{"id":13841234,"url":"https://github.com/SPuerBRead/Bridge","last_synced_at":"2025-07-11T12:30:43.463Z","repository":{"id":37487015,"uuid":"201757704","full_name":"SPuerBRead/Bridge","owner":"SPuerBRead","description":"无回显漏洞测试辅助平台，平台使用Java编写，提供DNSLOG，HTTPLOG等功能，辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。","archived":false,"fork":false,"pushed_at":"2023-06-14T10:09:25.000Z","size":55,"stargazers_count":385,"open_issues_count":6,"forks_count":86,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-08-05T17:27:02.899Z","etag":null,"topics":["dnslog","httplog","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SPuerBRead.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-08-11T11:46:29.000Z","updated_at":"2024-07-20T11:03:00.000Z","dependencies_parsed_at":"2022-08-08T20:30:37.322Z","dependency_job_id":"75f8d3ce-9a62-42a0-bee3-12c539db94ec","html_url":"https://github.com/SPuerBRead/Bridge","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SPuerBRead%2FBridge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SPuerBRead%2FBridge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SPuerBRead%2FBridge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SPuerBRead%2FBridge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SPuerBRead","download_url":"https://codeload.github.com/SPuerBRead/Bridge/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225720397,"owners_count":17513596,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dnslog","httplog","security","security-tools"],"created_at":"2024-08-04T17:01:05.606Z","updated_at":"2024-11-21T11:30:26.843Z","avatar_url":"https://github.com/SPuerBRead.png","language":"Java","funding_links":[],"categories":["Java","Java (504)"],"sub_categories":[],"readme":"# Bridge\n\n无回显漏洞测试辅助平台 (Spring Boot + Spring Security + Netty)\n\n平台使用Java编写，提供DNSLOG，HTTPLOG等功能，辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。\n\n\n主要功能\n-----------\n\n* DNSLOG\n* HTTPLOG\n* 自定义DNS解析\n* DNS Rebinding\n* 自定义HTTP Response(Response内容、状态码、Header)\n* 数据查询API\n\n\n部署方法（支持手动部署和Docker部署）\n-----------\n\n### 1. 手动部署\n\n#### 域名解析\n\n假设根域名是dnslog.com，服务器IP是10.10.10.10进行以下配置\n    \n    配置A记录，子域名ns，解析到10.10.10.10\n    \n    配置NS记录，子域名dns，解析到ns.dnslog.com\n    \n    配置A记录，子域名dnslog，解析到10.10.10.10\n    \ndnslog.dnslog.com 用于访问平台web\n    \ndns.dnslog.com 作为测试时payload中设置的域名，每个用户对应dns.dnslog.com下的子域名，如1.dns.dnslog.com，登录平台后可以在API信息中看到对应的地址\n    \n子域名随意设置，对应上即可\n    \n#### 数据库配置\n\n登录mysql执行以下命令，bridge.sql在程序的根目录下\n    \n    source bridge.sql\n\n#### 服务器配置\n\n环境：Java 1.8、Maven\n    \n修改resources目录下application.properties文件中的web服务端口（默认80端口）和数据库连接信息\n    \n    mvn clean package -DskipTests\n    \nmaven生成的jar包位置在target目录下，如dns_log-0.0.1-SNAPSHOT.jar\n    \n    java -jar dns_log-0.0.1-SNAPSHOT.jar dns.dnslog.com dnslog.dnslog.com 10.10.10.10 a1b2c3d4\n    \n第一个参数指定payload设置对应的子域名\n    \n第二个参数指定访问平台对应的子域名\n    \n第三个参数服务器的IP地址\n    \n第四个参数设置注册时的注册暗号，注册需要填写该字段\n    \n \n### 2. Docker部署\n\n域名解析部分与手动部署相同，无需配置数据库和服务器\n\n    git clone https://github.com/SPuerBRead/Bridge.git\n    cd ./Bridge\n\n默认的mysql密码是password，若要修改，请保持以下两项中的密码相同（可不修改）\n\n    1. docker-compose.yml文件中的MYSQL_ROOT_PASSWORD项\n    \n    2. 程序配置文件application.properties中的spring.datasource.password\n\n修改docker-compose.yml倒数第三行command的值，此处为启动命令，将对应参数替换成域名配置中的信息，如：\n\n    java -jar dns_log-0.0.1-SNAPSHOT.jar dns.dnslog.com dnslog.dnslog.com 10.10.10.10 a1b2c3d4\n\n参数含义见手动部署部分。\n\n配置完成后执行以下命令：\n\n    docker-compose build\n    docker-compose up -d\n    \n访问  dnslog.dnslog.com（实际域名根据根域名和配置而定）即可看到登录界面。\n    \n\n部分截图\n-----------\n\nDNSLOG\n\n![15655801079930](https://user-images.githubusercontent.com/18071202/62844371-6e976080-bcf3-11e9-9356-8c7d10af37b0.jpg)\n\n\nHTTPLOG\n\n![15655803891520](https://user-images.githubusercontent.com/18071202/62844457-14e36600-bcf4-11e9-8501-744fb1406417.jpg)\n\nAPI接口\n-----------\n\napiKey在登录后的API信息页面中\n\n#### dnslog查询接口\n\nhttp://xxx.xx/api/dnslog/search?token={apiKey}\u0026keyword={test}\n\nkeyword参数值必须是完整除去logAdress后的部分，此处没有模糊查询，如aaaaaa.1.dnslog.com对应keyword=aaaaaa，返回数据格式样例如下：\n\n```\n[\n  {\n    \"ip\": \"localhost\",\n    \"host\": \"test1.1.dns.xxxx.com\",\n    \"time\": \"2019-07-30 15:25:14.0\",\n    \"type\": \"A(1)\"\n  }\n]\n```\n\n#### httplog查询接口\nhttp://xxx.xx/api/weblog/search?token={apiKey}\u0026keyword={test}\nkeyword要求同上，返回数据格式样例如下：\n \n```\n[\n  {\n    \"path\": \"/\",\n    \"method\": \"POST\",\n    \"data\": \"\",\n    \"ip\": \"10.10.37.75\",\n    \"host\": \"test.1.dns.xxxx.com\",\n    \"header\": \"{\\\"content-length\\\":\\\"22896\\\",\\\"postman-token\\\":\\\"9575b873-ccd9-4d5b-ba8a-c1f746e40086\\\",\\\"host\\\":\\\"test.1.dns.xxxx.com\\\",\\\"content-type\\\":\\\"text/plain\\\",\\\"connection\\\":\\\"keep-alive\\\",\\\"cache-control\\\":\\\"no-cache\\\",\\\"accept-encoding\\\":\\\"gzip, deflate\\\",\\\"user-agent\\\":\\\"PostmanRuntime/7.13.0\\\",\\\"accept\\\":\\\"*/*\\\"}\",\n    \"time\": \"2019-07-23 17:50:10.0\",\n    \"params\": null,\n    \"version\": \"HTTP/1.1\"\n  }\n]\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSPuerBRead%2FBridge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSPuerBRead%2FBridge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSPuerBRead%2FBridge/lists"}