检测某个站出现误报情况

[hahaSec]

                                                            Powered by UnicodeSec
                                                                  Version  0.0.2
八月 01, 2020 4:31:56 下午 org.apache.http.client.protocol.ResponseProcessCookies processCookies
警告: Invalid cookie header: "Set-Cookie: 8VY9p00ccvVgS=5s7CnSS.ODpwYT_v50JzmQn.x0G6eIvX0a8hwJN_WEumAi_mwmJTdsCMnZzgt1NxHtMXnLqaQe.bUAFr1uZ83Cq; Path=/; expires=Tue, 3
0 Jul 2030 08:32:54 GMT; HttpOnly". Invalid 'expires' attribute: Tue, 30 Jul 2030 08:32:54 GMT
found Shiro Vulnerability, Shiro key wGiHplamyXlVB11UXWol8g==

授权测试某站时，发现返回头里没有rememberMe=deleteMe相关字段并且会默认返回Set-Cookie相关的字段，但是检测出了key，日志如上图，返回头如下图

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Aug 2020 08:31:57 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Set-Cookie: sid=z0Tscj1n+2962467490-Nd1D_qJ28lD1diGfMbUlBWZ1Bf12So0Zi0wwzMr8UiilkY..vOKPORkhuzylS87u68qiFJTKD37xlQTLdabG_a; Path=/xlplatform; HttpOnly
Content-Language: en-US
Pragma: no-cache
Cache-Control: no-store
Expires: Sat, 01 Aug 2020 08:32:54 GMT
Set-Cookie: 8VY9p00ccvVgS=5s7CnSS.ODpwYT_v50JzmQn.x0G6eIvX0a8hwJN_WEumAi_mwmJTdsCMnZzgt1NxHtMXnLqaQe.bUAFr1uZ83Cq; Path=/; expires=Tue, 30 Jul 2030 08:32:54 GMT; HttpOnly
Busscid: unnet
Content-Length: 26689

[n5xxxx]

当请求包中cookie包含 rememberMe参数时，若后端验证失败，返回头里才会返回rememberMe=deleteMe， 你尝试将请求包中构造cookie: rememberMe=1，将会得到指纹。