require "config" require "b64" require "aes" require "log" require "403" require "tableXstring" require "fileio" require "randomStr" require "whiteList" require "tools" require "waf/waf" local optionIsOn = function(options) return options == "on" and true or false end ToolsProtect = optionIsOn(toolsProtect) ShiroProtect = optionIsOn(shiroProtect) JsProtect = optionIsOn(jsProtect) JsConfuse = false SensitiveProtect = optionIsOn(sensitiveProtect) -- cookie加密 function reqCookieParse() if ShiroProtect then local userCookieX9 = ngx.var.cookie_x9i7RDYX23 if not userCookieX9 then -- 没有cookie log("0-cookie 无cookie", "") ngx.req.set_header("Cookie", "") -- 移除其他cookie elseif #userCookieX9 < 32 then -- 判断cookie长度 log("1-cookie 不符合要求", userCookieX9) ngx.say("4") say_html() else --有cookie local result = xpcall(dencrypT, emptyPrint, userCookieX9, aesKey) if not result then --解密失败 log("2-cookie 无法解密", userCookieX9) ngx.say("5") say_html() else --解密成功 local originCookie = StrToTable(dencrypT(userCookieX9, aesKey)) ngx.req.set_header("Cookie", transTable(originCookie)) log("3-cookie 解密成功", userCookieX9) end end end end function respCookieEncrypt() if ShiroProtect then local value = ngx.resp.get_headers()["Set-Cookie"] if value then local encryptedCookie = cookieD .. "=" .. encrypT(TableToStr(value), aesKey) ngx.header["Set-Cookie"] = encryptedCookie log("4-cookie 加密成功", encryptedCookie) end end end -- reload机制 function toolsInfoSpider() if ToolsProtect and not whiteExtCheck() then local clientCookieA = ngx.var.cookie_h0yGbdRv local clientCookieB = ngx.var.cookie_kQpFHdoh if not (clientCookieA and clientCookieB) then --没有cookieA进入reload,302至html生成cookie后再请求原地址 local ip = "xxx" local finalPath = "http://" .. ip .. "/" .. jsPath .. "?origin=" .. encodeBase64(ngx.var.request_uri) log("1-tools 无cookieA/B", "") ngx.redirect(finalPath, 302) else local result = xpcall(dencrypT, emptyPrint, clientCookieB, clientCookieA) if not result then log("2-tools 解密失败", clientCookieA .. ", " .. clientCookieB) ngx.say("1") say_html() -- 解密失败 else -- 可以解密,提取数据 local result2 = dencrypT(clientCookieB, clientCookieA) if #result2 < 1 then log("3-tools 解密失败", result2) else local srs = split(result2, ",") local _, e = string.find(srs[1], "0") if e ~= nil then log("4-tools 工具请求", result2) ngx.say("2") say_html() else log("0-tools 工具验证通过, 记录浏览器指纹", "", srs[2]) end end end end end end -- js文件混淆 function jsExtDetect() if JsProtect then local ext = string.match(ngx.var.uri, ".+%.(%w+)$") if ext == "js" then -- 加入检查,js文件是否存在 JsConfuse = true end end end function jsConfuse() if JsConfuse then local originBody = ngx.arg[1] if #originBody > 200 then -- 筛选空js local s = getRandom(8) local path = "/tmp/" .. s writefile(path, originBody, "w+") local t = io.popen("export NODE_PATH=/usr/lib/node_modules && node /gate/node/js_confuse.js " .. path) local a = t:read("*all") ngx.arg[1] = a os.execute("rm -f " .. path) end JsConfuse = false end end -- 响应包过滤 function dateReplace() if SensitiveProtect then local replaceTelephone = string.gsub(ngx.arg[1], "[1][3,4,5,7,8]%d%d%d%d%d%d%d%d%d", "******") ngx.arg[1] = replaceTelephone end end