• HTTP 指纹识别v0.1

    // Winhttp.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include <winhttp.h>
#include <comdef.h>
#pragma comment (lib,"Winhttp.lib")
BOOL request_http(wchar_t* Host,int port);
BOOL request_https(wchar_t* Host,int port);
struct  Plist
{
	wchar_t Host[65500];
	int port[7];
};

DWORD WINAPI	ThreadProc(LPVOID Lpparam)
{
	Plist *tp = (Plist*)Lpparam;
	int now_port;
	wchar_t Hostname[65500] = {0};
	for (int i =2;i<255;i++)
	{
		wsprintfW(Hostname,L"%s.%d",tp->Host,i);
		for (int j =0;j<7;j++)
		{
			now_port = tp->port[j];
			printf("[-]:ScannerIng Host:%S Port:%d
",Hostname,now_port);
			if (now_port == 443 || now_port == 8443)
			{
				request_https(Hostname,now_port);
			}else
			{
				request_http(Hostname,now_port);
			}
		}
	}
	return 0;
}

BOOL request_https(wchar_t* Host,int port)
{
	DWORD dwSize = 0;
	wchar_t* Servers;
	wchar_t* Power_by;
	DWORD dwDownloaded = 0;
	LPSTR pszOutBuffer = NULL;
	wchar_t* lpOutBuffer = NULL;
	BOOL bResults = FALSE;
	HINTERNET hSession = NULL,
		hConnect = NULL,
		hRequest = NULL;

	// Use WinHttpOpen to obtain a session handle.
	hSession = WinHttpOpen( L"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
		WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
		WINHTTP_NO_PROXY_NAME,
		WINHTTP_NO_PROXY_BYPASS, 0);

	WinHttpSetTimeouts( hSession, 5000, 5000, 5000, 5000);
	// Specify an HTTP server.
	if (hSession)
		hConnect = WinHttpConnect( hSession,Host, //test website:www.esafe.com.tw
		port, 0);

	// Create an HTTP request handle.
	if (hConnect)
		hRequest = WinHttpOpenRequest( hConnect, L"GET",L"/",
		NULL, WINHTTP_NO_REFERER,
		WINHTTP_DEFAULT_ACCEPT_TYPES,
		WINHTTP_FLAG_SECURE);

	DWORD options = SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
		SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
		SECURITY_FLAG_IGNORE_UNKNOWN_CA ;

	if( hRequest )
		bResults = WinHttpSetOption( hRequest, WINHTTP_OPTION_SECURITY_FLAGS ,
		(LPVOID)&options, sizeof (DWORD) );

	if(bResults == FALSE){
		printf("Error in WinHttpQueryOption WINHTTP_OPTION_SECURITY_FLAGS: %ld
",GetLastError());
	}

	if (hRequest)
		bResults = WinHttpSendRequest( hRequest,
		WINHTTP_NO_ADDITIONAL_HEADERS,
		0, WINHTTP_NO_REQUEST_DATA, 0,
		0, 0);
	if (bResults)
		bResults = WinHttpReceiveResponse( hRequest, NULL);

	if (bResults)
	{
		WinHttpQueryHeaders( hRequest, WINHTTP_QUERY_RAW_HEADERS_CRLF,
			WINHTTP_HEADER_NAME_BY_INDEX, NULL,
			&dwSize, WINHTTP_NO_HEADER_INDEX);

		// Allocate memory for the buffer.
		if( GetLastError( ) == ERROR_INSUFFICIENT_BUFFER )
		{
			lpOutBuffer = new WCHAR[dwSize/sizeof(WCHAR)];

			// Now, use WinHttpQueryHeaders to retrieve the header.
			bResults = WinHttpQueryHeaders( hRequest,
				WINHTTP_QUERY_RAW_HEADERS_CRLF,
				WINHTTP_HEADER_NAME_BY_INDEX,
				lpOutBuffer, &dwSize,
				WINHTTP_NO_HEADER_INDEX);
		}
	}
	if (bResults)
	{
		Power_by = wcsstr(lpOutBuffer,L"X-Powered-By:");
		if (Power_by != NULL)
		{
			for (int i =0;i<wcslen(Power_by);i++)
			{
				if (Power_by[i] == '
')
				{
					Power_by[i] = '';
				}
			}
		}
		Servers = wcsstr(lpOutBuffer,L"Server:");
		if (Servers != NULL)
		{
			for (int j=0;j<wcslen(Servers);j++)
			{
				if (Servers[j] == '
')
				{
					Servers[j] = '';
				}
			}
		}
		printf("[+]:Host:%S Port:%d %S %S
",Host,port,Servers,Power_by);
		delete[] lpOutBuffer;
	}

	if (!bResults)
	{
		//printf("Error in :%d.
",GetLastError());
		return FALSE;
	}

	if( hRequest ) WinHttpCloseHandle( hRequest );
	if( hConnect ) WinHttpCloseHandle( hConnect );
	if( hSession ) WinHttpCloseHandle( hSession );
	return TRUE;
}

BOOL request_http(wchar_t* Host,int port)
{
	DWORD dwSize = 0;
	wchar_t* Servers_head = NULL;
	wchar_t* Powered_head = NULL;
	wchar_t* lpOutBuffer = NULL;
	BOOL  bResults = FALSE;
	HINTERNET hSession = NULL,hConnect = NULL,hRequest = NULL;

