Created
October 8, 2015 15:45
-
-
Save heiswayi/db178e027dd731e54860 to your computer and use it in GitHub Desktop.
HNSecurity Walkaway - PHP Proxy by Heiswayi Nrird
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
# HNSecurity Walkaway - PHP Proxy - Heiswayi Nrird | |
# CONFIG {{{ | |
# Default to simple mode when the page is loaded. [false] | |
define('DEFAULT_SIMPLE',false); | |
# Force the page to always be in simple mode (no advanced mode option). [false] | |
define('FORCE_SIMPLE',false); | |
# Width for the URL box when in simple mode (CSS "width" attribute). [300px] | |
define('SIMPLE_MODE_URLWIDTH','300px'); | |
# Default value for tunnel server. [] | |
define('DEFAULT_TUNNEL_PIP',''); | |
# Default value for tunnel port. [] | |
define('DEFAULT_TUNNEL_PPORT',''); | |
# Should the tunnel fields be displayed? "false" value here will force the defaults above [true] | |
define('FORCE_DEFAULT_TUNNEL',true); | |
# Default value for "Persistent URL" checkbox [true] | |
define('DEFAULT_URL_FORM',true); | |
# Default value for "Remove Cookies" checkbox [false] | |
define('DEFAULT_REMOVE_COOKIES',false); | |
# Default value for "Remove Referer Field" checkbox [false] | |
define('DEFAULT_REMOVE_REFERER',false); | |
# Default value for "Remove Scripts" checkbox [false] | |
define('DEFAULT_REMOVE_SCRIPTS',false); | |
# Default value for "Remove Objects" checkbox [false] | |
define('DEFAULT_REMOVE_OBJECTS',false); | |
# Default value for "Encrypt URLs" checkbox [false] | |
define('DEFAULT_ENCRYPT_URLS',false); | |
# Default value for "Encrypt Cookies" checkbox [false] | |
define('DEFAULT_ENCRYPT_COOKS',false); | |
/*/ Address Blocking Notes \*\ | |
Formats for address blocking are as follows: | |
1.2.3.4 - plain IP address | |
1.0.0.0/16 - subnet blocking | |
1.0/16 - subnet blocking | |
1/8 - subnet blocking | |
php.net - domain blocking | |
Default Value: '10/8','172/8','192.168/16','127/8','169.254/16' | |
\*\ End Address Blocking Notes /*/ | |
$blocked_addresses=array('10/8','172/8','192.168/16','127/8','169.254/16'); | |
# }}} | |
# ADVANCED CONFIG {{{ | |
# The following options alter the way documents are parsed on the page. ONLY EDIT THIS STUFF IF YOU REALLY KNOW WHAT YOU ARE DOING! | |
# 500 is the most reasonable number I could come up with as a maximum URL length limit | |
# I ran into a 1200+ character long URL once and it nearly melted the processor on my laptop trying to parse it | |
# Honestly, who needs this long of a URL anyway? | |
define('MAXIMUM_URL_LENGTH',500); | |
# Time limit in seconds for a single request and parse. [10] | |
define('TIME_LIMIT',10); | |
# Time limit in minutes for a DNS entry to be kept in the cache. [10] | |
define('DNS_CACHE_EXPIRE',10); | |
# Use gzip (if possible) to compress the connection between the proxy and the user (less bandwidth, more CPU) [false] | |
define('GZIP_PROXY_USER',false); | |
# Use gzip (if possible) to compress the connection between the proxy and the server (less bandwidth, more CPU) [false] | |
define('GZIP_PROXY_SERVER',false); | |
# Protocol that proxy is running on. Uncomment this line to define it manually. | |
# If you leave this line commented, the code detects if you are running on an | |
# HTTPS connection. If you are, then 'https' is used as the PROTO value, | |
# otherwise 'http' is used. If you need a different value here, then define it. | |
#define('PROTO','http'); | |
# }}} | |
// DON'T EDIT ANYTHING AFTER THIS POINT \\ | |
# | |
# (unless you absolutely know what you are doing...) | |
# | |
# COOKIE & SESSION SETUP {{{ | |
//$totstarttime=microtime(true); # BENCHMARK | |
//$blocked_addresses=array(); # DEBUG | |
# set error level to not display notices | |
error_reporting(E_ALL^E_NOTICE); | |
# set time limit to the defined time limit, if not in safe mode | |
if(!ini_get('safe_mode')) set_time_limit(TIME_LIMIT); | |
# use gzip compression if available | |
if(GZIP_PROXY_USER && extension_loaded('zlib') && !ini_get('zlib.output_compression')) ob_start('ob_gzhandler'); # use gzip encoding to compress all data, if possible | |
# reverse magic quotes if enabled | |
if(get_magic_quotes_gpc()){ | |
function stripslashes_recurse($var){ | |
if(is_array($var)) $var=array_map('stripslashes_recurse',$var); | |
else $var=stripslashes($var); | |
return $var; | |
} | |
$_GET=stripslashes_recurse($_GET); | |
$_POST=stripslashes_recurse($_POST); | |
$_COOKIE=stripslashes_recurse($_COOKIE); | |
} | |
# script environment constants | |
if(!defined('PROTO')) define('PROTO',($_SERVER['HTTPS']=='on'?'https':'http')); | |
define('VERSION','1.0'); | |
define('THIS_SCRIPT',PROTO."://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}"); | |
define('SIMPLE_MODE',DEFAULT_SIMPLE || FORCE_SIMPLE); | |
# Randomized cookie prefixes # | |
function gen_randstr($len){ | |
$chars=null; | |
for($i=0;$i<$len;$i++){ | |
$char=rand(0,25); | |
$char=chr($char+97); | |
$chars.=$char; | |
} | |
return $chars; | |
} | |
function dosetcookie($cookname,$cookval,$expire=null){ | |
$_COOKIE[$cookname]=$cookval; | |
if($expire===null) setcookie($cookname,$cookval); | |
else setcookie($cookname,$cookval,$expire); | |
} | |
define('FIRST_LOAD',empty($_COOKIE['PHPSESSID'])); | |
session_start(); | |
if(empty($_SESSION['sesspref'])){ | |
$sesspref=gen_randstr(30); | |
$_SESSION['sesspref']=$sesspref; | |
} | |
else $sesspref=$_SESSION['sesspref']; | |
if(empty($_COOKIE['user'])){ | |
$cookpref=gen_randstr(12); | |
dosetcookie('user',$cookpref); | |
} | |
else $cookpref=$_COOKIE['user']; | |
define('SESS_PREF',$sesspref); | |
define('COOK_PREF',$cookpref); | |
define('COOKIE_SEPARATOR','__'.COOK_PREF.'__'); | |
unset($sesspref,$cookpref); | |
if(FIRST_LOAD){ | |
if(DEFAULT_URL_FORM) dosetcookie(COOK_PREF.'_url_form',true); | |
if(DEFAULT_REMOVE_COOKIES) dosetcookie(COOK_PREF.'_remove_cookies',true); | |
if(DEFAULT_REMOVE_REFERER) dosetcookie(COOK_PREF.'_remove_referer',true); | |
if(DEFAULT_REMOVE_SCRIPTS) dosetcookie(COOK_PREF.'_remove_scripts',true); | |
if(DEFAULT_REMOVE_OBJECTS) dosetcookie(COOK_PREF.'_remove_objects',true); | |
if(DEFAULT_ENCRYPT_URLS) dosetcookie(COOK_PREF.'_encrypt_urls',true); | |
if(DEFAULT_ENCRYPT_COOKS) dosetcookie(COOK_PREF.'_encrypt_cooks',true); | |
} | |
# }}} | |
# ENVIRONMENT SETUP {{{ | |
global $postandget,$blocked_addresses,$dns_cache_array; | |
$postandget=array_merge($_GET,$_POST); | |
define('PAGETYPE_MINIREGEXP','(=[_\.\-]?\&=|=)?'); | |
define('PAGETYPE_REGEXP','/^'.PAGETYPE_MINIREGEXP.'(.*)$/'); | |
if(!empty($postandget[COOK_PREF])) $oenc_url=$postandget[COOK_PREF]; | |
else{ | |
$pagetype_str=preg_replace(PAGETYPE_REGEXP,'\1',$_SERVER['QUERY_STRING']); | |
define('QUERY_STRING',substr($_SERVER['QUERY_STRING'],strlen($pagetype_str),strlen($_SERVER['QUERY_STRING'])-strlen($pagetype_str))); | |
define('PAGETYPE_NULL',0); | |
define('PAGETYPE_FORCE_MAIN',1); | |
define('PAGETYPE_FRAME_TOP',2); | |
define('PAGETYPE_FRAMED_PAGE',3); | |
define('PAGETYPE_FRAMED_CHILD',4); # framing children for crimes isn't very nice, but the script does it anyway | |
switch($pagetype_str){ | |
case '=&=': define('PAGETYPE_ID',PAGETYPE_FRAME_TOP); break; | |
case '=_&=': define('PAGETYPE_ID',PAGETYPE_FRAMED_PAGE); break; | |
case '=-&=': define('PAGETYPE_ID',PAGETYPE_FORCE_MAIN); break; | |
case '=.&=': define('PAGETYPE_ID',PAGETYPE_FRAMED_CHILD); break; | |
# this is one more unencoded string for future features | |
# case '=*&=': define('PAGETYPE_ID',); break; | |
default: define('PAGETYPE_ID',PAGETYPE_NULL); break; | |
} | |
unset($pagetype_str); | |
define('NEW_PAGETYPE_FRAME_TOP',(PAGETYPE_ID===PAGETYPE_FRAMED_CHILD?PAGETYPE_FRAMED_CHILD:PAGETYPE_FRAME_TOP)); | |
define('NEW_PAGETYPE_FRAMED_PAGE',(PAGETYPE_ID===PAGETYPE_FRAMED_CHILD?PAGETYPE_FRAMED_CHILD:PAGETYPE_FRAMED_PAGE)); | |
$oenc_url=QUERY_STRING; | |
//define('OENC_URL',urldecode(preg_replace('/^([^&]*).*?$/i','\1',QUERY_STRING))); | |
} | |
if(strpos(substr($oenc_url,0,6),'%')!==false || strpos($oenc_url,'%')<strpos($oenc_url,'/') || strpos($oenc_url,'%')<strpos($oenc_url,':')) $oenc_url=urldecode($oenc_url); | |
define('OENC_URL',preg_replace('/^([^\?\&]+)\&/i','\1?',$oenc_url)); | |
unset($oenc_url); | |
define('ORIG_URL',proxdec(OENC_URL)); | |
global $curr_url; | |
$curr_url=ORIG_URL; | |
function gethardattr($attr){ | |
global $postandget; | |
return (empty($postandget[COOK_PREF.'_set_values'])?!empty($_COOKIE[COOK_PREF."_{$attr}"]):!empty($postandget[COOK_PREF."_{$attr}"])); | |
} | |
define('ENCRYPT_URLS',gethardattr('encrypt_urls')); | |
define('URL_FORM',gethardattr('url_form')); | |
define('PAGE_FRAMED',(PAGETYPE_ID===PAGETYPE_FRAMED_PAGE || PAGETYPE_ID===PAGETYPE_FRAMED_CHILD || QUERY_STRING=='js_regexps_framed' || QUERY_STRING=='js_funcs_framed')); | |
#define('URLVAR',(ENCRYPT_URLS?'e':null).'url'); | |
# }}} | |
# PHP DECODING FUNCTIONS {{{ | |
function my_base64_decode($string){ return base64_decode(str_replace(' ','+',urldecode($string))); } | |
function proxdec($url){ | |
if($url{0}!='~' && strtolower(substr($url,0,3))!='%7e') return $url; | |
#while(strpos($url,'%')!==false) $url=urldecode($url); | |
#$url=urldecode($url); | |
while($url{0}=='~' || strtolower(substr($url,0,3))=='%7e'){ | |
$url=substr($url,1); | |
$url=my_base64_decode($url); | |
$new_url=null; | |
for($i=0;$i<strlen($url);$i++){ | |
$char=ord($url{$i}); | |
$char-=ord(substr(SESS_PREF,$i%strlen(SESS_PREF),1)); | |
while($char<32) $char+=94; | |
$new_url.=chr($char); | |
} | |
$url=$new_url; | |
} | |
return urldecode($url); | |
} | |
# }}} | |
# JAVASCRIPT ENCODING FUNCTIONS {{{ | |
function js_proxenc(){ ?> | |
//<script> | |
<?php echo(COOK_PREF); ?>_pe={ | |
expon:function(a,b){ | |
var num; | |
if(b==0) return 1; | |
num=a; b--; | |
while(b>0){ num*=a; b--; } | |
return num; | |
}, | |
dectobin:function(){ | |
var dec=arguments[0],chars=arguments[1]||8,binrep=""; | |
for(j=chars-1;j>=0;j--){ | |
if(dec>=this.expon(2,j)){ | |
binrep+="1"; dec-=this.expon(2,j); | |
} | |
else binrep+="0"; | |
} | |
return binrep; | |
}, | |
bintodec:function(){ | |
var bin=arguments[0],chars=arguments[1]||8,dec=0; | |
for(var j=0;j<chars;j++) if(bin.substring(j,j+1)=="1") dec+=this.expon(2,chars-1-j); | |
return dec; | |
}, | |
b64e:function(string){ | |
var encstr="",binrep=""; | |
var charbin,charnum; | |
for(var i=0;i<string.length;i++){ | |
charnum=string.charCodeAt(i); | |
binrep+=this.dectobin(charnum); | |
} | |
while(binrep.length%6) binrep+="00"; | |
for(var i=1;i*6<=binrep.length;i++){ | |
charbin=binrep.substring((i-1)*6,i*6); | |
charnum=this.bintodec(charbin,6); | |
if(charnum<=25) charnum+=65; | |
else if(charnum<=51) charnum+=71; | |
else if(charnum<=61) charnum-=4; | |
else if(charnum==62) charnum=43; | |
else if(charnum==63) charnum=47; | |
encstr+=String.fromCharCode(charnum); | |
} | |
while(encstr.length%8) encstr+="="; | |
return encstr; | |
}, | |
proxenc:function(url){ | |
var new_url=""; | |
var charnum; | |
if(url.substring(0,1)=="~" || url.substring(0,3).toLowerCase()=="%7e") return url; | |
url=encodeURIComponent(url); | |
var sess_pref="<?php echo(SESS_PREF); ?>"; | |
for(i=0;i<url.length;i++){ | |
charnum=url.charCodeAt(i); | |
charnum+=sess_pref.charCodeAt(i%sess_pref.length); | |
while(charnum>126) charnum-=94; | |
new_url+=String.fromCharCode(charnum); | |
} | |
return "~"+encodeURIComponent(this.b64e(new_url)); | |
} | |
} | |
<? } | |
# }}} | |
# FIRST PAGE DISPLAYED WHEN ACCESSING PROXY {{{ | |
if(PAGETYPE_ID===PAGETYPE_FORCE_MAIN || (substr(QUERY_STRING,0,3)!='js_' && ORIG_URL==null)){ | |
$useragentinfo=null; | |
