Skip to content

Instantly share code, notes, and snippets.

@BackSpaceTech
Last active September 12, 2016 08:26
Show Gist options
  • Save BackSpaceTech/e522d861af3c35d875637bf2bedfed93 to your computer and use it in GitHub Desktop.
Save BackSpaceTech/e522d861af3c35d875637bf2bedfed93 to your computer and use it in GitHub Desktop.
Shared Responsibility 3 - Identify and Destroy the Bots
var express = require('express')
var app = express()
var bodyParser = require('body-parser')
app.set('port', (process.env.PORT ||8080));
app.use(express.static(__dirname + '/public'));
app.use(bodyParser.urlencoded({ extended: true }));
app.get('/', function(request, response) {
response.send(dynamicCSS())
})
app.post('/login', function(request, response) {
var botScore = 0
if (request.body.plugins == 0) ++botScore // Empty plugins array
if (!request.body.username) ++botScore // Clicked on decoy inputs
if (!request.body.password) ++botScore
if (getObjectKeyIndex(request.headers, 'host') != 0) ++botScore // Bot type header info
if (getObjectKeyIndex(request.headers, 'accept') == 0) ++botScore
if (getObjectKeyIndex(request.headers, 'referer') == 1) ++botScore
if (getObjectKeyIndex(request.headers, 'origin') == 2) ++botScore
console.log('Bot score = ' + botScore)
if (botScore > 4) {
console.log('Destroy Bot')
response.send('fail')
}
else {
response.send('Logged in ' + request.body.username)
}
})
function getObjectKeyIndex(obj, keyToFind) {
var i = 0, key;
for (key in obj) {
if (key == keyToFind) {
return i;
}
i++;
}
return null;
}
function dynamicCSS(){
var username, password
x = ''
if ((Math.random()*2) > 1)
x += '<style>.btnSubmit,.password,.username{position:absolute;left:10}.username{top:50px}.password{top:80px}.btnSubmit{top:110px}</style>'
else
x += '<style>.btnSubmit,.password,.username{position:absolute;left:10}.username{top:80px}.password{top:110px}.btnSubmit{top:140px}</style>'
x += '<form>'
x += '<h1>Please Login</h1>'
y = Math.floor((Math.random()*5)) + 2
for (var a=0; a<y; ++a){
username = randonString()
password = randonString()
x += '<input type="text" class="username" id="' + username + '" name="' + username + '" placeholder="Enter Username"></input>'
x += '<input type="password" class="password" id="' + password + '" name="' + password + '" placeholder="Enter Password"></input>'
x += '<button class="btnSubmit" onclick="submitForm(' + '\'' + username + '\'' + ',' + '\'' + password + '\'' + ')" type="button">Log in</button>'
}
for (var a=0; a<y; ++a){
username = randonString()
password = randonString()
x += '<input type="text" style="visibility:hidden;" class="username" id="' + username + '" name="' + username + '" placeholder="Enter Username"></input>'
x += '<input type="password" style="visibility:hidden;" class="password" id="' + password + '" name="' + password + '" placeholder="Enter Password"></input>'
x += '<button class="btnSubmit" style="visibility:hidden;" onclick="submitForm(' + '\'' + username + '\'' + ',' + '\'' + password + '\'' + ')" type="button">Log in</button>'
}
x += '</form>'
x += '<script src="https://code.jquery.com/jquery-3.1.0.min.js"></script>'
x += '<script src="login.js"></script>'
return x
}
function randonString(){
chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz'.split('')
chars.sort(function() {
return 0.5 - Math.random()
})
return chars.splice(0, 8).toString().replace(/,/g, '')
}
app.listen(app.get('port'), function() {
console.log("Node app is running at localhost:" + app.get('port'))
})
function submitForm(username, password) {
loginURL = 'http://54.197.212.141' + '/login'
user = $('#' + username).val()
pass = $('#' + password).val()
$.post( loginURL, {
username: 'user',
password: 'pass',
plugins: navigator.plugins.length
})
.done(function( result ) {
if (result == 'fail')
while(true) location.reload(true) // Crash the Bot
else {
alert(result)
}
})
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment