Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

antibot - basic pow with javascript

Browse Source
This commit is contained in:
bunkerity 2021-05-19 17:36:29 +02:00
parent 16e5ede130
commit 6645632846
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
3 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
antibot/javascript.data
View File

@ -7,7 +7,15 @@
return hashHex; return hashHex;
} }
(async () => { (async () => {
const digestHex = await digestMessage('%s'); const nonce = '%s';
var i = 0;
while (true) {
var digestHex = await digestMessage(nonce + i.toString());
if (digestHex.startsWith("0000")) {
break;
}
i++;
}
xhr = new XMLHttpRequest(); xhr = new XMLHttpRequest();
xhr.open('POST', '%s'); xhr.open('POST', '%s');
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
@ -16,6 +24,6 @@
window.location.replace('%s'); window.location.replace('%s');
} }
}; };
xhr.send(encodeURI('challenge=' + digestHex)); xhr.send(encodeURI('challenge=' + i.toString()));
})(); })();
</script> </script>

8
confs/site/main-lua.conf
View File

@ -242,7 +242,7 @@ if use_crowdsec then
end end
-- cookie check -- cookie check
if use_antibot_cookie then if use_antibot_cookie and ngx.var.uri ~= "/favicon.ico" then
if not cookie.is_set("uri") then if not cookie.is_set("uri") then
if ngx.var.request_uri ~= antibot_uri then if ngx.var.request_uri ~= antibot_uri then
cookie.set({uri = ngx.var.request_uri}) cookie.set({uri = ngx.var.request_uri})
@ -258,7 +258,7 @@ if use_antibot_cookie then
end end
-- javascript check -- javascript check
if use_antibot_javascript then if use_antibot_javascript and ngx.var.uri ~= "/favicon.ico" then
if not cookie.is_set("javascript") then if not cookie.is_set("javascript") then
if ngx.var.request_uri ~= antibot_uri then if ngx.var.request_uri ~= antibot_uri then
cookie.set({uri = ngx.var.request_uri, challenge = javascript.get_challenge()}) cookie.set({uri = ngx.var.request_uri, challenge = javascript.get_challenge()})
@ -268,7 +268,7 @@ if use_antibot_javascript then
end end
-- captcha check -- captcha check
if use_antibot_captcha then if use_antibot_captcha and ngx.var.uri ~= "/favicon.ico" then
if not cookie.is_set("captcha") then if not cookie.is_set("captcha") then
if ngx.var.request_uri ~= antibot_uri then if ngx.var.request_uri ~= antibot_uri then
cookie.set({uri = ngx.var.request_uri}) cookie.set({uri = ngx.var.request_uri})
@ -278,7 +278,7 @@ if use_antibot_captcha then
end end
-- recaptcha check -- recaptcha check
if use_antibot_recaptcha then if use_antibot_recaptcha and ngx.var.uri ~= "/favicon.ico" then
if not cookie.is_set("recaptcha") then if not cookie.is_set("recaptcha") then
if ngx.var.request_uri ~= antibot_uri then if ngx.var.request_uri ~= antibot_uri then
cookie.set({uri = ngx.var.request_uri}) cookie.set({uri = ngx.var.request_uri})

7
lua/javascript.lua
View File

@ -32,12 +32,15 @@ function M.get_code (challenge, antibot_uri, original_uri)
end end
function M.check (challenge, user) function M.check (challenge, user)
ngx.log(ngx.ERR, "debug challenge = " .. challenge)
ngx.log(ngx.ERR, "debug user = " .. user)
local resty_sha256 = require "resty.sha256" local resty_sha256 = require "resty.sha256"
local str = require "resty.string" local str = require "resty.string"
local sha256 = resty_sha256:new() local sha256 = resty_sha256:new()
sha256:update(challenge) sha256:update(challenge .. user)
local digest = sha256:final() local digest = sha256:final()
return str.to_hex(digest) == user ngx.log(ngx.ERR, "debug digest = " .. str.to_hex(digest))
return str.to_hex(digest):find("^0000") ~= nil
end end
return M return M