if(stristr($_SERVER['HTTP_USER_AGENT'],'windows')!==false || stristr($_SERVER['HTTP_USER_AGENT'],'win32')!==false) $useragentinfo.='Windows'; | |
elseif(stristr($_SERVER['HTTP_USER_AGENT'],'macintosh')!==false || stristr($_SERVER['HTTP_USER_AGENT'],'mac_powerpc')!==false) $useragentinfo.='Macintosh'; | |
elseif(stristr($_SERVER['HTTP_USER_AGENT'],'linux')!==false) $useragentinfo.='Linux'; | |
elseif(stristr($_SERVER['HTTP_USER_AGENT'],'bsd')!==false) $useragentinfo.='BSD'; | |
else $useragentinfo.='Unknown'; | |
$useragentinfo.=' / '; | |
if(stristr($_SERVER['HTTP_USER_AGENT'],'msie')!==false) $useragentinfo.='Internet Explorer'; | |
elseif(stristr($_SERVER['HTTP_USER_AGENT'],'firefox')!==false) $useragentinfo.='Firefox'; | |
elseif(stristr($_SERVER['HTTP_USER_AGENT'],'netscape')!==false) $useragentinfo.='Netscape'; | |
elseif(stristr($_SERVER['HTTP_USER_AGENT'],'opera')!==false) $useragentinfo.='Opera'; | |
elseif(stristr($_SERVER['HTTP_USER_AGENT'],'konqueror')!==false) $useragentinfo.='Konqueror'; | |
elseif(stristr($_SERVER['HTTP_USER_AGENT'],'seamonkey')!==false) $useragentinfo.='SeaMonkey'; | |
else $useragentinfo.='Unknown'; | |
$useragent_array=array( | |
array(null,"Actual ({$useragentinfo})"), | |
array('-1',' [ Don\'t Send ] '), | |
array('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061024 Firefox/2.0','Windows XP / Firefox 2.0'), | |
array('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)','Windows XP / Internet Explorer 7'), | |
array('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)','Windows XP / Internet Explorer 6'), | |
array('Opera/9.02 (Windows NT 5.1; U; en)','Windows XP / Opera 9.02'), | |
array('Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.8.1) Gecko/20061024 Firefox/2.0','Mac OS X / Firefox 2.0'), | |
array('Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24','Mac OS X / Safari 3.0'), | |
array('Opera/9.02 (Macintosh; PPC Mac OS X; U; en)','Mac OS X / Opera 9.02'), | |
array('Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20061024 Firefox/2.0','Linux / Firefox 2.0'), | |
array('Opera/9.02 (X11; Linux i686; U; en)','Linux / Opera 9.02'), | |
array('Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko)','Linux / Konqueror 3.5.5'), | |
array('Links (2.1pre19; Linux 2.6 i686; x)','Linux / Links (2.1pre19)'), | |
array('Lynx/2.8.5rel.1','Any / Lynx 2.8.5rel.1'), | |
array('Dillo/0.8.6','Any / Dillo 0.8.6'), | |
array('Wget/1.10.2','Any / Wget 1.10.2'), | |
array('1',' [ Custom ] <noscript><b>**</b></noscript>') | |
); | |
define('IPREGEXP','/^((?:[0-2]{0,2}[0-9]{1,2}\.){3}[0-2]{0,2}[0-9]{1,2})\:([0-9]{1,5})$/'); | |
?> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" | |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
<html> | |
<head> | |
<title>HNSecurity Walkaway</title> | |
<meta name="robots" content="index, nofollow" /> | |
<style> | |
body{font-family: bitstream vera sans, trebuchet ms} | |
input{border: 1px solid #000000} | |
select{border: 1px solid #000000} | |
a{color: #000000} | |
a:hover{text-decoration: none} | |
.advanced_stuff{display: <?php echo(SIMPLE_MODE?'none':'table-row'); ?>} | |
.simple_stuff{display: <?php echo(SIMPLE_MODE?'table-row':'none'); ?>} | |
.url{width: <?php echo(SIMPLE_MODE?SIMPLE_MODE_URLWIDTH:'99%'); ?>} | |
.signature{float: left} | |
<?php if(FORCE_SIMPLE){ ?> | |
.noscript_stuff{display: none} | |
.signature{text-align: center; float: none} | |
<?php } ?> | |
</style> | |
<?php if(!FORCE_SIMPLE){ ?><noscript><style> | |
.advanced_stuff{display: table-row} | |
.simple_stuff{display: none} | |
.noscript_stuff{display: none} | |
.noscripturl{width: 99%} | |
.url{display: none} | |
.signature{text-align: center; float: none} | |
</style></noscript><?php } ?> | |
<script language="javascript"> | |
<!-- | |
<?php js_proxenc(); ?> | |
function useragent_check(focus){ | |
if(document.getElementsByName('<?php echo(COOK_PREF); ?>_useragent')[0].value=='1'){ | |
document.getElementById('useragent_texttr').style.display=""; | |
if(focus) document.getElementById('<?php echo(COOK_PREF); ?>_useragenttext').focus(); | |
} | |
else document.getElementById('useragent_texttr').style.display='none'; | |
} | |
<?php if(!FORCE_SIMPLE){ ?> | |
advanced_mode=true; | |
function toggle_mode(){ | |
document.getElementById("mode_toggler").innerHTML=(advanced_mode?"Advanced Mode":"Simple Mode"); | |
var advanced_stuff=document.getElementsByTagName("tr"); | |
for(var i=1;i<=12;i++) advanced_stuff[i].style.display=(advanced_mode?"none":""); | |
document.getElementById("simple_submit").style.display=(advanced_mode?"inline":"none"); | |
document.getElementById("url").style.width=(advanced_mode?"<?php echo(SIMPLE_MODE_URLWIDTH); ?>":"99%"); | |
advanced_mode=!advanced_mode; | |
if(advanced_mode) useragent_check(false); | |
setTimeout("document.getElementById('url').focus();",100); | |
} | |
<?php } ?> | |
function submit_code(){ | |
document.forms[0].<?php echo(COOK_PREF); ?>.disabled=false; | |
if(document.forms[0].<?php echo(COOK_PREF); ?>_encrypt_urls.checked) | |
document.forms[0].<?php echo(COOK_PREF); ?>.value=<?php echo(COOK_PREF); ?>_pe.proxenc(document.getElementById('url').value); | |
else | |
document.forms[0].<?php echo(COOK_PREF); ?>.value=document.getElementById('url').value; | |
return true; | |
} | |
//--> | |
</script> | |
</head> | |
<body<?php echo(SIMPLE_MODE?' onload="toggle_mode();"':null); ?>> | |
<center> | |
<span style="font-size: 18pt; font-weight: bold; margin-bottom: 5px">HNSecurity Walkaway</span> | |
<form method="post" onsubmit="return submit_code();" style="margin: 0px; padding: 0px"> | |
<input type="hidden" name="<?php echo(COOK_PREF); ?>_set_values" value="1" /> | |
<input type="hidden" name="<?php echo(COOK_PREF); ?>" disabled="disabled" /> | |
<table> | |
<tr> | |
<td style="text-align: left">URL: </td> | |
<td> | |
<input type="text" class="url" id="url" value="<?php echo(ORIG_URL); ?>" /> | |
<noscript><input type="text" class="noscripturl" name="<?php echo(COOK_PREF); ?>" id="url" value="<?php echo(ORIG_URL); ?>" /></noscript> | |
<input type="submit" class="simple_stuff" id="simple_submit" value="Lets Walkaway!" style="background-color: #F0F0F0" /> | |
</td> | |
</tr> | |
<tr class="advanced_stuff"<?php if(FORCE_DEFAULT_TUNNEL){ ?> style="display: none"><?php } ?> | |
<td style="text-align: left">Tunnel Proxy:</td> | |
<td><table cellspacing="0" cellpadding="0"> | |
<tr> | |
<td style="width: 100%"><input type="text" name="<?php echo(COOK_PREF); ?>_pip" onkeyup="if(this.value.match(<?php echo(IPREGEXP); ?>)){ document.forms[0].<?php echo(COOK_PREF); ?>_pport.value=this.value.replace(<?php echo(IPREGEXP); ?>,'\$2'); this.value=this.value.replace(<?php echo(IPREGEXP); ?>,'\$1'); document.forms[0].<?php echo(COOK_PREF); ?>_pport.focus(); };" style="width: 100%; text-align: left" value="<?php echo(empty($_COOKIE[COOK_PREF.'_pip'])?DEFAULT_TUNNEL_PIP:$_COOKIE[COOK_PREF.'_pip']); ?>" /></td> | |
<td style="width: 5px"> </td> | |
<td style="width: 50px"><input type="text" name="<?php echo(COOK_PREF); ?>_pport" maxlength="5" size="5" style="width: 50px" value="<?php echo(empty($_COOKIE[COOK_PREF.'_pport'])?DEFAULT_TUNNEL_PPORT:$_COOKIE[COOK_PREF.'_pport']); ?>" /></td> | |
</tr> | |
</table></td> | |
</tr> | |
<tr class="advanced_stuff"> | |
<td style="text-align: left">User-Agent:</td> | |
<td><select name="<?php echo(COOK_PREF); ?>_useragent" style="width: 100%" onchange="useragent_check(true);"> | |
<?php foreach($useragent_array as $useragent){ ?> | |
<option value="<?php echo($useragent[0]); ?>"<?php if($_COOKIE[COOK_PREF.'_useragent']==$useragent[0]) echo ' selected="selected"'; ?>><?php echo($useragent[1]); ?></option> | |
<?php } ?> | |
</select></td> | |
</tr> | |
