up

3 years ago · 4c73f13f2d
parent f31c1aae96
commit 4c73f13f2d
2 changed files with 82 additions and 3 deletions
--- a/plugins/op_waf/index.py
+++ b/plugins/op_waf/index.py
@ -122,7 +122,22 @@ def initSiteInfo():
            tmp['scan'] = config_contents['scan']

            cdn_header = ['x-forwarded-for',
-                          'x-real-ip', 'HTTP_CF_CONNECTING_IP']
+                          'x-real-ip',
+                          'x-forwarded',
+                          'forwarded-for',
+                          'forwarded',
+                          'true-client-ip',
+                          'client-ip',
+                          'ali-cdn-real-ip',
+                          'cdn-src-ip',
+                          'cdn-real-ip',
+                          'cf-connecting-ip',
+                          'cf-connecting-ip',
+                          'x-cluster-client-ip',
+                          'wl-proxy-client-ip',
+                          'proxy-client-ip',
+                          'true-client-ip',
+                          'HTTP_CF_CONNECTING_IP']
            tmp['cdn_header'] = cdn_header

            disable_upload_ext = ["php", "jsp"]
--- a/plugins/op_waf/t/index.py
+++ b/plugins/op_waf/t/index.py
@ -6,18 +6,82 @@ import os
 import time
 import json

+import os
+import sys
+import time
+import string
+import json
+import hashlib
+import shlex
+import datetime
+import subprocess
+import re
+from random import Random
+

 TEST_URL = "http://t1.cn/"


-def run():
+def httpGet(url, timeout):
+    import urllib.request
+
+    try:
+        req = urllib.request.urlopen(url, timeout=timeout)
+        result = req.read().decode('utf-8')
+        return result
+
+    except Exception as e:
+        return str(e)
+
+
+def httpPost(url, data, timeout=10):
+    """
+    发送POST请求
+    @url 被请求的URL地址(必需)
+    @data POST参数，可以是字符串或字典(必需)
+    @timeout 超时时间默认60秒
+    return string
+    """
+    if sys.version_info[0] == 2:
+        try:
+            import urllib
+            import urllib2
+            import ssl
+            ssl._create_default_https_context = ssl._create_unverified_context
+            data = urllib.urlencode(data)
+            req = urllib2.Request(url, data)
+            response = urllib2.urlopen(req, timeout=timeout)
+            return response.read()
+        except Exception as ex:
+            return str(ex)
+    else:
+        try:
+            import urllib.request
+            import ssl
+            try:
+                ssl._create_default_https_context = ssl._create_unverified_context
+            except:
+                pass
+            data = urllib.parse.urlencode(data).encode('utf-8')
+            req = urllib.request.Request(url, data)
+            response = urllib.request.urlopen(req, timeout=timeout)
+            result = response.read()
+            if type(result) == bytes:
+                result = result.decode('utf-8')
+            return result
+        except Exception as ex:
+            return str(ex)
+
+
+def test_Dir():
    url = TEST_URL + '?t=../etc/passwd'
    print("args test start")
-
+    httpGet(url, 10)
    print("args test end")


 def test_start():
+    test_Dir()


 if __name__ == "__main__":