v1.2.3

Author: Ar3h

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.2.3
+
+- [功能] 支持字节码混淆，集成 Class-Obf(https://github.com/jar-analyzer/class-obf)项目 @4ra1n
+- [功能] 新增 ExpressionPayload、JDBCPayload，方便生成表达式相关Payload以及JDBC URL相关Payload @Ar3h
+- [优化] FakeMySQL日志更详细的输出 @Ar3h
+- [BUG] 修复前端展开BUG @Ar3h
+
+
 ## 1.2.2
 
 更新内容：

CHANGELOG_EN.md

@@ -1,12 +1,19 @@
+## 1.2.3
+
+- [Feature] Support for bytecode obfuscation, integrated with the Class-Obf project by @4ra1n
+- [Feature] Added ExpressionPayload and JDBCPayload for easier generation of expression-related Payloads and JDBC URL-related Payloads by @Ar3h
+- [Improvement] Enhanced FakeMySQL logging with more detailed output by @Ar3h
+- [Bugfix] Fixed front-end expansion issue by @Ar3h
+
 ## 1.2.2
 
 What's new:
 
-- [Function] Support internationalization, the page supports English switching, and the language can be switched in the
+- [Feature] Support internationalization, the page supports English switching, and the language can be switched in the
   upper right corner after landing on the page @Ar3h
 - [Feature] Added 'OneForAllEcho' Gadget, which is a bytecode type, which can realize one-click echo in Tomcat,
   WebLogic, Jetty, and Spring environments @4ra1n
-- [Function] Added 'XMLDecoder' Payload generation @4ra1n
+- [Feature] Added 'XMLDecoder' Payload generation @4ra1n
 - [New Chain] Added three Getter chains: HutoolJndiDSFactory、hutoolSimpleDSFactory、hutoolPooledDSFactory @unam4
 - [Improve] Java deserialization support for full UTF8 overlong (see PPPYSO project) @Ar3h
 - [Optimization] Optimized the prompt of the front-end Gadget option, the front-end uses cyan to remind that Gadget is

README.md

@@ -37,7 +37,7 @@
         - `TC_RESET` 填充，仅适用于Java反序列化
         - `UTF-8 Overlong Encoding` 混淆
     - 一些高级选项：
-        - 自定义类名/定义字节码版本
+        - 自定义类名/定义字节码版本，支持使用 Class-Obf 进行字节码混淆
         - 选择 `Commons Beanutils` 链的多种 `comparator` 类型
         - 支持生成 `TemplatesImpl` 格式
         - 支持生成 `SnakeYaml Jar` 格式
@@ -85,7 +85,7 @@ docker run -d \
   -p 3308:3308 \
   -p 11527:11527 \
   -p 50000:50000 \
-  javachains/webchains:1.2.2
+  javachains/webchains:1.2.3
 ```
 
 生成功能仅使用 `8011` 端口即可，其他端口为 `exploit` 模块使用
@@ -106,7 +106,7 @@ docker logs $(docker ps | grep javachains/webchains | awk '{print $1}') | grep -
 
 ### 方式二：Jar包启动
 
-使用 `java -jar web-chains-v1.2.2.jar` 即可启动
+使用 `java -jar web-chains-v1.2.3.jar` 即可启动
 
 ## 详细使用
 
@@ -128,6 +128,7 @@ docker logs $(docker ps | grep javachains/webchains | awk '{print $1}') | grep -
 - https://github.com/qi4L/JYso
 - https://github.com/X1r0z/JNDIMap
 - https://github.com/Whoopsunix/PPPYSO
+- https://github.com/jar-analyzer/class-obf
 - https://github.com/4ra1n/mysql-fake-server
 - https://github.com/mbechler/marshalsec
 - https://github.com/frohoff/ysoserial
@@ -149,14 +150,6 @@ docker logs $(docker ps | grep javachains/webchains | awk '{print $1}') | grep -
   <img src="img/group.png" width="300px">
 </p>
 
-如果二维码失效可加V备注项目名：`Y2VzaGkyMzQ1Njc=`
-
-你觉得该项目对你有帮助的话，可以考虑支持一下我们
-
-<p align="center">
-<img src="img/zanShang.jpg" width="300px">
-</p>
-
 ## Star History
 
 [![Star History Chart](https://api.star-history.com/svg?repos=java-chains/web-chains&type=Date)](https://star-history.com/#java-chains/web-chains&Date)

README_EN.md

@@ -5,7 +5,7 @@
 <img alt="release" src="https://img.shields.io/github/v/release/java-chains/web-chains"/>
 <img alt="GitHub Stars" src="https://img.shields.io/github/stars/Java-Chains/web-chains?color=success"/>
 <div align="center">
-    <img src="img/logo.png" width="80" alt="center">
+    <img src="img/logo.png" width="60" alt="center">
 </div>
 </div>
 
@@ -40,7 +40,7 @@ building the Swiss Army knife of the strongest `Java` security research
         - `TC_RESET` padding, which is only available for Java deserialization
         - `UTF-8 Overlong Encoding` obfuscation
    - Some advanced options:
-      - Customize the class name/define the bytecode version
+      - Customize the class name/define the bytecode version. Support bytecode obfuscation using Class-Obf
       - Select multiple `comparator` types for the `Commons Beanutils` chain
       - Support for generating `TemplatesImpl` format
       - Support for generating `SnakeYaml Jar` format
@@ -88,7 +88,7 @@ docker run -d \
   -p 3308:3308 \
   -p 11527:11527 \
   -p 50000:50000 \
-  javachains/webchains:1.2.2
+  javachains/webchains:1.2.3
 ```
 
 The build function only uses the `8011` port, and the other ports are used by the `exploit` module
@@ -109,7 +109,7 @@ Just visit `http://your-ip:8011` (log in with your username and password here)
 
 ### Method 2: Start the JAR package
 
-Use `java -jar web-chains-v1.2.2.jar` to get started
+Use `java -jar web-chains-v1.2.3.jar` to get started
 
 ## Detailed use
 
@@ -131,6 +131,7 @@ Acknowledgments:
 - https://github.com/qi4L/JYso
 - https://github.com/X1r0z/JNDIMap
 - https://github.com/Whoopsunix/PPPYSO
+- https://github.com/jar-analyzer/class-obf
 - https://github.com/4ra1n/mysql-fake-server
 - https://github.com/mbechler/marshalsec
 - https://github.com/frohoff/ysoserial