<tr class="advanced_stuff" id="useragent_texttr"<?php echo($_COOKIE[COOK_PREF.'_useragent']=='1'?null:' style="display: none"'); ?>> | |
<td> </td> | |
<td><input type="text" id="<?php echo(COOK_PREF); ?>_useragenttext" name="<?php echo(COOK_PREF); ?>_useragenttext" value="<?php echo($_COOKIE[COOK_PREF.'_useragenttext']); ?>" style="width: 99%" /></td> | |
</tr> | |
<tr class="advanced_stuff"><td> </td><td style="text-align: left"><input type="checkbox" name="<?php echo(COOK_PREF); ?>_url_form" style="border: 0px" <?php if(!empty($_COOKIE[COOK_PREF.'_url_form'])) echo 'checked="checked" '; ?>/> Persistent URL Form</td></tr> | |
<tr class="advanced_stuff"><td> </td><td style="text-align: left"><input type="checkbox" name="<?php echo(COOK_PREF); ?>_remove_cookies" style="border: 0px" <?php if(!empty($_COOKIE[COOK_PREF.'_remove_cookies'])) echo 'checked="checked" '; ?>/> Remove Cookies</td></tr> | |
<tr class="advanced_stuff"><td> </td><td style="text-align: left"><input type="checkbox" name="<?php echo(COOK_PREF); ?>_remove_referer" style="border: 0px" <?php if(!empty($_COOKIE[COOK_PREF.'_remove_referer'])) echo 'checked="checked" '; ?>/> Remove Referer Field</td></tr> | |
<tr class="advanced_stuff"><td> </td><td style="text-align: left"><input type="checkbox" name="<?php echo(COOK_PREF); ?>_remove_scripts" style="border: 0px" <?php if(!empty($_COOKIE[COOK_PREF.'_remove_scripts'])) echo 'checked="checked" '; ?>/> Remove Scripts (JS, VBS, etc)</td></tr> | |
<tr class="advanced_stuff"><td> </td><td style="text-align: left"><input type="checkbox" name="<?php echo(COOK_PREF); ?>_remove_objects" style="border: 0px" <?php if(!empty($_COOKIE[COOK_PREF.'_remove_objects'])) echo 'checked="checked" '; ?>/> Remove Objects (Flash, Java, etc)</td></tr> | |
<tr class="advanced_stuff"><td> </td><td style="text-align: left"><input type="checkbox" name="<?php echo(COOK_PREF); ?>_encrypt_urls" style="border: 0px" <?php if(!empty($_COOKIE[COOK_PREF.'_encrypt_urls'])) echo 'checked="checked" '; ?>/> Encrypt URLs<noscript><b>**</b></noscript></td></tr> | |
<tr class="advanced_stuff"><td> </td><td style="text-align: left"><input type="checkbox" name="<?php echo(COOK_PREF); ?>_encrypt_cooks" style="border: 0px" <?php if(!empty($_COOKIE[COOK_PREF.'_encrypt_cooks'])) echo 'checked="checked" '; ?>/> Encrypt Cookies<noscript><b>**</b></noscript></td></tr> | |
<tr class="advanced_stuff"><td colspan="2"><input type="submit" value="Lets Walkaway!" style="background-color: #F0F0F0" /></td></tr> | |
<tr><td style="font-size: 8pt" colspan="2"> | |
<div class="signature">HNSecurity Walkaway v<?php echo(VERSION); ?> <b>·</b> Heiswayi Nrird</div> | |
<div class="noscript_stuff" style="float: right"><a href="#" onclick="toggle_mode();" id="mode_toggler"><?php echo(SIMPLE_MODE?'Advanced':'Simple'); ?> Mode</a></div> | |
</td></tr> | |
</table> | |
<noscript> | |
<br /> | |
<b>**</b> Surrogafier has detected that your browser does not have Javascript enabled. <b>**</b> | |
<br /> | |
<b>**</b> Surrogafier requires Javascript in order to function to its full potential. <b>**</b> | |
</noscript> | |
</form> | |
</center> | |
</body> | |
</html> | |
<?php exit(); } | |
# }}} | |
# FRAMED PAGE WITH URL FORM {{{ | |
if(PAGETYPE_ID===PAGETYPE_FRAME_TOP && ORIG_URL!=null){ ?> | |
<html> | |
<head> | |
<title><?php echo(ORIG_URL); ?></title> | |
<style> | |
body{font-family: bitstream vera sans, trebuchet ms; margin: 0px; padding: 0px; font-size: 12px; overflow: hidden} | |
input{border: 1px solid #000000} | |
td{font-size: 12px} | |
a{text-decoration: none; color: #000000} | |
a:hover{text-decoration: underline} | |
</style> | |
<script> | |
<!-- | |
<?php echo(COOK_PREF); ?>=true; | |
<?php if(ENCRYPT_URLS) js_proxenc(); ?> | |
function submit_code(){ | |
<?php if(ENCRYPT_URLS){ ?> | |
document.forms[0].<?php echo(COOK_PREF); ?>.value=<?php echo(COOK_PREF); ?>_pe.proxenc(document.forms[0].<?php echo(COOK_PREF); ?>.value); | |