	// Use WinHttpOpen to obtain a session handle.
	hSession = WinHttpOpen(  L"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
		WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
		WINHTTP_NO_PROXY_NAME,
		WINHTTP_NO_PROXY_BYPASS, 0);
	
	WinHttpSetTimeouts( hSession, 5000, 5000, 5000, 5000); //settimeout
	// Specify an HTTP server.
	if (hSession)
		hConnect = WinHttpConnect( hSession, Host,
		port, 0);

	// Create an HTTP request handle.
	if (hConnect)
		hRequest = WinHttpOpenRequest( hConnect, L"GET", NULL,
		NULL, WINHTTP_NO_REFERER,
		WINHTTP_DEFAULT_ACCEPT_TYPES,
		0);

	// Send a request.
	if (hRequest)
		bResults = WinHttpSendRequest( hRequest,
		WINHTTP_NO_ADDITIONAL_HEADERS,
		0, WINHTTP_NO_REQUEST_DATA, 0,
		0, 0);

	// End the request.
	if (bResults)
		bResults = WinHttpReceiveResponse( hRequest, NULL);

	// First, use WinHttpQueryHeaders to obtain the size of the buffer.
	if (bResults)
	{
		WinHttpQueryHeaders( hRequest, WINHTTP_QUERY_RAW_HEADERS_CRLF,
			WINHTTP_HEADER_NAME_BY_INDEX, NULL,
			&dwSize, WINHTTP_NO_HEADER_INDEX);

		// Allocate memory for the buffer.
		if( GetLastError( ) == ERROR_INSUFFICIENT_BUFFER )
		{
			lpOutBuffer = new WCHAR[dwSize/sizeof(WCHAR)];

			// Now, use WinHttpQueryHeaders to retrieve the header.
			bResults = WinHttpQueryHeaders( hRequest,
				WINHTTP_QUERY_RAW_HEADERS_CRLF,
				WINHTTP_HEADER_NAME_BY_INDEX,
				lpOutBuffer, &dwSize,
				WINHTTP_NO_HEADER_INDEX);
		}
	}

	// Print the header contents.
	if (bResults)
	{
	//	Powered_head = wcsstr(lpOutBuffer,L"X-Powered-By:");
		Powered_head = wcsstr(lpOutBuffer,L"X-Powered-By:");
		if (Powered_head != NULL)
		{
			for (int i =0;i<wcslen(Powered_head);i++)
			{
				if (Powered_head[i] == '
')
				{
					Powered_head[i] = '';
				}
			}
		}
		Servers_head = wcsstr(lpOutBuffer,L"Server:");
		if (Servers_head != NULL)
		{
			for (int j=0;j<wcslen(Servers_head);j++)
			{
				if (Servers_head[j] == '
')
				{
					Servers_head[j] = '';
				}
			}
		}
		printf("[+]:Host:%S Port:%d %S %S
",Host,port,Servers_head,Powered_head);
		delete [] lpOutBuffer;
	}

	// Report any errors.
	if (!bResults)
		//printf("Host:%S Port:%d Close 
",Host,port);
		;

	// Close any open handles.
	if (hRequest) WinHttpCloseHandle(hRequest);
	if (hConnect) WinHttpCloseHandle(hConnect);
	if (hSession) WinHttpCloseHandle(hSession);
	return TRUE;
}

void Usage(wchar_t* prog)
{
	printf("[*]:%S Usage-> Hostname Host->Port.
",prog);
	printf("[*]:%S Usage-> Http -> Headers.
",prog);
	printf("[*]:90Sec Security Team@Agile.
");
}

int wmain(int argc,wchar_t* argv[])
{
	HANDLE Hthread;
	Plist tp; //struct 
	if (argc != 2)
	{
		Usage(argv[0]);
		return 0;
	}
	lstrcpyW(tp.Host,argv[1]);
	//printf("tp Host = %S.
",tp.Host);

	tp.port[0] = 80;
	tp.port[1] = 8080;
	tp.port[2] = 8000;
	tp.port[3] = 8090;
	tp.port[4] = 8888;
	tp.port[5] = 443;
	tp.port[6] = 8443;

	Hthread = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)ThreadProc,&tp,0,NULL);
	if (Hthread == INVALID_HANDLE_VALUE)
	{
		printf("Create Thread Error.
");
		return 0;
	}else
	{
		;//printf("Create Thread suscess.
");
	}

	WaitForSingleObject(Hthread,INFINITE);
	CloseHandle(Hthread);
	return 0;
}

      
  • 相关阅读:
    装载:深入理解拉格朗日乘子法(Lagrange Multiplier) 和KKT条件
    装载: Matlab 提取矩阵 某一行 或者 某一列 的方法
    编码规范的作用
    转载:奇异值分解(SVD) --- 线性变换几何意义(下)
    转载:奇异值分解(SVD) --- 线性变换几何意义(上)
    转载:LBP代码详细注释
    转载:纹理分类(一)全局特征
    转载:LBP的初步理解
    转载:双线性插值
    Matlab位运算操作
  • 原文地址:https://www.cnblogs.com/killbit/p/4608421.html
Copyright © 2020-2023  润新知