optimize :

1. 同步更新查询框自动提示签名校验 2. 添加右键菜单查询网页标题 fixes #96
wgpsec · Jun 14, 2022 · f7208aa · f7208aa
1 parent 3131d22
commit f7208aa
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 22 deletions.
diff --git a/src/main/java/org/fofaviewer/controls/MyTableView.java b/src/main/java/org/fofaviewer/controls/MyTableView.java
@@ -142,6 +142,14 @@ public MyTableView(TableView<TableBean> view, MainControllerCallback mainControl
                     }
                 }
             });
+            MenuItem queryTitle = new MenuItem(resourceBundle.getString("TABLE_CONTEXTMENU_QUERY_TITLE"));
+            queryTitle.setOnAction(event -> {
+                String _title = row.getItem().title.getValue();
+                if(!_title.isEmpty()){
+                    mainControllerCallback.queryCall(new ArrayList<String>(){{add("title=\""+ _title + "\"");}});
+                }
+            });
+
             MenuItem fidMenu = new MenuItem(resourceBundle.getString("TABLE_CONTEXTMENU_FID"));
             fidMenu.setOnAction(event -> {
                 String _fid = row.getItem().fid.getValue();
@@ -151,7 +159,7 @@ public MyTableView(TableView<TableBean> view, MainControllerCallback mainControl
                     DataUtil.showAlert(Alert.AlertType.WARNING, null, resourceBundle.getString("QUERY_FID_ERROR")).showAndWait();
                 }
             });
-            rowMenu.getItems().addAll(copyLink, copyIP, copyDomain, copyCN,queryIp, queryCSet, querySubdomain, queryFavicon, queryCert, fidMenu);
+            rowMenu.getItems().addAll(copyLink, copyIP, copyDomain, copyCN,queryIp,queryTitle, queryCSet, querySubdomain, queryFavicon, queryCert, fidMenu);
             row.contextMenuProperty().bind(Bindings.when(row.emptyProperty()).then((ContextMenu) null).otherwise(rowMenu));
             // 双击行时使用默认浏览器打开
             row.setOnMouseClicked(event -> {

diff --git a/src/main/java/org/fofaviewer/main/MainApp.java b/src/main/java/org/fofaviewer/main/MainApp.java
@@ -7,7 +7,7 @@
 import org.fofaviewer.controllers.MainController;
 
 public class MainApp extends Application {
-    private final String version = "1.1.8";
+    private final String version = "1.1.9";
 