<?php } ?> | |
return true; | |
} | |
//--> | |
</script> | |
</head> | |
<body> | |
<form method="get" onsubmit="return submit_code();"> | |
<input type="hidden" name="" value="" /> | |
<table cellpadding="0" cellspacing="0" style="width: 100%; height: 100%; padding: 0px; margin: 0px"> | |
<tr><td><table cellpadding="0" cellspacing="0" style="width: 100%; padding: 3px"> | |
<tr> | |
</tr> | |
</table></td></tr> | |
<tr><td style="height: 100%; border-top: 1px solid #000000"> | |
<iframe name="<?php echo(COOK_PREF); ?>_top" src="<?php echo(THIS_SCRIPT.'?=_&='.OENC_URL); ?>" frameborder="0" style="border: 0px; width: 100%; height: 100%"></iframe> | |
</td></tr> | |
</table> | |
</form> | |
</body> | |
</html> | |
<?php exit(); } | |
# }}} | |
# PRE-JAVASCRIPT CONSTANTS & FUNCTIONS {{{ | |
# these constants and functions must be defined before JS is output, but would be more readably located later | |
#define('AURL_LOCK_REGEXP','(?:(?:javascript|mailto|about):|~|%7e)'); | |
define('FRAME_LOCK_REGEXP','/^(?:(?:javascript|mailto|about):|#)/i'); | |
define('AURL_LOCK_REGEXP','/^(?:(?:javascript|mailto|about):|#|'.str_replace(array('/','.'),array('\/','\.'),addslashes(THIS_SCRIPT)).')/i'); | |
define('URLREG','/^'. | |
'(?:([a-z]*)?(?:\:?\/\/))'. # proto | |
'(?:([^\@\/]*)\@)?'. # userpass | |
'([^\/:\?\#\&]*)'. # servername | |
'(?:\:([0-9]+))?'. # portval | |
'(\/[^\&\?\#]*?)?'. # path | |
'([^\/\?\#\&]*(?:\&[^\?\#]*)?)'. # file | |
'(?:\?([\s\S]*?))?'. # query | |
'(?:\#([\s\S]*))?'. # label | |
'$/ix'); | |
function escape_regexp($regexp,$dollar=false){ | |
$regexp=str_replace('\\','\\\\',str_replace('\'','\\\'',str_replace('"','\\"',str_replace(chr(10),'\n',str_replace(chr(13),'\r',str_replace(chr(9),'\t',$regexp)))))); | |
return ($dollar?preg_replace('/[\\\\]+(?=[0-9])/','\\\\$',$regexp):preg_replace('/[\\\\]+(?=[0-9])/','\\\\\\\\',$regexp)); #* | |
} | |
# }}} | |
# JAVASCRIPT FUNCS {{{ | |
if(QUERY_STRING=='js_funcs' || QUERY_STRING=='js_funcs_framed'){ ?>//<script> | |
// JAVASCRIPT FUNCS: DECODING {{{ | |
<?php js_proxenc(); ?> | |
<?php echo(COOK_PREF); ?>_pe.b64d=function(string){ | |
var binrep="",decstr=""; | |
var charnum,charbin; | |
string=string.replace(/[=]*$/,""); | |
for(var i=0;i<string.length;i++){ | |
charnum=string.charCodeAt(i); | |
if(charnum>=97) charnum-=71; | |
else if(charnum>=65) charnum-=65; | |
else if(charnum>=48) charnum+=4; | |
else if(charnum==43) charnum=62; | |
else if(charnum==47) charnum=63; | |
binrep+=this.dectobin(charnum,6); | |
} | |
for(var i=0;i+8<binrep.length;i+=8){ | |
charbin=binrep.substr(i,8); | |
decstr+=String.fromCharCode(this.bintodec(charbin)); | |
} | |
return decstr; | |
} | |
<?php echo(COOK_PREF); ?>_pe.proxdec=function(url){ | |
var new_url,charnum; | |
if(url.substr(0,1)!='~' && url.substr(0,3).toLowerCase()!='%7e') return url; | |
while(url.substr(0,1)=='~' || url.substr(0,3).toLowerCase()=='%7e'){ | |
url=url.substr(1,url.length-1); | |
url=this.b64d(url); | |
new_url=""; | |
for(i=0;i<url.length;i++){ | |
charnum=url.charCodeAt(i); | |
charnum-="<?php echo(SESS_PREF); ?>".charCodeAt(i%"<?php echo(SESS_PREF); ?>".length); | |
while(charnum<32) charnum+=94; | |
new_url+=String.fromCharCode(charnum); | |
} | |
url=new_url; | |
} | |
return decodeURIComponent(url); // urldecode() | |
} | |
// }}} | |
// JAVASCRIPT FUNCS: COOK_PREF OBJECT {{{ | |
<?php echo(COOK_PREF); ?>={ | |
URLREG:<?php echo(substr(URLREG,0,strlen(URLREG)-1)); ?>, | |
THIS_SCRIPT:"<?php echo(THIS_SCRIPT); ?>", | |
COOK_PREF:"<?php echo(COOK_PREF); ?>", | |
pe:<?php echo(COOK_PREF); ?>_pe, | |
gen_curr_urlobj:function(){ this.curr_urlobj=new this.aurl(this.CURR_URL); }, | |
getCookieArr:function(){ return document.cookie.split("; "); }, | |
aurl:function(url,topurl){ | |
