Loading... **云函数代理蚁剑流量** ------------------ 1.创建云函数 ![2021-11-20T12:38:58.png][1] ```python #!/usr/bin/env # -*- coding:utf-8 -*- import requests import json from urllib.parse import urlsplit def geturl(urlstr): jurlstr = json.dumps(urlstr) dict_url = json.loads(jurlstr) return dict_url['url'] def main_handler(event, context): url = geturl(event['queryString']) host = urlsplit(url).netloc postdata = event['body'] headers = event['headers'] headers["HOST"] = host resp = requests.post(url, data=postdata, headers=headers, verify=False) response = { "isBase64Encoded": False, "statusCode": 200, "headers": {'Content-Type': 'text/html;charset=' + resp.apparent_encoding}, "body": resp.text } return response ``` ![2021-11-20T12:41:41.png][2] 使用时在webshell前加api访问路径。 [1]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/11/1370022864.png [2]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/11/2521866462.png [3]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/11/3515891761.png [4]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/11/2699208386.png [5]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/11/1610412976.png [6]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/11/3288857346.png [7]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/11/3943276659.png [8]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/11/1722623055.png > https://service-ncowiper-xxxxxxx.apigw.tencentcs.com/release/helloworld-1637410382?url=https://www.baidu.com/shell.php ![2021-11-20T12:44:05.png][3] **云函数HTTP代理** -------------- ![2021-11-20T13:01:14.png][4] ```python # -*- coding: utf8 -*- import json import pickle from base64 import b64decode, b64encode import requests SCF_TOKEN = "INYZCKWDRHLGAFBQEXPTSMVUO" def authorization(): return { "isBase64Encoded": False, "statusCode": 401, "headers": {}, "body": "Please provide correct SCF-Token", } def main_handler(event: dict, context: dict): # Tencent cloud has its own authorization system https://console.cloud.tencent.com/cam/capi # But it may be a little overqualified for a simple usage like this try: token = event["headers"]["scf-token"] except KeyError: return authorization() if token != SCF_TOKEN: return authorization() data = event["body"] kwargs = json.loads(data) kwargs['data'] = b64decode(kwargs['data']) # Prohibit automatic redirect to avoid network errors such as connection reset r = requests.request(**kwargs, verify=False, allow_redirects=False) # TODO: REFACTOR NEEDED. Return response headers and body directly. # There are many errors occured when setting headers to r.headers with some aujustments(https://cloud.tencent.com/document/product/583/12513). # and the response `r.content`/`r.raw.read()` to body.(like gzip error) serialized_resp = pickle.dumps(r) return { "isBase64Encoded": False, "statusCode": 200, "headers": {}, "body": b64encode(serialized_resp).decode("utf-8"), } ``` 本地安装 `mitmproxy` > pip3 install mitmproxy ```python import json import pickle from typing import List from random import choice from urllib.parse import urlparse from base64 import b64encode, b64decode import mitmproxy from mitmproxy.net.http import Headers # API访问地址,可以添加多个,以逗号分隔 scf_servers: List[str] = ['https://service-xxxx.apigw.tencentcs.com/release/helloworld-1637412674'] # 授权Token,与云函数中的token配置一致 SCF_TOKEN = "INYZCKWDRHLGAFBQEXPTSMVUO" def request(flow: mitmproxy.http.HTTPFlow): scf_server = choice(scf_servers) r = flow.request data = { "method": r.method, "url": r.pretty_url, "headers": dict(r.headers), "cookies": dict(r.cookies), "params": dict(r.query), "data": b64encode(r.raw_content).decode("ascii"), } flow.request = flow.request.make( "POST", url=scf_server, content=json.dumps(data), headers={ "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Encoding": "gzip, deflate, compress", "Accept-Language": "en-us;q=0.8", "Cache-Control": "max-age=0", "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36", "Connection": "close", "Host": urlparse(scf_server).netloc, "SCF-Token": SCF_TOKEN, }, ) def response(flow: mitmproxy.http.HTTPFlow): if flow.response.status_code != 200: mitmproxy.ctx.log.warn("Error") if flow.response.status_code == 401: flow.response.headers = Headers(content_type="text/html;charset=utf-8") return if flow.response.status_code == 433: flow.response.headers = Headers(content_type="text/html;charset=utf-8") flow.response.text = "<html><body>操作已超过云函数服务最大时间限制,可在函数配置中修改执行超时时间</body></html>" return if flow.response.status_code == 200: body = flow.response.content.decode("utf-8") resp = pickle.loads(b64decode(body)) r = flow.response.make( status_code=resp.status_code, headers=dict(resp.headers), content=resp.content, ) flow.response = r ``` 启动客户端 > mitmdump -s client.py -p 8080 修改浏览器代理 ![2021-11-20T13:04:29.png][5] 添加mitmdump证书 ![2021-11-20T13:05:18.png][6] ![2021-11-20T13:06:15.png][7] 选择证书导入 查看IP,每次刷新IP都会变化 ![2021-11-20T13:07:00.png][8] Last modification:January 3, 2022 © Allow specification reprint Support Appreciate the author Like 0 如果觉得我的文章对你有用,请随意赞赏