埋头苦干一天终于搞定!一个用C#写的windows应用程序,作用嘛,就是对asp程序已知的20种漏洞进行扫描,显示源程序。在这个应用程序中用到两种获得http页面的方法,一种是直接用httpwebrequest类,而另一种是同服务器通过tcp/ip建立socket连接,直接查询端口80 , 为此我写了以下两个函数,第一个比较简单,参数只有一个,就是要求的url , 另外一个比较复杂,也很通用,不仅可以请求http页面,还可以和其他端口通信,如端口43的whois,端口25的smtp,端口21的ftp甚至pop3等等,三个参数分别是主机名,请求命令和端口。好了,看程序吧。
//获取http页面函数
private string Get_Http(string a_strUrl)
{
string strResult ;
HttpWebRequest myReq = (HttpWebRequest)
WebRequestFactory.Create(a_strUrl) ;
try
{
HttpWebResponse HttpWResp = (HttpWebResponse)myReq.GetResponse();
Stream myStream = HttpWResp.GetResponseStream () ;
StreamReader sr = new StreamReader(myStream , Encoding.Default);
StringBuilder strBuilder = new StringBuilder();
while (-1 != sr.Peek())
{
strBuilder.Append(sr.ReadLine()+"\r\n");
}
strResult = strBuilder.ToString();
}
catch(Exception exp)
{
strResult = "错误:" + exp.Message ;
}
return strResult ;
}
//通过同server建立tcp/ip连接,发送socket命令
private string Get_Socket_Request(string a_strServer , string a_strRequest , Int32 a_intPort)
{
//Set up variables and String to write to the server
Encoding ASCII = Encoding.Default ;
string Get = a_strRequest + "Connection: Close\r\n\r\n";
//string Get =
Byte[] ByteGet = ASCII.GetBytes(Get);
Byte[] RecvBytes = new Byte[256];
String strRetPage = null;
// IPAddress and IPEndPoint represent the endpoint that will
// receive the request
IPAddress hostadd = DNS.Resolve(a_strServer.Substring(7 ,a_strServer.Length - 7));
IPEndPoint EPhost = new IPEndPoint(hostadd, a_intPort);
//Create the Socket for sending data over TCP
Socket s = new Socket(AddressFamily.AfINet, SocketType.SockStream,
ProtocolType.ProtTCP );
// Connect to host using IPEndPoint
if (s.Connect(EPhost) != 0)
{
strRetPage = "Unable to connect to host";
return strRetPage;
}
// Sent the GET text to the host
s.Send(ByteGet, ByteGet.Length, 0);
// Receive the page, loop until all bytes are received
Int32 bytes = s.Receive(RecvBytes, RecvBytes.Length, 0);
strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
while (bytes > 0)
{
bytes = s.Receive(RecvBytes, RecvBytes.Length, 0);
strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
}
return strRetPage ;
}
那个扫描漏洞的应用程序包括源代码我将整理后放到我的站点,如果你需要可以来下载。