📄 msessionidmanager.java

📁 httptunnel.jar httptunnel java 源码
💻 JAVA
📖 第 1 页 / 共 2 页
字号:
上一页 12
					
					//sqlQueue.executeSql();
					sqlQueue.clear();
					}
				catch( SQLException e )
					{
					throw new IOException( e.getMessage() );
					}
				}
			}
		}
	}
return pluginResult;
}
//--------------------------------------------------------------------------------
private boolean executeRealTimeDetection( Connection connection, String clientIp, String host, String paramName, String paramValue, String userAgent )
throws IOException, SQLException
{
	// check brute force
String queryString =
"SELECT COUNT(*) AS c FROM tState WHERE ( ip = ? ) and ( host = ? ) AND ( paramName = ? ) AND ( userAgent = ? )";
MObjectArray args = new MObjectArray();
args.add( clientIp );
args.add( host );
args.add( paramName );
args.add( userAgent );
int count = MSqlUtil.getInt2( connection, queryString, args );
if( count > bruteForceThreshold )
	{
	bruteForceAttackDetected( count, clientIp, host, paramName, userAgent, sqlQueue );
	if( block )
		{
		return true;
		}
	}

	// check different ip ( ignore userAgent )
queryString =
"SELECT COUNT(*) FROM tState WHERE ( ip != ? ) AND ( host = ? ) AND ( paramName = ? ) AND ( paramValue = ? )";
args = new MObjectArray();
args.add( clientIp );
args.add( host );
args.add( paramName );
args.add( paramValue );
count = MSqlUtil.getInt2( connection, queryString, args );
if( count > 0 )
	{
	differentSourceAttackDetected( host, paramName, paramValue, "ip", sqlQueue );
	if( block )
		{
		return true;
		}
	}

	// check different userAgent( ignore ip )
queryString =
"SELECT COUNT(*) FROM tState WHERE ( userAgent != ? ) AND ( host = ? ) AND ( paramName = ? ) AND ( paramValue = ? )";
args = new MObjectArray();
args.add( userAgent );
args.add( host );
args.add( paramName );
args.add( paramValue );
count = MSqlUtil.getInt2( connection, queryString, args );
if( count > 0 )
	{
	differentSourceAttackDetected( host, paramName, paramValue, "userAgent", sqlQueue );
	if( block )
		{
		return true;
		}
	}

return false;
}
//--------------------------------------------------------------------------------
public void bruteForceAttackDetected( int count, String ip, String host, String paramName, String userAgent, MSqlQueue tmpSqlQueue )
throws IOException, SQLException
{
	// alert
String logId = System.currentTimeMillis() + "_" + logIndex;
logIndex++;
StringBuffer s = new StringBuffer( LOG_BUF_SIZE );
s.append( MSession.SEC_LOG_PREFIX );
s.append( ip );
s.append( "::PLUGIN:" );
s.append( MSessionIdManager.class.getName() );
s.append( ":BRUTE_FORCE_ATTACK:" );
s.append( count );
s.append( "/" );
s.append( host );
s.append( "/" );
s.append( paramName );
s.append( "/" );
s.append( userAgent );
s.append( ":" );
s.append( logId );
logger.log( s.toString() );

	// save to file
String queryString =
"SELECT * FROM tState WHERE ip = ? AND host = ? AND paramName = ? AND userAgent = ? ORDER BY t ASC";
MObjectArray args = new MObjectArray();
args.add( ip );
args.add( host );
args.add( paramName );
args.add( userAgent );
ResultSet rs = MSqlUtil.executeQuery2( connection, queryString, args );
log( logId, rs );
rs.close();

	// execute command
execCommand( logId, "BRUTE_FORCE_ATTACK" );

	// execute later
queryString =
"DELETE FROM tState WHERE ip = ? AND host = ? AND paramName = ? AND userAgent = ?";
tmpSqlQueue.putSql( queryString, args );
}
//--------------------------------------------------------------------------------
public void differentSourceAttackDetected( String host, String paramName, String paramValue, String source, MSqlQueue tmpSqlQueue )
throws SQLException, IOException
{
	// alert
String logId = System.currentTimeMillis() + "_" + logIndex;
logIndex++;
StringBuffer s = new StringBuffer( LOG_BUF_SIZE );
s.append( MSession.SEC_LOG_PREFIX );
s.append( ":::PLUGIN:" );
s.append( MSessionIdManager.class.getName() );
s.append( ":SAME_ID_FROM_DIFFERENT_" );
s.append( source.toUpperCase() );
s.append( ":" );
s.append( host );
s.append( "/" );
s.append( paramName );
s.append( "/" );
s.append( paramValue );
s.append( ":" );
s.append( logId );
logger.log( s.toString() );

	// save to file
String queryString =
"SELECT * FROM tState WHERE host = ? AND paramName = ? AND paramValue = ? ORDER BY t ASC";
MObjectArray args = new MObjectArray();
args.add( host );
args.add( paramName );
args.add( paramValue );
ResultSet rs = MSqlUtil.executeQuery2( connection, queryString, args );
log( logId, rs );
rs.close();

	// execute command
execCommand( logId, "DIFFERENT_" + source.toUpperCase() );

	// execute later
queryString =
"DELETE FROM tState WHERE host = ? AND paramName = ? AND paramValue = ?";
tmpSqlQueue.putSql( queryString, args );
}
//--------------------------------------------------------------------------------
private List getParameterPairList( MHttpRequest request )
throws IOException
{
List parameterPairList = new ArrayList();

	// From cookie
String cookie = request.getHeaderValue( "Cookie" );
if( cookie != null )
	{
	String[] array = cookie.split( "[;,]{1} {0,}" );
	addToParameterPairList( parameterPairList, array, false );
	}

	// From params
MRequestUri uri = new MRequestUri( request.getUri() );
String params = uri.getParams();
if( !params.equals( "" ) )
	{
	String[] array = params.split( ";" );
	addToParameterPairList( parameterPairList, array, true );
	}

	// From query in URI
String queryInUri = uri.getQuery();
if( !queryInUri.equals( "" ) )
	{
	String[] array = queryInUri.split( "&" );
	addToParameterPairList( parameterPairList, array, true );
	}

	// From query in request body
if( request.hasBody() 
 && request.headerExists( "Content-Type" )
  )
	{
	String contentType = request.getHeaderValue( "Content-Type" );
	if( contentType.equalsIgnoreCase( "application/x-www-form-urlencoded" ) )
		{
		String queryInBody = MStreamUtil.streamToString( request.getBodyInputStream() );
		String[] array = queryInBody.split( "&" );
		addToParameterPairList( parameterPairList, array, true );
		}
	}

return parameterPairList;
}
//--------------------------------------------------------------------------------
private void addToParameterPairList( List parameterPairList, String[] array, boolean urlDecode )
{
for( int i = 0; i < array.length; ++i )
	{
	String[] array2 = array[ i ].split( "=" );
	if( array2.length == 2 )
		{
		String key   = array2[ 0 ];
		String value = array2[ 1 ];
		if( urlDecode )
			{
			key   = MStringUtil.urlDecode( key );
			value = MStringUtil.urlDecode( value );
			}
		parameterPairList.add( new MPair( key, value ) );
		}
	}
}
//--------------------------------------------------------------------------------
private int executeUpdate( String queryString, MObjectArray args )
throws IOException
{
int ret = 0;
try
	{			
	ret = MSqlUtil.executeUpdate2( connection, queryString, args );
	}
catch( SQLException e )
	{
	e.printStackTrace();
	throw new IOException( e.getMessage() );
	}
return ret;
}

//--------------------------------------------------------------------------------
private void execCommand( String logId, String alertName )
throws IOException
{
if( !command.equals( "" )
 && !command.equals( "none" )
  )
	{
	String tmpCommand = command;
	tmpCommand = MStringUtil.replaceAll( tmpCommand, "%logId", logId );
	tmpCommand = MStringUtil.replaceAll( tmpCommand, "%logDirName", logDirName );
	tmpCommand = MStringUtil.replaceAll( tmpCommand, "%alertName", alertName );
	Runtime.getRuntime().exec( tmpCommand );
	}
}
//--------------------------------------------------------------------------------
private void log( String logId, ResultSet rs )
throws SQLException, IOException
{
File logDir = new File( logDirName );
BufferedOutputStream out = new BufferedOutputStream( new FileOutputStream( logDir.getCanonicalPath() + "/" + logId ) );

while( rs.next() )
	{
	String ip = rs.getString( "ip" );

	out.write( rs.getString( "t" ).getBytes( MCharset.CS_ISO_8859_1 ) );
	out.write( '\t' );
	out.write( ip.getBytes( MCharset.CS_ISO_8859_1 ) );
	out.write( '\t' );
	out.write( resolver.lookup( ip, WAIT_TIME ).getBytes( MCharset.CS_ISO_8859_1 ) );
	out.write( '\t' );
	out.write( rs.getString( "host" ).getBytes( MCharset.CS_ISO_8859_1 ) );
	out.write( '\t' );
	out.write( rs.getString( "paramname" ).getBytes( MCharset.CS_ISO_8859_1 ) );
	out.write( '\t' );
	out.write( rs.getString( "paramvalue" ).getBytes( MCharset.CS_ISO_8859_1 ) );
	out.write( '\t' );
	out.write( rs.getString( "useragent" ).getBytes( MCharset.CS_ISO_8859_1 ) );
	out.write( '\n' );
	}
out.flush();
out.close();
}
//--------------------------------------------------------------------------------
public void update()
{
time ++;
if( time >= interval )
	{
	MIntervalCommand command = new MIntervalCommand( connection );
	MGuardianImpl.getInstance().getThreadPool().addCommand( command );
	time = 0;
	}
}
//--------------------------------------------------------------------------------
public void shutdown()
{
try
	{
	connection.close();
	}
catch( SQLException e )
	{
	e.printStackTrace();
	}
}
//--------------------------------------------------------------------------------
}
上一页 12
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -