatusCode() == 200){
// 获得响应的正文
response.getEntity();
//获取响应实体
res = EntityUtils.toString(response.getEntity());
}
return res;
}
}
4.4 支持URIBuilder对象的使用
URIBuilder uri = new URIBuilder();
//URIBuilder对象
URIBuilder uri = new URIBuilder(urlstr);
uri.addParameter("age","20");
//携带参数提交
// HttpGet httpGet = new HttpGet(urlstr + "?" + params);
HttpGet httpGet = new HttpGet(uri.build());
5. POST请求
5.1 test3.php
<?php
var_dump($_POST);5.2 单个参数提交
public static String dopost(String urlstr) throws IOException, URISyntaxException {
//接收值
String res = null;
//HttpClients对象
CloseableHttpClient httpClient = HttpClients.createDefault();
//创建一个HttpGet对象
// HttpGet httpGet = new HttpGet(urlstr);
//URIBuilder对象
URIBuilder uri = new URIBuilder(urlstr);
//携带参数提交
HttpPost httpPost = new HttpPost(uri.build());
//设置请求头
httpPost.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0); Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3");
httpPost.setHeader("Content-Type","application/json");
httpPost.setHeader("Content-Type","application/x-www-form-urlencoded");
ArrayList<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair("name","hacker"));
//转为form表单的编码数据
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(params,"UTF-8");
//设置实体正文
httpPost.setEntity(entity);
//发送请求
CloseableHttpResponse response = httpClient.execute(httpPost);
if(response.getStatusLine().getStatusCode() == 200){
// 获得响应的正文
response.getEntity();
//获取响应实体
res = EntityUtils.toString(response.getEntity());
}
return res;
}
5.3 多个参数提交
public static void main(String[] args) throws Exception {
// System.out.println(doget("http://127.0.0.1/test2.php?username=hacker"));
// System.out.println(doget("http://127.0.0.1/test2.php","hacker"));
//批量传递参数值
Map<String, String> map = new HashMap<>();
map.put("username","hacker");
map.put("age","20");
System.out.println(dopost("http://127.0.0.1/test3.php",map));
}public static String dopost(String urlstr, Map<String,String> queryMap) throws IOException, URISyntaxException {
//接收值
String res = null;
//HttpClients对象
CloseableHttpClient httpClient = HttpClients.createDefault();
//URIBuilder对象
URIBuilder uri = new URIBuilder(urlstr);
//携带参数提交
HttpPost httpPost = new HttpPost(uri.build());
//设置请求头
httpPost.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0); Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3");
httpPost.setHeader("Content-Type","application/json");
httpPost.setHeader("Content-Type","application/x-www-form-urlencoded");
ArrayList<NameValuePair> params = new ArrayList<>();
for (Map.Entry<String, String> query : queryMap.entrySet()) {
params.add(new BasicNameValuePair(query.getKey(), query.getValue()));
}
//转为form表单的编码数据
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(params,"UTF-8");
//设置实体正文
httpPost.setEntity(entity);
//发送请求
CloseableHttpResponse response = httpClient.execute(httpPost);
if(response.getStatusLine().getStatusCode() == 200){
// 获得响应的正文
response.getEntity();
//获取响应实体
res = EntityUtils.toString(response.getEntity());
}
return res;
}
5.4 设置请求的配置信息
//URIBuilder对象
URIBuilder uri = new URIBuilder(urlstr);
//设置请求的链接信息
RequestConfig config = RequestConfig.custom()
//请求的连接超时时间
.setConnectTimeout(5000)
//设置socket的超时时间
.setSocketTimeout(5000)
//获取链接的最长时间 连接池
.setConnectionRequestTimeout(5000)
.build();
//携带参数提交
HttpPost httpPost = new HttpPost(uri.build());
//设置配置信息
httpPost.setConfig(config);
6. 设置代理访问
6.1 test4.php
<?php
var_dump($_GET);
var_dump($_POST);6.2 在配置中添加代理
//设置代理访问
HttpHost proxy = new HttpHost("127.0.0.1", 8888);
RequestConfig config = RequestConfig.custom()
//请求的连接超时时间
.setConnectTimeout(5000)
//设置socket的超时时间
.setSocketTimeout(5000)
//获取链接的最长时间 连接池
.setConnectionRequestTimeout(5000)
//设置代理
.setProxy(proxy)
.build();
httpGet.setConfig(config);还是在burp中增加一个代理,然后抓包
7. 处理异常
将使用频繁的对象在开始时进行创建并赋值,在后续使用中较为方便,通过try-catch处理异常.
CloseableHttpClient httpClient = null;
CloseableHttpResponse response = null;
package com.deger;
import org.apache.http.HttpHost;
import org.apache.http.NameValuePair;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
public class HttpclientTryCatch {
public static void main(String[] args) throws Exception {
// System.out.println(doget("http://127.0.0.1/test2.php?username=hacker"));
System.out.println(doget("http://127.0.0.1/test0.php","name=hacker"));
//批量传递参数值
Map<String, String> map = new HashMap<>();
map.put("username","hacker");
map.put("age","20");
System.out.println(dopost("http://127.0.0.1/test0.php",map));
}
public static String doget(String urlstr,String params) {
//接收值
String res = null;
CloseableHttpClient httpClient = null;
CloseableHttpResponse response = null;
//HttpClients对象
httpClient = HttpClients.createDefault();
//创建一个HttpGet对象
HttpGet httpGet = new HttpGet(urlstr +"?"+ params);
//设置代理访问
HttpHost proxy = new HttpHost("127.0.0.1", 8888);
RequestConfig config = RequestConfig.custom()
//请求的连接超时时间
.setConnectTimeout(5000)
//设置socket的超时时间
.setSocketTimeout(5000)
//获取链接的最长时间 连接池
.setConnectionRequestTimeout(5000)
//设置代理
.setProxy(proxy)
.build();
httpGet.setConfig(config);
//设置请求头
httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0); Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3");
httpGet.setHeader("Content-Type","application/json");
//发送请求
try {
response = httpClient.execute(httpGet);
if(response.getStatusLine().getStatusCode() == 200){
// 获得响应的正文
response.getEntity();
//获取响应实体
res = EntityUtils.toString(response.getEntity());
}
} catch (IOException e) {
e.printStackTrace();
}finally {
try {
//关闭资源
response.close();
httpClient.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return res;
}
public static String dopost(String urlstr, Map<String,String> queryMap) throws IOException, URISyntaxException {
//接收值
String res = null;
//HttpClients对象
CloseableHttpClient httpClient = HttpClients.createDefault();
//URIBuilder对象
URIBuilder uri = new URIBuilder(urlstr);
//设置请求的链接信息
RequestConfig config = RequestConfig.custom()
//请求的连接超时时间
.setConnectTimeout(5000)
//设置socket的超时时间
.setSocketTimeout(5000)
//获取链接的最长时间 连接池
.setConnectionRequestTimeout(5000)
.build();
//携带参数提交
HttpPost httpPost = new HttpPost(uri.build());
//请求的配置信息
httpPost.setConfig(config);
//设置请求头
httpPost.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0); Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3");
httpPost.setHeader("Content-Type","application/json");
httpPost.setHeader("Content-Type","application/x-www-form-urlencoded");
ArrayList<NameValuePair> params = new ArrayList<>();
for (Map.Entry<String, String> query : queryMap.entrySet()) {
params.add(new BasicNameValuePair(query.getKey(), query.getValue()));
}
//转为form表单的编码数据
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(params,"UTF-8");
//设置实体正文
httpPost.setEntity(entity);
//发送请求
CloseableHttpResponse response = httpClient.execute(httpPost);
if(response.getStatusLine().getStatusCode() == 200){
// 获得响应的正文
response.getEntity();
//获取响应实体
res = EntityUtils.toString(response.getEntity());
}
return res;
}
}
