forked from DownUnderCTF/Challenges_2021_Public
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathproxy.py
executable file
·49 lines (43 loc) · 1.35 KB
/
proxy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/usr/bin/python3
import os
import socketserver
import urllib.request
from os.path import abspath
from http.server import SimpleHTTPRequestHandler
from urllib.parse import unquote, urlparse, urljoin
PORT = 9097
whitelist = ["http://127.0.0.1/static/images/", "http://localhost/static/images/"]
blacklist = ["admin","flag"]
remove_list = ["'","OR","SELECT","FROM",";","../","./","....//"]
def waf(url):
resp = unquote(url)
whitelist_check = False
for uri in whitelist:
if resp.lower().startswith(uri):
whitelist_check = uri
break
if whitelist_check == False:
return None
for forbidden in blacklist:
if forbidden in resp.lower():
return None
for badstr in remove_list:
resp = resp.replace(badstr,"BLOCKEDBY1337WAF")
resp = urlparse(resp)
resp = unquote(abspath(resp.path))
return urljoin(whitelist_check,resp)
class CDNProxy(SimpleHTTPRequestHandler):
def do_GET(self):
url = self.path[1:]
print(self.headers)
self.send_response(200)
self.send_header("X-CDN","CDN-1337")
self.end_headers()
waf_result = waf(url)
if waf_result:
self.copyfile(urllib.request.urlopen(waf_result), self.wfile)
else:
self.wfile.write(bytes("1337 WAF blocked your request","utf-8"))
httpd = socketserver.ForkingTCPServer(('', PORT), CDNProxy)
print("Now serving at " + str(PORT))
httpd.serve_forever()