突破 ByetHost 的浏览器检查机制
评论 0 热度 1360
访问byethost的空间会出现?i=1等奇怪的参数,应该是用来拦截非浏览器实现的访问或者做统计的。若要使用crontab定时抓取其链接是无法正常抓取的,需要绕过去。这里用PHP先get到要运算的代码(如下),然后输出到浏览器,再让浏览器返回运行好的结果即可。当然分析好代码后也可以直接用PHP算出来,这里主要考虑到byethost生成的cookie有效期有几十年那么长,分析代码太浪费时间了。
<html>
<body>
<script type="text/javascript" src="/aes.js" ></script>
<script>
function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("1dd74c7595a98ebe37260316fdb8716c");
document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://sc.he-he.gq/?i=1";</script>
<noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript>
</body>
</html>下面为PHP代码,自行准备aes.js文件
<?php
$pass = "7fef6171469e80d32c0559f88b377245"; //md5 加密后的密码 默认admin888
$u = $_GET['u'];
if ($_POST['cookie'] && md5($_POST['p']) == $pass) {
if (file_put_contents("cookie_".fmark($u), $_POST['cookie'])){
echo "Cookie Saved<br />";
}else{
echo "Error: failed to save cookie !<br />";
exit;
}
}
$rs = HTTPget($u);
if (!$rs) {
echo "Error getting ".$u;
exit;
}
preg_match("@function toNumbers.*?document.cookie@i", $rs, $js);
if (count($js) == 0) {
header("Content-type: text/plain;charset=UTF-8");
echo "Maybe ok.\r\n\"" . $u . "\" responded: \r\n\r\n";
if (strlen($rs) > 2000) {
$limit = 2000;
}else{
$limit = strlen($rs);
}
echo substr($rs, 0, $limit);
if (file_exists("111_cron_info_".fmark($u)))
unlink("111_cron_info_".fmark($u));
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>ByethostCron</title>
<script type="text/javascript" src="aes.js"></script>
</head>
<body>
Update cookie:
<form action="?u=<?php echo urlencode($u) ?>" method="post">
<input type="password" name="p" placeholder="password">
<input type="text" name="cookie" id="cc" style="display: none;">
<button type="submit">Go</button>
</form>
<?php
$js = str_replace("document.cookie", "", $js[0]);
$js .= 'cc.value = toHex(slowAES.decrypt(c,2,a,b));';
echo "<script>" . $js . "</script>";
file_put_contents("111_cron_info_".fmark($u), "need update! \r\nurl: ".urlencode($u));
?>
</body>
</html><?php
function HTTPget($u){
$h = ["User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/69.0.3497.81 Chrome/69.0.3497.81 Safari/537.36"];
$cookie = "cookie_".fmark($u);
if (file_exists($cookie))
$h[] = "cookie: __test=".file_get_contents($cookie);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $u);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 20000);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $h);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, false);
curl_setopt($ch, CURLOPT_HEADER, true);
$content = curl_exec($ch);
curl_close($ch);
return $content;
}
function fmark($str){
return substr(md5($str), 3, 16);
}访问?u={urlencode(URL)}再输入密码即可。
若脚本执行失败,会自动在目录处新建111_cron_info_{fmark}等文件,无需手动删除,执行成功后便会自动删除。