init

3 years ago · a8e6ee052c
parent b3d0a36dcd
commit a8e6ee052c
5 changed files with 117 additions and 5 deletions
--- a/plugins/op_waf/index.py
+++ b/plugins/op_waf/index.py
@ -791,7 +791,7 @@ def setObjStatus():
    cobj = json.loads(content)

    o = args['obj']
-    status = args['statusCode']
+    status = int(args['statusCode'])
    cobj[o]['status'] = status

    cjson = mw.getJson(cobj)
--- a/plugins/op_waf/t/index.py
+++ b/plugins/op_waf/t/index.py
@ -23,6 +23,17 @@ TEST_URL = "http://t1.cn/"
 # TEST_URL = "https://www.zzzvps.com/"


+def writeFile(filename, str):
+    # 写文件内容
+    try:
+        fp = open(filename, 'w+')
+        fp.write(str)
+        fp.close()
+        return True
+    except Exception as e:
+        return False
+
+
 def httpGet(url, timeout=10):
    import urllib.request

@ -35,6 +46,61 @@ def httpGet(url, timeout=10):
        return str(e)


+def httpGet__Header(url, headers, timeout=10):
+    import urllib.request
+    try:
+        req = urllib.request.Request(url, headers=headers)
+        response = urllib.request.urlopen(req)
+        result = response.read().decode('utf-8')
+        return result
+
+    except Exception as e:
+        return str(e)
+
+
+def httpUpload(url, timeout=10):
+    try:
+        import requests
+
+        files = {
+            'file': open('/Users/midoks/Desktop/mwdev/server/op_waf/version.pl', 'rb')
+        }
+        res = requests.post(url=url, files=files)
+        return res
+    except Exception as e:
+        return "http.upload:" + str(e)
+
+
+def httpUploadPhp(url, timeout=10):
+    try:
+        import requests
+
+        writeFile("/tmp/tmp.php", "")
+
+        files = {
+            'file': open('/tmp/tmp.php', 'rb')
+        }
+        res = requests.post(url=url, files=files)
+        return res
+    except Exception as e:
+        return "http.upload:" + str(e)
+
+
+def httpUploadPhpData(url, timeout=10):
+    try:
+        import requests
+
+        writeFile("/tmp/tmp.py", "<?php echo '123123';?>")
+
+        files = {
+            'file': open('/tmp/tmp.py', 'rb')
+        }
+        res = requests.post(url=url, files=files)
+        return res
+    except Exception as e:
+        return "http.upload:" + str(e)
+
+
 def httpGet__UA(url, ua, timeout=10):
    import urllib.request
    headers = {'user-agent': ua}
@ -107,7 +173,7 @@ def test_Dir():
    url = TEST_URL + '?t=../etc/passwd'
    print("args test start")
    url_val = httpGet(url, 10)
-    # print(url_val)
+    print(url_val)
    print("args test end")


@ -122,6 +188,17 @@ def test_UA():
    print("user-agent test end")


+def test_Header():
+    '''
+    user-agent 过滤
+    '''
+    url = TEST_URL
+    print("user-agent test start")
+    url_val = httpGet__Header(url, {'X-forwarded-For': '../etc/passwd'})
+    print(url_val)
+    print("user-agent test end")
+
+
 def test_UA_for(num):
    '''
    user-agent 过滤
@ -208,16 +285,40 @@ def test_OK():
    print("ok test end")


+def test_Upload():
+    '''
+    上传文件
+    '''
+    url = TEST_URL
+    print("upload test start")
+    url_val = httpUpload(url, 10)
+    print(url_val)
+
+    print("upload test end")
+
+    print("upload php test start")
+    url_val = httpUploadPhp(url, 10)
+    print(url_val)
+    print("upload php test start")
+
+    print("upload php data test start")
+    url_val = httpUploadPhpData(url, 10)
+    print(url_val)
+    print("upload php data test start")
+
+
 def test_start():
    # test_OK()
    # test_Dir()
    # test_UA()
+    # test_Header()
    # test_UA_for(1000)
    # test_POST()
-    test_scan()
+    # test_scan()
    # test_CC()
    # test_url_ext()
    # test_cdn()
+    test_Upload()


 if __name__ == "__main__":
--- a/plugins/op_waf/t/test.sh
+++ b/plugins/op_waf/t/test.sh
@ -10,4 +10,13 @@ export PATH
 # ab -c 10 -n 1000 http://t1.cn/wp-admin/index.php
 # ab -c 1000 -n 1000000 http://dev156.cachecha.com/

+curPath=`pwd`
+rootPath=$(dirname "$curPath")
+rootPath=$(dirname "$rootPath")
+rootPath=$(dirname "$rootPath")
+
+if [ -f ${rootPath}/bin/activate ];then
+	source ${rootPath}/bin/activate
+fi
+
 python3 index.py
--- a/plugins/op_waf/waf/config.json
+++ b/plugins/op_waf/waf/config.json
@ -1 +1 @@
-{"reqfile_path": "{$WAF_PATH}/html", "retry": {"retry_time": 180, "is_open_global": 0, "retry": 6, "retry_cycle": 60}, "log": true, "scan": {"status": 444, "ps": "过滤常见扫描测试工具的渗透测试", "open": true, "reqfile": ""}, "cc": {"status": 444, "ps": "过虑CC攻击", "limit": 120, "endtime": 300, "open": true,"cycle": 60}, "safe_verify":{"status": 200,"ps": "强制安全校验", "reqfile": "safe_js.html","open": false,"cpu":50,"auto":true,"time":86400 },"get": {"status": 403, "ps": "过滤uri、uri参数中常见sql注入、xss等攻击", "open": true, "reqfile": "get.html"}, "log_save": 30, "user-agent": {"status": 403, "ps": "通常用于过滤浏览器、蜘蛛及一些自动扫描器", "open": true, "reqfile": "user_agent.html"}, "other": {"status": 403, "ps": "其它非通用过滤", "reqfile": "other.html"}, "cookie": {"status": 403, "ps": "过滤利用Cookie发起的渗透攻击", "open": true, "reqfile": "cookie.html"}, "logs_path": "/www/wwwlogs/waf", "post": {"status": 403, "ps": "过滤POST参数中常见sql注入、xss等攻击", "open": true, "reqfile": "post.html"}, "open": true}
+{"reqfile_path": "{$WAF_PATH}/html", "retry": {"retry_time": 180, "is_open_global": 0, "retry": 6, "retry_cycle": 60}, "log": true, "scan": {"status": 444, "ps": "过滤常见扫描测试工具的渗透测试", "open": true, "reqfile": ""}, "cc": {"status": 444, "ps": "过虑CC攻击", "limit": 120, "endtime": 300, "open": true,"cycle": 60}, "safe_verify":{"status": 200,"ps": "强制安全校验", "reqfile": "safe_js.html","open": false,"cpu":50,"auto":true,"time":86400 },"get": {"status": 200, "ps": "过滤uri、uri参数中常见sql注入、xss等攻击", "open": true, "reqfile": "get.html"}, "log_save": 30, "user-agent": {"status": 200, "ps": "通常用于过滤浏览器、蜘蛛及一些自动扫描器", "open": true, "reqfile": "user_agent.html"}, "other": {"status": 200, "ps": "其它非通用过滤", "reqfile": "other.html"}, "cookie": {"status": 200, "ps": "过滤利用Cookie发起的渗透攻击", "open": true, "reqfile": "cookie.html"}, "logs_path": "/www/wwwlogs/waf", "post": {"status": 200, "ps": "过滤POST参数中常见sql注入、xss等攻击", "open": true, "reqfile": "post.html"}, "open": true}
--- a/plugins/op_waf/waf/lua/common.lua
+++ b/plugins/op_waf/waf/lua/common.lua
@ -240,6 +240,8 @@ end

 function _M.return_html(self, status, html)
    ngx.header.content_type = "text/html"
+    status = tonumber(status)
+    -- self:D("return_html:"..tostring(status))
    if status == 200 then
        ngx.say(html)
    end
@ -587,7 +589,7 @@ function _M.write_log(self, name, rule)
    end

    local count = ngx.shared.waf_drop_ip:get(ip)
-    self:D("write_log; count:" ..tostring(count).. ",retry:" .. tostring(retry) )
+    -- self:D("write_log; count:" ..tostring(count).. ",retry:" .. tostring(retry) )
    if (count > retry and name ~= 'cc') then
        local safe_count,_ = ngx.shared.waf_drop_sum:get(ip)
        if not safe_count then