admin/safeGate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
CoCo ainrm-
2022-02-11 17:06:16 +08:00
committed by GitHub
commit f5f44f2e03
14 changed files with 558 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
init.lua Normal file
View File

@@ -0,0 +1,135 @@
require 'config'
require 'b64'
require 'aes'
require 'log'
require '403'
require 'tableXstring'
require 'fileio'
require 'randomStr'
require 'whiteList'
local optionIsOn = function (options) return options == "on" and true or false end
ToolsProtect = optionIsOn(toolsProtect)
ShiroProtect = optionIsOn(shiroProtect)
JsProtect = optionIsOn(jsProtect)
JsConfuse = false
SensitiveProtect = optionIsOn(sensitiveProtect)
-- cookie加密
function reqCookieParse()
if ShiroProtect then
local userCookieX9 = ngx.var.cookie_x9i7RDYX23
if not userCookieX9 then -- 没有cookie
log('0-cookie 无cookie', '')
ngx.req.set_header('Cookie', '') -- 移除其他cookie
elseif #userCookieX9 < 32 then -- 判断cookie长度
log('1-cookie 不符合要求', userCookieX9)
ngx.say('4')
say_html()
else --有cookie
local result = xpcall(dencrypT, emptyPrint, userCookieX9, aesKey)
if not result then --解密失败
log('2-cookie 无法解密', userCookieX9)
ngx.say('5')
say_html()
else --解密成功
local originCookie = StrToTable(dencrypT(userCookieX9, aesKey))
ngx.req.set_header('Cookie', transTable(originCookie))
log('3-cookie 解密成功', userCookieX9)
end
end
end
end
function respCookieEncrypt()
if ShiroProtect then
local value = ngx.resp.get_headers()["Set-Cookie"]
if value then
local encryptedCookie = cookieD.."="..encrypT(TableToStr(value), aesKey)
ngx.header["Set-Cookie"] = encryptedCookie
log('4-cookie 加密成功',encryptedCookie)
end
end
end
-- reload机制
function toolsInfoSpider()
if ToolsProtect and not whiteExtCheck() then
local clientCookieA = ngx.var.cookie_h0yGbdRv
local clientCookieB = ngx.var.cookie_kQpFHdoh
if not (clientCookieA and clientCookieB) then --没有cookieA进入reload302至html生成cookie后再请求原地址
local ip = 'xxx'
local finalPath = 'http://'..ip..'/'..jsPath..'?origin='..encodeBase64(ngx.var.request_uri)
log('1-tools 无cookieA/B', '')
ngx.redirect(finalPath, 302)
else
local result = xpcall(dencrypT, emptyPrint, clientCookieB, clientCookieA)
if not result then
log('2-tools 解密失败', clientCookieA..', '..clientCookieB)
ngx.say('1')
say_html() -- 解密失败
else-- 可以解密,提取数据
local result2 = dencrypT(clientCookieB, clientCookieA)
if #result2 < 1 then
log('3-tools 解密失败', result2)
else
local srs = split(result2, ',')
local _,e = string.find(srs[1], '0')
if e ~= nil then
log('4-tools 工具请求', result2)
ngx.say('2')
say_html()
else
log('0-tools 工具验证通过, 记录浏览器指纹', '', srs[2])
end
end
end
end
end
end
-- js文件混淆
function jsExtDetect()
if JsProtect then
local ext = string.match(ngx.var.uri, ".+%.(%w+)$")
if ext == 'js' then -- 加入检查js文件是否存在
JsConfuse = true
end
end
end
function jsConfuse()
if JsConfuse then
local originBody = ngx.arg[1]
if #originBody > 200 then -- 筛选空js
local s = getRandom(8)
local path = '/tmp/'..s
writefile(path, originBody, 'w+')
local t = io.popen('export NODE_PATH=/usr/lib/node_modules && node /gate/node/js_confuse.js '..path)
local a = t:read("*all")
ngx.arg[1] = a
os.execute('rm -f '..path)
end
JsConfuse = false
end
end
-- 响应包过滤
function dateReplace()
if SensitiveProtect then
local replaceTelephone = string.gsub(ngx.arg[1], "[1][3,4,5,7,8]%d%d%d%d%d%d%d%d%d", "******")
ngx.arg[1] = replaceTelephone
end
end