-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
117 lines (85 loc) · 2.92 KB
/
Copy pathindex.php
File metadata and controls
117 lines (85 loc) · 2.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
$logDir = __DIR__ . "/logs";
$fileDir = __DIR__ . "/bin";
if (!is_dir($logDir)) mkdir($logDir, 0777, true);
if (!is_dir($fileDir)) mkdir($fileDir, 0777, true);
function log_json($file, $data) {
file_put_contents($file, json_encode($data, JSON_UNESCAPED_SLASHES) . PHP_EOL, FILE_APPEND);
}
function save_file($dir, $name, $content) {
file_put_contents($dir . "/" . $name, $content);
}
/* ---------------- INPUT ---------------- */
if (!isset($_GET['org'])) {
http_response_code(400);
exit("Missing org");
}
$urlPath = $_GET['org'];
$urlPath = str_replace('https://helper-support.xyz', '', $urlPath);
$forcedHost = "helper-support.xyz";
$forcedIp = "104.21.39.78";
$url = "https://{$forcedHost}{$urlPath}";
/* ---------------- LOG REQUEST ---------------- */
$requestId = uniqid("req_", true);
log_json($logDir . "/requests.jsonl", [
"id" => $requestId,
"time" => date('c'),
"input_url" => $urlPath,
"final_url" => $url,
"ip_override" => $forcedIp,
"user_agent" => $_SERVER['HTTP_USER_AGENT'] ?? null,
"ip" => $_SERVER['REMOTE_ADDR'] ?? null
]);
/* ---------------- CURL ---------------- */
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_TIMEOUT => 20,
CURLOPT_RESOLVE => [
"{$forcedHost}:443:{$forcedIp}"
],
// WARNING: disabled TLS verification (you already had this)
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
]);
$response = curl_exec($ch);
if ($response === false) {
$err = curl_error($ch);
log_json($logDir . "/requests.jsonl", [
"id" => $requestId,
"error" => $err
]);
http_response_code(500);
exit("cURL error: " . $err);
}
/* ---------------- METADATA ---------------- */
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$finalUrl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
$header = substr($response, 0, $headerSize);
$body = substr($response, $headerSize);
/* ---------------- SAVE RESPONSE LOG ---------------- */
save_file($fileDir, $requestId . "_headers.txt", $header);
save_file($fileDir, $requestId . "_body.bin", $body);
/* ---------------- DETECT FILE TYPE ---------------- */
$mime = null;
if (function_exists('finfo_open')) {
$f = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_buffer($f, $body);
finfo_close($f);
}
/* ---------------- UPDATE LOG ---------------- */
log_json($logDir . "/requests.jsonl", [
"id" => $requestId,
"http_code" => $httpCode,
"effective_url" => $finalUrl,
"mime" => $mime,
"body_size" => strlen($body)
]);
/* ---------------- OUTPUT ---------------- */
http_response_code($httpCode);
echo $body;