     @Override
     public void start(Stage stage) throws Exception {

diff --git a/src/main/java/org/fofaviewer/utils/RequestUtil.java b/src/main/java/org/fofaviewer/utils/RequestUtil.java
@@ -13,10 +13,16 @@
 import org.jsoup.select.Elements;
 import javax.net.ssl.*;
 import java.net.URL;
+import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
 import java.security.SecureRandom;
+import java.security.Signature;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.sql.Timestamp;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -31,7 +37,9 @@ public class RequestUtil {
         "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0",
         "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.41 Safari/537.36 Edg/88.0.705.22"
     };
-    Pattern cnPattern = Pattern.compile("CommonName:\\s([-|\\*|\\w|\\.|\\s]+)\n");
+    private final String appId = "9e9fb94330d97833acfbc041ee1a76793f1bc691";
+    private final String privateKey = "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC/TGN5+4FMXo7H3jRmostQUUEO1NwH10B8ONaDJnYDnkr5V0ZzUvkuola7JGSFgYVOUjgrmFGITG+Ne7AgR53Weiunlwp15MsnCa8/IWBoSHs7DX1O72xNHmEfFOGNPyJ4CsHaQ0B2nxeijs7wqKGYGa1snW6ZG/ZfEb6abYHI9kWVN1ZEVTfygI+QYqWuX9HM4kpFgy/XSzUxYE9jqhiRGI5f8SwBRVp7rMpGo1HZDgfMlXyA5gw++qRq7yHA3yLqvTPSOQMYJElJb12NaTcHKLdHahJ1nQihL73UwW0q9Zh2c0fZRuGWe7U/7Bt64gV2na7tlA62A9fSa1Dbrd7lAgMBAAECggEAPrsbB95MyTFc2vfn8RxDVcQ/dFCjEsMod1PgLEPJgWhAJ8HR7XFxGzTLAjVt7UXK5CMcHlelrO97yUadPAigHrwTYrKqEH0FjXikiiw0xB24o2XKCL+EoUlsCdg8GqhwcjL83Mke84c6Jel0vQBfdVQ+RZbetMCxqv1TpqpwW+iswlDY0+OKNxcDSnUyVkBko4M7bCqJ19DjzuHHLRmSuJhWLjX2PzdrVwIrRChxeJRR5AzrNE2BC/ssKasWjZfgkTOW6MS96q+wMLgwFGCQraU0f4AW5HA4Svg8iWT2uukcDg7VXXc/eEmkfmDGzmgsszUJZYb1hYsvjgbMP1ObwQKBgQDw1K0xfICYctiZ3aHS7mOk0Zt6B/3rP2z9GcJVs0eYiqH+lteLNy+Yx4tHtrQEuz16IKmM1/2Ghv8kIlOazpKaonk3JEwm1mCEXpgm4JI7UxPGQj/pFTCavKBBOIXxHJVSUSg0nKFkJVaoJiNy0CKwQNoFGdROk2fSYu8ReB/WlQKBgQDLWQR3RioaH/Phz8PT1ytAytH+W9M4P4tEx/2Uf5KRJxPQbN00hPnK6xxHAqycTpKkLkbJIkVWEKcIGxCqr6iGyte3xr30bt49MxIAYrdC0LtBLeWIOa88GTqYmIusqJEBmiy+A+DudM/xW4XRkgrOR1ZsagzI3FUVlei9DwFjEQKBgG8JH3EZfhDLoqIOVXXzA24SViTFWoUEETQAlGD+75udD2NaGLbPEtrV5ZmC2yzzRzzvojyVuQY1Z505VmKhq2YwUsLhsVqWrJlbI7uI/uLrQsq98Ml+Q5KUNS7c6KRqEU6KrIbVUHPj4zhTnTRqUhQBUoPXjNNNkyilBKSBReyhAoGAd3xGCIPdB17RIlW/3sFnM/o5bDmuojWMcw0ErvZLPCl3Fhhx3oNod9iw0/T5UhtFRV2/0D3n+gts6nFk2LbA0vtryBvq0C85PUK+CCX5QzR9Y25Bmksy8aBtcu7n27ttAUEDm1+SEuvmqA68Ugl7efwnBytFed0lzbo5eKXRjdECgYAk6pg3YIPi86zoId2dC/KfsgJzjWKVr8fj1+OyInvRFQPVoPydi6iw6ePBsbr55Z6TItnVFUTDd5EX5ow4QU1orrEqNcYyG5aPcD3FXD0Vq6/xrYoFTjZWZx23gdHJoE8JBCwigSt0KFmPyDsN3FaF66Iqg3iBt8rhbUA8Jy6FQA==";
+    Pattern cnPattern = Pattern.compile("CommonName:\\s([-|\\*|\\w|\\.|\\s]+)\n\nSubject Public");
     Pattern snPattern = Pattern.compile("Serial Number:\\s(\\d+)\n");
 
     private RequestUtil() {
@@ -239,11 +247,13 @@ public String getCertSubjectDomain(String host){
      */
     public Map<String,String> getTips(String key) {
         try {
-            key = java.net.URLEncoder.encode(key, "UTF-8");
-            HashMap<String, String> result = getHTML(FofaConfig.TIP_API + key, 3000, 5000);
+            String ts = String.valueOf((new Timestamp(System.currentTimeMillis())).getTime());
+            String singParam = "q" + key + "ts" + ts;
+            String params = URLEncoder.encode(key,"UTF-8") + "&ts=" + ts + "&sign=" + URLEncoder.encode(getInputSign(singParam), "utf-8") + "&app_id=" + this.appId;
+            HashMap<String, String> result = getHTML(FofaConfig.TIP_API + params, 3000, 5000);
             if (result.get("code").equals("200")) {
                 JSONObject obj = JSON.parseObject(result.get("msg"));
-                if(obj.getString("message").equals("ok")){
+                if(obj.getInteger("code") == 0){
                     Map<String,String> data = new HashMap();
                     JSONArray objs = obj.getJSONArray("data");
                     for (Object o : objs) {
@@ -292,4 +302,24 @@ public String getCertSerialNumberByFoFa(String cert){
         }
         return "";
     }
+
+    /**
+     * 设置SHA256withRSA签名
+     * @param inputString 签名字符串 q + 查询字符串 + ts + 时间戳
+     */
+    private String getInputSign(String inputString){
+        try {
+            byte[] data = inputString.getBytes();
+            byte[] keyBytes = Base64.getDecoder().decode(this.privateKey);
+            PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
+            PrivateKey priKey = KeyFactory.getInstance("RSA").generatePrivate(pkcs8KeySpec);
+            Signature signature = Signature.getInstance("SHA256withRSA");
+            signature.initSign(priKey);
+            signature.update(data);
+            return Base64.getEncoder().encodeToString(signature.sign());
+        } catch (Exception e) {
+            Logger.error(e);
+            return "";
+        }
+    }
 }
diff --git a/src/main/resources/locales.properties b/src/main/resources/locales.properties
@@ -65,6 +65,7 @@ TABLE_CONTEXTMENU_COPYLINK=\u590D\u5236\u94FE\u63A5
 TABLE_CONTEXTMENU_COPYIP=\u590D\u5236IP
 TABLE_CONTEXTMENU_COPYDOMAIN=\u590D\u5236\u57DF\u540D
 TABLE_CONTEXTMENU_COPYCERTCN=\u590D\u5236\u8BC1\u4E66\u7ED1\u5B9A\u7684\u57DF\u540D
+TABLE_CONTEXTMENU_QUERY_TITLE=\u67E5\u8BE2\u6807\u9898
 TABLE_CONTEXTMENU_QUERY_IP=\u67E5\u8BE2IP
 TABLE_CONTEXTMENU_QUERY_C-CLASS=\u67E5\u8BE2C\u6BB5IP
 TABLE_CONTEXTMENU_QUERY_DOAMIN=\u67E5\u8BE2\u76F8\u5173\u57DF\u540D\u8D44\u4EA7

