librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

antibot - basic pow with javascript

This commit is contained in:
bunkerity 2021-05-19 17:36:29 +02:00
parent 16e5ede130
commit 6645632846
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
3 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
antibot/javascript.data
View File

@ -7,7 +7,15 @@
return hashHex;
}
(async () => {
const digestHex = await digestMessage('%s');
const nonce = '%s';
var i = 0;
while (true) {
var digestHex = await digestMessage(nonce + i.toString());
if (digestHex.startsWith("0000")) {
break;
}
i++;
}
xhr = new XMLHttpRequest();
xhr.open('POST', '%s');
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
@ -16,6 +24,6 @@
window.location.replace('%s');
}
};
xhr.send(encodeURI('challenge=' + digestHex));
xhr.send(encodeURI('challenge=' + i.toString()));
})();
</script>

8
confs/site/main-lua.conf
View File

@ -242,7 +242,7 @@ if use_crowdsec then
end
-- cookie check
if use_antibot_cookie then
if use_antibot_cookie and ngx.var.uri ~= "/favicon.ico" then
if not cookie.is_set("uri") then
if ngx.var.request_uri ~= antibot_uri then
cookie.set({uri = ngx.var.request_uri})
@ -258,7 +258,7 @@ if use_antibot_cookie then
end
-- javascript check
if use_antibot_javascript then
if use_antibot_javascript and ngx.var.uri ~= "/favicon.ico" then
if not cookie.is_set("javascript") then
if ngx.var.request_uri ~= antibot_uri then
cookie.set({uri = ngx.var.request_uri, challenge = javascript.get_challenge()})
@ -268,7 +268,7 @@ if use_antibot_javascript then
end
-- captcha check
if use_antibot_captcha then
if use_antibot_captcha and ngx.var.uri ~= "/favicon.ico" then
if not cookie.is_set("captcha") then
if ngx.var.request_uri ~= antibot_uri then
cookie.set({uri = ngx.var.request_uri})
@ -278,7 +278,7 @@ if use_antibot_captcha then
end
-- recaptcha check
if use_antibot_recaptcha then
if use_antibot_recaptcha and ngx.var.uri ~= "/favicon.ico" then
if not cookie.is_set("recaptcha") then
if ngx.var.request_uri ~= antibot_uri then
cookie.set({uri = ngx.var.request_uri})

7
lua/javascript.lua
View File

@ -32,12 +32,15 @@ function M.get_code (challenge, antibot_uri, original_uri)
end
function M.check (challenge, user)
ngx.log(ngx.ERR, "debug challenge = " .. challenge)
ngx.log(ngx.ERR, "debug user = " .. user)
local resty_sha256 = require "resty.sha256"
local str = require "resty.string"
local sha256 = resty_sha256:new()
sha256:update(challenge)
sha256:update(challenge .. user)
local digest = sha256:final()
return str.to_hex(digest) == user
ngx.log(ngx.ERR, "debug digest = " .. str.to_hex(digest))
return str.to_hex(digest):find("^0000") ~= nil
end
return M