injectlib/YYeTsBot
1
0
Fork 0
mirror of https://github.com/tgbot-collection/YYeTsBot.git synced 2025-11-25 19:37:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

remove ne1 check

Browse Source
This commit is contained in:
BennyThink
2021-06-08 16:23:19 +08:00
parent 738fb6be6d
commit 2eefab8fe4
4 changed files with 6 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
requirements.txt
View File

@@ -10,4 +10,3 @@ redis==3.5.3
captcha==0.3 captcha==0.3
passlib==1.7.4 passlib==1.7.4
cryptography==3.4.7

1
web/README.md
View File

@@ -7,7 +7,6 @@
* tornado * tornado
* mongodb * mongodb
* pymongo * pymongo
* cryptography
# 导入数据 # 导入数据

54
web/crypto.py
View File

@@ -1,54 +0,0 @@
#!/usr/local/bin/python3
# coding: utf-8
# YYeTsBot - test.py
# 2/7/21 12:07
#
__author__ = "Benny <benny.think@gmail.com>"
import base64
from hashlib import md5
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
def pad(data):
length = 16 - (len(data) % 16)
return data + (chr(length) * length).encode()
def unpad(data):
return data[:-(data[-1] if type(data[-1]) == int else ord(data[-1]))]
def bytes_to_key(data, salt, output=48):
# extended from https://gist.github.com/gsakkis/4546068
assert len(salt) == 8, len(salt)
data = bytes(data, "ascii")
data += salt
key = md5(data).digest()
final_key = key
while len(final_key) < output:
key = md5(key + data).digest()
final_key += key
return final_key[:output]
def decrypt(encrypted, passphrase):
encrypted = base64.b64decode(encrypted)
assert encrypted[0:8] == b"Salted__"
salt = encrypted[8:16]
key_iv = bytes_to_key(passphrase, salt, 32 + 16)
key = key_iv[:32]
iv = key_iv[32:]
cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
decryptor = cipher.decryptor()
a = decryptor.update(encrypted[16:]) + decryptor.finalize()
return unpad(a)
if __name__ == '__main__':
passphrase = "39300"
test = "U2FsdGVkX19Sch0x9oifjNaBt9eTkZSPUUVVhpjAp0s="
result = decrypt(test, passphrase)
print(result)

22
web/server.py
View File

@@ -33,7 +33,6 @@ from tornado.concurrent import run_on_executor
from passlib.hash import pbkdf2_sha256 from passlib.hash import pbkdf2_sha256
from captcha.image import ImageCaptcha from captcha.image import ImageCaptcha
from crypto import decrypt
enable_pretty_logging() enable_pretty_logging()
@@ -85,30 +84,21 @@ class AntiCrawler:
self.redis = Redis() self.redis = Redis()
def execute(self) -> bool: def execute(self) -> bool:
header_result = self.header_check() header_result = self.header_check()
ban_check = self.ban_check() ban_check = self.ban_check()
if header_result or ban_check: if header_result or ban_check:
return True return True
def header_check(self): def header_check(self):
cypher_text = self.tornado.request.headers.get("ne1", "")
referer = self.tornado.request.headers.get("Referer") referer = self.tornado.request.headers.get("Referer")
param = self.tornado.get_query_argument("id") resource_id = self.tornado.get_query_argument("id")
uri = self.tornado.request.uri uri = self.tornado.request.uri
logging.info("Verifying: Referer:[%s] ct:[%s], uri:[%s], id:[%s]", referer, cypher_text, uri, param) logging.info("Verifying: Referer:[%s] uri:[%s]", referer, uri)
if referer is None:
if (referer is None) or (param not in referer):
return True return True
if resource_id not in uri:
try: return True
passphrase = param if resource_id not in referer:
result = decrypt(cypher_text, passphrase).decode('u8')
except Exception:
logging.error("Decrypt failed")
result = ""
if result != self.tornado.request.uri:
return True return True
def ban_check(self): def ban_check(self):