diff --git a/src/main/resources/locales_en_US.properties b/src/main/resources/locales_en_US.properties
@@ -60,6 +60,7 @@ TABLE_CONTEXTMENU_COPYIP=copy ip
 TABLE_CONTEXTMENU_COPYDOMAIN=copy domain
 TABLE_CONTEXTMENU_COPYCERTCN=copy cert CN
 TABLE_CONTEXTMENU_QUERY_IP=query ip
+TABLE_CONTEXTMENU_QUERY_TITLE=query title
 TABLE_CONTEXTMENU_QUERY_C-CLASS=query assets within the class c ip
 TABLE_CONTEXTMENU_QUERY_DOAMIN=query assets with the domain
 TABLE_CONTEXTMENU_QUERY_FAVICON=query assets with the favicon

diff --git a/src/main/resources/locales_zh_CN.properties b/src/main/resources/locales_zh_CN.properties
@@ -66,6 +66,7 @@ TABLE_CONTEXTMENU_COPYIP=\u590D\u5236IP
 TABLE_CONTEXTMENU_QUERY_IP=\u67E5\u8BE2IP
 TABLE_CONTEXTMENU_COPYDOMAIN=\u590D\u5236\u57DF\u540D
 TABLE_CONTEXTMENU_COPYCERTCN=\u590D\u5236\u8BC1\u4E66\u7ED1\u5B9A\u7684\u57DF\u540D
+TABLE_CONTEXTMENU_QUERY_TITLE=\u67E5\u8BE2\u6807\u9898
 TABLE_CONTEXTMENU_QUERY_C-CLASS=\u67E5\u8BE2C\u6BB5IP
 TABLE_CONTEXTMENU_QUERY_DOAMIN=\u67E5\u8BE2\u76F8\u5173\u57DF\u540D\u8D44\u4EA7
 TABLE_CONTEXTMENU_QUERY_FAVICON=\u4ECEfofa\u641C\u7D22favicon\u76F8\u5173\u7684\u8D44\u4EA7

diff --git a/src/test/java/Test.java b/src/test/java/Test.java
@@ -30,21 +30,6 @@ public void getSerialNumber(){
     }
 
     public static void main(String[] args) throws IOException {
-        Properties properties = new Properties();
-        properties.load(new FileInputStream("config.properties"));
-        FofaConfig client = FofaConfig.getInstance();
-        client.setKey(properties.getProperty("key").trim());
-        client.setEmail(properties.getProperty("email").trim());
-        client.setAPI(properties.getProperty("api"));
-        client.setSize(properties.getProperty("max_size"));
-        RequestUtil helper = RequestUtil.getInstance();
-        String a = "ip=\"123.139.243.0/24\"";
-        System.out.println(a);
-        String requestUrl = client.getParam("1", false) + helper.encode(a);
-        System.out.println(requestUrl);
-        System.out.println(helper.getHTML(requestUrl, 3000,5000));
-        Test test = new Test();
-        test.getCommonName();
-        test.getSerialNumber();
+
     }
 }