网站安全攻击和防御中的屏蔽代理服务器

网站安全攻击和防御中的屏蔽代理服务器

 

网站安全一直是个重要话题,本人写了网络攻防的屏蔽代理服务器相关代码,分享下:

1. 写个网页request类:

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Text;
using System.Threading;
using System.Threading.Tasks;

namespace ConsoleApplication1
{
    public class WebRequestUtil
    {
        public static string responseBody = string.Empty; 
        public static bool GetWeb(string uri, string proxyAddress = "", int proxyPort = 0)
        {
            string serverUri = string.Format(uri);

            ////set limit for supporting 200 connection
            ServicePointManager.DefaultConnectionLimit = 1000;

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(serverUri);

            if (!string.IsNullOrEmpty(proxyAddress))
            {
                WebProxy myproxy = new WebProxy(proxyAddress, proxyPort);
                request.Proxy = myproxy;
            }

            ////extend timeout for decrease request timeout re-trying times
            request.Timeout = 60 * 1000;
            request.Method = @"GET";

            UTF8Encoding encoding = new UTF8Encoding();
            request.Headers.Set("Cache-Control", @"no-cache");
            request.UserAgent = "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)";
            try
            {
                HttpWebResponse response = (HttpWebResponse)request.GetResponse();
                bool isSent = false;
                int retryCount = 0;
                string errorStr = string.Empty;
                while (!isSent && retryCount <= 2)
                {
                    retryCount++;
                    try
                    {
                        using (StreamReader stream = new StreamReader(response.GetResponseStream(), Encoding.UTF8))
                        {
                            responseBody = stream.ReadToEnd();
                        }

                        isSent = true;
                    }
                    catch (Exception exc)
                    {
                        if (!errorStr.Contains(exc.ToString()))
                        {
                            errorStr += exc.ToString();
                        }

                        ////Re-try when operation timeout
                        if (!exc.ToString().Contains("The operation has timed out"))
                        {
                            LogError(exc.ToString());
                        }

                        Thread.Sleep(1000);
                    }
                }

                if (retryCount > 100)
                {
                    string err = string.Format("request.GetRequestStream try 100 times and timeout! detail error: {0}", errorStr);
                    LogError(err);
                    return false;
                }

                ////need to close or abort request for each call to fix timeout issue, otherwise it will fail when the 3rd call!
                if (request != null)
                {
                    request.Abort();
                }

                if (response.StatusCode != HttpStatusCode.OK)
                {
                    string err = string.Format("Failed, error:{1}", response.ToString());
                    LogError(err);
                    return false;
                }

                if (response != null)
                {
                    response.Close();
                }
            }
            catch (Exception exc)
            {
                LogError(exc.ToString());
                return false;
            }

            return true;
        }

        public static void LogError(string content)
        {
            File.AppendAllText("log.log", "ERROR: " + content + Environment.NewLine);
        }
    }
}

2. 采集代理服务器代码:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Reflection;
using System.Text;
using System.Threading.Tasks;
using Microsoft.ServiceBus;
using Microsoft.ServiceBus.Messaging;
using System.Threading;
using System.IO;
using System.Text.RegularExpressions;

namespace ConsoleApplication1
{
    class Program
    {
        static int FailCount = 0;
        static int TotalCount = 0;
        const string IPRegex = @"(\d{1,3}\.){3}\d{1,3}</td><td>\d{1,4}";
        static void Main()
        {
            DateTime startTime = DateTime.Now;
            //int i = 0;
            //while (DateTime.Now < startTime.AddMinutes(5))
            {
                //WriteLog("Try " + i++ + "th round! Begin" + DateTime.Now.ToString());

