Shared Responsibility 3 - Identify and Destroy the Bots
var express = require('express') | |
var app = express() | |
var bodyParser = require('body-parser') | |
app.set('port', (process.env.PORT ||8080)); | |
app.use(express.static(__dirname + '/public')); | |
app.use(bodyParser.urlencoded({ extended: true })); | |
app.get('/', function(request, response) { | |
response.send(dynamicCSS()) | |
}) | |
app.post('/login', function(request, response) { | |
var botScore = 0 | |
if (request.body.plugins == 0) ++botScore // Empty plugins array | |
if (!request.body.username) ++botScore // Clicked on decoy inputs | |
if (!request.body.password) ++botScore | |
if (getObjectKeyIndex(request.headers, 'host') != 0) ++botScore // Bot type header info | |
if (getObjectKeyIndex(request.headers, 'accept') == 0) ++botScore | |
if (getObjectKeyIndex(request.headers, 'referer') == 1) ++botScore | |
if (getObjectKeyIndex(request.headers, 'origin') == 2) ++botScore | |
console.log('Bot score = ' + botScore) | |
if (botScore > 4) { | |
console.log('Destroy Bot') | |
response.send('fail') | |
} | |
else { | |
response.send('Logged in ' + request.body.username) | |
} | |
}) | |
function getObjectKeyIndex(obj, keyToFind) { | |
var i = 0, key; | |
for (key in obj) { | |
if (key == keyToFind) { | |
return i; | |
} | |
i++; | |
} | |
return null; | |
} | |
function dynamicCSS(){ | |
var username, password | |
x = '' | |
if ((Math.random()*2) > 1) | |
x += '<style>.btnSubmit,.password,.username{position:absolute;left:10}.username{top:50px}.password{top:80px}.btnSubmit{top:110px}</style>' | |
else | |
x += '<style>.btnSubmit,.password,.username{position:absolute;left:10}.username{top:80px}.password{top:110px}.btnSubmit{top:140px}</style>' | |
x += '<form>' | |
x += '<h1>Please Login</h1>' | |
y = Math.floor((Math.random()*5)) + 2 | |
for (var a=0; a<y; ++a){ | |
username = randonString() | |
password = randonString() | |
x += '<input type="text" class="username" id="' + username + '" name="' + username + '" placeholder="Enter Username"></input>' | |
x += '<input type="password" class="password" id="' + password + '" name="' + password + '" placeholder="Enter Password"></input>' | |
x += '<button class="btnSubmit" onclick="submitForm(' + '\'' + username + '\'' + ',' + '\'' + password + '\'' + ')" type="button">Log in</button>' | |
} | |
for (var a=0; a<y; ++a){ | |
username = randonString() | |
password = randonString() | |
x += '<input type="text" style="visibility:hidden;" class="username" id="' + username + '" name="' + username + '" placeholder="Enter Username"></input>' | |
x += '<input type="password" style="visibility:hidden;" class="password" id="' + password + '" name="' + password + '" placeholder="Enter Password"></input>' | |
x += '<button class="btnSubmit" style="visibility:hidden;" onclick="submitForm(' + '\'' + username + '\'' + ',' + '\'' + password + '\'' + ')" type="button">Log in</button>' | |
} | |
x += '</form>' | |
x += '<script src="https://code.jquery.com/jquery-3.1.0.min.js"></script>' | |
x += '<script src="login.js"></script>' | |
return x | |
} | |
function randonString(){ | |
chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz'.split('') | |
chars.sort(function() { | |
return 0.5 - Math.random() | |
}) | |
return chars.splice(0, 8).toString().replace(/,/g, '') | |
} | |
app.listen(app.get('port'), function() { | |
console.log("Node app is running at localhost:" + app.get('port')) | |
}) |
function submitForm(username, password) { | |
loginURL = 'http://54.197.212.141' + '/login' | |
user = $('#' + username).val() | |
pass = $('#' + password).val() | |
$.post( loginURL, { | |
username: 'user', | |
password: 'pass', | |
plugins: navigator.plugins.length | |
}) | |
.done(function( result ) { | |
if (result == 'fail') | |
while(true) location.reload(true) // Crash the Bot | |
else { | |
alert(result) | |
} | |
}) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment