怎么对单个POST请求的响应信息进行指纹识别？

Question

怎么对单个POST请求的响应信息进行指纹识别？

hailan09 opened this issue 3 months ago · 1 comments

如下面的POST请求，服务器响应包返回了Set-Cookie: rememberMe=deleteMe; ，但是只有POST请求才会返回rememberMe，才能识别到这是一个shiro框架，但是我不知道怎么识别POST请求的指纹

POST /doLogin HTTP/1.0
Host: x.x.x.x
Content-Length: 29
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=2A260DA9B747EA338FB38A6466836B75
Connection: close

username=admin&password=admin

Answer 1 · 2024-09-20T06:46:22.000Z

好像是个bug，没把body序列化成功，我更新一下，yaml这样写就可以了
等这个跑完就可以重新下载了，https://github.com/emo-crab/observer_ward/actions/runs/10954538367
感谢反馈

id: 0example
info:
  name: 0example
  author: cn-kali-team
  tags: detect,tech,0example
  severity: info
  metadata:
    product: 0example
    vendor: 00_unknown
    verified: true
http:
  - method: POST
    path:
      - '{{BaseURL}}/doLogin'
    headers:
      Content-Type: application/x-www-form-urlencoded
    body: "username=admin&password=admin"
    matchers:
      - type: word
        words:
          - "Set-Cookie: rememberMe=deleteMe"
        case-insensitive: true