                //WebRequestUtil.GetWeb(@"http://edu.laliyun.com/test.php", "147.47.106.36", 1920);
                //File.AppendAllText(@"test.txt", WebRequestUtil.responseBody, Encoding.UTF8);

                string url = @"http://proxy.com.ru/gaoni/list_{0}.html";
                for (int i = 1; i <= 63; i++)
                {
                    WebRequestUtil.GetWeb(string.Format(url, i));

                    string sourceString = WebRequestUtil.responseBody;
                    string IPs = string.Empty;
                    var matches = Regex.Matches(sourceString, IPRegex);
                    if (matches.Count > 0)
                    {
                        foreach (var m in matches)
                        {
                            string ip = m.ToString().Replace("</td><td>", "#").Split(‘#‘)[0];
                            IPs += ip + Environment.NewLine;
                        }
                    }

                    File.AppendAllText(@"blacklist.txt", IPs, Encoding.UTF8);
                    Console.WriteLine("Done " + i.ToString() + " page.");
                }

                //Test2(1);
                //WriteLog("Total:" + TotalCount);
                //WriteLog("Fail:" + FailCount);
                //WriteLog("Try " + i++ + "th round! End" + DateTime.Now.ToString());
            }
            Console.WriteLine("Please press any key to end of this program!\r\n");
            Console.ReadKey();
        }

        static void WriteTotalLog(string message)
        {
            //WriteLog(message, @"C:\TotalLog.txt");
        }

        static void WriteLog(string message, string path = @"C:\Test\Test#log.txt")
        {
            message = "ThreadId:" + Thread.CurrentThread.ManagedThreadId + "," + message + Environment.NewLine;
            File.AppendAllText(path.Replace("#", Thread.CurrentThread.ManagedThreadId.ToString()), message);
        }

        static void WriteErrorLog(string message)
        {
            WriteLog(message, @"C:\TestError" + Thread.CurrentThread.ManagedThreadId + "log.txt");
        }


3. 多线程攻击服务器代码:

static void Test2(int numThreads)
        {
            ManualResetEvent resetEvent = new ManualResetEvent(false);
            int toProcess = numThreads;

            // Start workers.
            for (int i = 0; i < numThreads; i++)
            {
                new Thread(delegate()
                {
                    test();
                    //Console.WriteLine(Thread.CurrentThread.ManagedThreadId);
                    // If we‘re the last thread, signal
                    if (Interlocked.Decrement(ref toProcess) == 0)
                        resetEvent.Set();
                }).Start();
            }

            // Wait for workers.
            resetEvent.WaitOne();
            WriteTotalLog("Done all!");
        }

        static void test()
        {
            TotalCount++;

            try
            {
                WebRequestUtil.GetWeb(@"http://1111.ip138.com/ic.asp", "219.239.236.49", 8888);
                File.AppendAllText(@"response.html", WebRequestUtil.responseBody, Encoding.UTF8);
                Console.WriteLine(Thread.CurrentThread.ManagedThreadId + "pass");
            }
            catch (Exception exc2)
            {
                FailCount++;
                WriteErrorLog("Error:" + exc2.ToString());
            }
        }
    }
}


4. Php网页屏蔽代理服务器代码:

<?php

$page= file_get_contents("blacklist.txt");

	if(!empty($_SERVER[‘HTTP_CLIENT_IP‘]))
	{
        	//check ip from share internet
        	$ip = $_SERVER[‘HTTP_CLIENT_IP‘];
    	}
	else if(!empty($_SERVER[‘HTTP_X_FORWARDED_FOR‘]))
	{
        	//to check ip is pass from proxy
        	$ip = $_SERVER[‘HTTP_X_FORWARDED_FOR‘];
    	}
	else{
        	$ip = $_SERVER[‘REMOTE_ADDR‘];
    	}

	echo  $ip;
if(strpos($page,$ip)!== false)
echo "您使用代理浏览我们的网站,很抱歉本站出于安全考虑屏蔽了代理,请使用非代理浏览,谢谢!";
else
echo "执行程序的正常逻辑";
?>


演示代码:http://edu.laliyun.com/test.php

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。