Skip to content

[代码重构] ShellTool 枚举类不适合 SDK 用于添加自定义内存马 #85

New issue
New issue
Open
Open
[代码重构] ShellTool 枚举类不适合 SDK 用于添加自定义内存马#85
Assignees
ReaJason
Labels
refactorsome code taste not good
@ReaJason

Description

@ReaJason
ReaJason
opened on Aug 22, 2025

在使用 SDK 集成自定义内存马时,com.reajason.javaweb.memshell.ServerFactory#addToolMapping 的 ShellTool 枚举属性导致无法进行扩展,只能自行实现映射。

期待效果:

// 1. 继承 com.reajason.javaweb.memshell.config.ShellToolConfig 实现 CustomShellToolConfig
// 2. 继承 com.reajason.javaweb.memshell.generator.ByteBuddyShellGenerator 实现 CustomShellToolGenerator
// 2. 参考自定义内存马文档实现各个挂载位置的马


// 添加生成器配置
ShellToolFactory.register(CustomShellToolGenerator.class, CustomShellToolConfig.class);

// 添加挂载适配项
ServerFactory.addToolMapping("CustomShellTool", ToolMapping.builder()
                .addShellClass(SERVLET, CustomServlet.class)
                .addShellClass(JAKARTA_SERVLET, CustomServlet.class)
                .addShellClass(FILTER, CustomFilter.class)
                .addShellClass(JAKARTA_FILTER, CustomFilter.class)
                .addShellClass(LISTENER, CustomListener.class)
                .addShellClass(JAKARTA_LISTENER, CustomListener.class)
                .addShellClass(VALVE, CustomValve.class)
                .addShellClass(JAKARTA_VALVE, CustomValve.class)
                .addShellClass(PROXY_VALVE, Custom.class)
                .addShellClass(JAKARTA_PROXY_VALVE, Custom.class)
                .addShellClass(WEBSOCKET, CustomWebSocket.class)
                .addShellClass(JAKARTA_WEBSOCKET, CustomWebSocket.class)
                .addShellClass(SPRING_WEBMVC_INTERCEPTOR, CustomInterceptor.class)
                .addShellClass(SPRING_WEBMVC_JAKARTA_INTERCEPTOR, CustomInterceptor.class)
                .addShellClass(SPRING_WEBMVC_CONTROLLER_HANDLER, CustomControllerHandler.class)
                .addShellClass(SPRING_WEBMVC_JAKARTA_CONTROLLER_HANDLER, CustomControllerHandler.class)
                .addShellClass(SPRING_WEBMVC_AGENT_FRAMEWORK_SERVLET, Custom.class)
                .addShellClass(SPRING_WEBFLUX_WEB_FILTER, CustomWebFilter.class)
                .addShellClass(SPRING_WEBFLUX_HANDLER_METHOD, CustomHandlerMethod.class)
                .addShellClass(SPRING_WEBFLUX_HANDLER_FUNCTION, CustomHandlerFunction.class)
                .addShellClass(NETTY_HANDLER, CustomNettyHandler.class)
                .addShellClass(AGENT_FILTER_CHAIN, Custom.class)
                .addShellClass(CATALINA_AGENT_CONTEXT_VALVE, Custom.class)
                .addShellClass(JETTY_AGENT_HANDLER, CustomJettyHandler.class)
                .addShellClass(UNDERTOW_AGENT_SERVLET_HANDLER, CustomUndertowServletHandler.class)
                .addShellClass(WEBLOGIC_AGENT_SERVLET_CONTEXT, Custom.class)
                .addShellClass(WAS_AGENT_FILTER_MANAGER, Custom.class)
                .build());
// 之后则完美融入生成体系
ShellConfig shellConfig = ShellConfig.builder()
                .server(Tomcat)
                .shellTool("CustomShellTool")
                .shellType(ShellType.FILTER)
                .shrink(true) // 缩小字节码
                .debug(false) // 关闭调试
                .build();

InjectorConfig injectorConfig = InjectorConfig.builder().urlPattern("/*").build();

CustomShellToolConfig customConfig = CustomShellToolConfig.builder().pass("pass").key("key").build();

MemShellResult result = MemShellGenerator.generate(shellConfig, injectorConfig, customConfig);

Metadata

Metadata

Assignees

Labels

refactorsome code taste not good

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions