云函数代理蚁剑流量
1.创建云函数
#!/usr/bin/env
# -*- coding:utf-8 -*-
import requests
import json
from urllib.parse import urlsplit
def geturl(urlstr):
jurlstr = json.dumps(urlstr)
dict_url = json.loads(jurlstr)
return dict_url['url']
def main_handler(event, context):
url = geturl(event['queryString'])
host = urlsplit(url).netloc
postdata = event['body']
headers = event['headers']
headers["HOST"] = host
resp = requests.post(url, data=postdata, headers=headers, verify=False)
response = {
"isBase64Encoded": False,
"statusCode": 200,
"headers": {'Content-Type': 'text/html;charset=' + resp.apparent_encoding},
"body": resp.text
}
return response
使用时在webshell前加api访问路径。
https://service-ncowiper-xxxxxxx.apigw.tencentcs.com/release/helloworld-1637410382?url=https://www.baidu.com/shell.php
云函数HTTP代理
# -*- coding: utf8 -*-
import json
import pickle
from base64 import b64decode, b64encode
import requests
SCF_TOKEN = "INYZCKWDRHLGAFBQEXPTSMVUO"
def authorization():
return {
"isBase64Encoded": False,
"statusCode": 401,
"headers": {},
"body": "Please provide correct SCF-Token",
}
def main_handler(event: dict, context: dict):
# Tencent cloud has its own authorization system https://console.cloud.tencent.com/cam/capi
# But it may be a little overqualified for a simple usage like this
try:
token = event["headers"]["scf-token"]
except KeyError:
return authorization()
if token != SCF_TOKEN:
return authorization()
data = event["body"]
kwargs = json.loads(data)
kwargs['data'] = b64decode(kwargs['data'])
# Prohibit automatic redirect to avoid network errors such as connection reset
r = requests.request(**kwargs, verify=False, allow_redirects=False)
# TODO: REFACTOR NEEDED. Return response headers and body directly.
# There are many errors occured when setting headers to r.headers with some aujustments(https://cloud.tencent.com/document/product/583/12513).
# and the response `r.content`/`r.raw.read()` to body.(like gzip error)
serialized_resp = pickle.dumps(r)
return {
"isBase64Encoded": False,
"statusCode": 200,
"headers": {},
"body": b64encode(serialized_resp).decode("utf-8"),
}本地安装 mitmproxy
pip3 install mitmproxy
import json
import pickle
from typing import List
from random import choice
from urllib.parse import urlparse
from base64 import b64encode, b64decode
import mitmproxy
from mitmproxy.net.http import Headers
# API访问地址,可以添加多个,以逗号分隔
scf_servers: List[str] = ['https://service-xxxx.apigw.tencentcs.com/release/helloworld-1637412674']
# 授权Token,与云函数中的token配置一致
SCF_TOKEN = "INYZCKWDRHLGAFBQEXPTSMVUO"
def request(flow: mitmproxy.http.HTTPFlow):
scf_server = choice(scf_servers)
r = flow.request
data = {
"method": r.method,
"url": r.pretty_url,
"headers": dict(r.headers),
"cookies": dict(r.cookies),
"params": dict(r.query),
"data": b64encode(r.raw_content).decode("ascii"),
}
flow.request = flow.request.make(
"POST",
url=scf_server,
content=json.dumps(data),
headers={
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate, compress",
"Accept-Language": "en-us;q=0.8",
"Cache-Control": "max-age=0",
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
"Connection": "close",
"Host": urlparse(scf_server).netloc,
"SCF-Token": SCF_TOKEN,
},
)
def response(flow: mitmproxy.http.HTTPFlow):
if flow.response.status_code != 200:
mitmproxy.ctx.log.warn("Error")
if flow.response.status_code == 401:
flow.response.headers = Headers(content_type="text/html;charset=utf-8")
return
if flow.response.status_code == 433:
flow.response.headers = Headers(content_type="text/html;charset=utf-8")
flow.response.text = "<html><body>操作已超过云函数服务最大时间限制,可在函数配置中修改执行超时时间</body></html>"
return
if flow.response.status_code == 200:
body = flow.response.content.decode("utf-8")
resp = pickle.loads(b64decode(body))
r = flow.response.make(
status_code=resp.status_code,
headers=dict(resp.headers),
content=resp.content,
)
flow.response = r启动客户端
mitmdump -s client.py -p 8080
修改浏览器代理
添加mitmdump证书
选择证书导入
查看IP,每次刷新IP都会变化
