您是否碰巧知道一个开源 Java 组件,它提供了扫描一组动态页面 (JSP) 的工具,然后从那里提取所有输入参数。当然,爬虫可以爬取静态代码而不是动态代码,但我的想法是将其扩展为爬取包括所有服务器端代码的网络服务器。当然,我假设该工具可以完全访问已爬网的网络服务器,而不是使用任何黑客手段。
我们的想法是构建一个静态分析器,它能够检测所有动态页面的所有参数(request.getParameter() 等)字段。
最佳答案
The idea is to build a static analyzer that has the capacity to detect all parameter fields from all dynamic pages.
您不能使用 web 爬虫(基本上是 HTML 解析器)来提取请求参数。他们最多可以扫描 HTML 结构。您可以使用例如 Jsoup为此:
for (Element form : Jsoup.connect("http://google.com").get().select("form")) {
System.out.printf("Form found: action=%s, method=%s%n", form.attr("action"), form.attr("method"));
for (Element input : form.select("input,select,textarea")) {
System.out.printf("\tInput found: name=%s, value=%s%n", input.attr("name"), input.attr("value"));
}
}
当前打印
Form found: action=, method= Input found: name=hl, value=en Input found: name=source, value=hp Input found: name=ie, value=ISO-8859-1 Input found: name=q, value= Input found: name=btnG, value=Google Search Input found: name=btnI, value=I'm Feeling Lucky Input found: name=, value= Form found: action=/search, method= Input found: name=hl, value=en Input found: name=source, value=hp Input found: name=ie, value=ISO-8859-1 Input found: name=q, value= Input found: name=btnG, value=Google Search Input found: name=btnI, value=I'm Feeling Lucky
If you want to scan the JSP source code for any forms/inputs, then you have to look in a different direction, it's definitely not to be called "web crawler". Unfortunately no such static analysis tool comes to mind. Closest what you can get is to create a Filter
which logs all submitted request parameters.
Map<String, String[]> params = request.getParameterMap();
// ...
关于java - 提取所有输入参数的JSP Page Crawler,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4531490/