this.URLREG=<?php echo(COOK_PREF); ?>.URLREG; | |
this.THIS_SCRIPT=<?php echo(COOK_PREF); ?>.THIS_SCRIPT; | |
this.ENCRYPT_URLS=<?php echo(COOK_PREF); ?>.ENCRYPT_URLS; | |
this.trim=function(str){ return str.replace(/^\s*([\s\S]*?)\s*$/,"$1"); } | |
this.get_fieldreq=function(fieldno,value){ | |
var fieldreqs=new Array(); | |
fieldreqs[2]="://"+(value!=""?value+"@":""); | |
fieldreqs[4]=(value!="" && parseInt(value)!=80?":"+parseInt(value):""); | |
fieldreqs[7]=(value!=""?"?"+value:""); | |
fieldreqs[8]=(value!=""?"#"+value:""); | |
if(fieldreqs[fieldno]!=undefined) return value; | |
// return (value!=""?null:value); | |
else return fieldreqs[fieldno]; | |
} | |
this.set_proto=function(proto){ | |
if(proto==undefined) proto="http"; | |
if(this.locked) return; | |
this.proto=proto; | |
} | |
this.get_proto=function(){ return this.proto; } | |
this.get_userpass=function(){ return this.userpass; } | |
this.set_userpass=function(userpass){ if(userpass==undefined) userpass=""; this.userpass=userpass; } | |
this.get_servername=function(){ return this.servername; } | |
this.set_servername=function(servername){ if(servername==undefined) servername=""; this.servername=servername; } | |
this.get_portval=function(){ return ((this.portval=="")?(this.get_proto()=="https"?"443":"80"):this.portval); } | |
this.set_portval=function(port){ if(port==undefined) port=""; this.portval=((parseInt(port)!=80)?port:"").toString(); } | |
this.get_path=function(){ // *** | |
if(this.path.indexOf("/../")!=-1) this.path=this.path.replace(/(?:\/[^\/]+){0,1}\/\.\.\//g,"/"); | |
if(this.path.indexOf("/./")!=-1) while((path=this.path.replace("/./","/")) && path!=this.path) this.path=path; | |
return this.path; | |
} | |
this.set_path=function(path){ if(path==undefined) path="/"; this.path=path; } | |
this.get_file=function(){ return this.file; } | |
this.set_file=function(file){ if(file==undefined) file=""; this.file=file; } | |
this.get_query=function(){ return this.query; } | |
this.set_query=function(query){ if(query==undefined) query=""; this.query=query; } | |
this.get_label=function(){ return this.label; } | |
this.set_label=function(label){ if(label==undefined) label=""; this.label=label; } | |
this.get_url=function(){ | |
if(this.locked) return this.url; | |
return this.get_proto()+"://"+ | |
(this.get_userpass()==""?"":this.get_userpass()+"@")+ | |
this.get_servername()+ | |
(parseInt(this.get_portval())==80?"":":"+parseInt(this.get_portval()))+ | |
this.get_path()+this.get_file()+ | |
(this.get_query()==""?"":"?"+this.get_query())+ | |
(this.get_label()==""?"":"#"+this.get_label()) | |
; | |
} | |
this.surrogafy=function(){ | |
var url=this.get_url(); | |
if(this.locked || this.get_proto()+this.get_fieldreq(2,this.get_userpass())+this.get_servername()+this.get_path()+this.get_file()==this.THIS_SCRIPT) return url; | |
var label=this.get_label(); | |
this.set_label(); | |
if(this.ENCRYPT_URLS && !this.locked) url=<?php echo(COOK_PREF); ?>.pe.proxenc(url); | |
//url=this.THIS_SCRIPT+"?="+(!this.ENCRYPT_URLS?escape(url):url); // urlencode()d | |
url=this.THIS_SCRIPT+"?="+url; // urlencode()d | |
this.set_label(label); | |
return url; | |
} | |
if(url.length><?php echo(MAXIMUM_URL_LENGTH)?>){ | |
//alert(this.url); // DEBUG | |
//alert(this.url.length); // DEBUG | |
this.url=""; | |
} | |
else{ | |
//this.url=preg_replace("/&#([0-9]+);/e","chr(\\1)" // parse like PHP does for &#num; HTML entities? // TODO? | |
this.url=this.trim(url.replace("&","&").replace("\r","").replace("\n","")); | |
} | |
this.topurl=topurl; | |
this.locked=url.match(<?php echo(AURL_LOCK_REGEXP); ?>); //* | |
if(!this.locked){ | |
var urlwasvalid=true; | |
if(!this.url.match(this.URLREG)){ | |
urlwasvalid=false; | |
if(this.topurl==undefined) this.url="http://"+((this.url.charAt(0)==":" || this.url.charAt(0)=="/")?this.url.substring(1):this.url)+(this.url.indexOf("/")!=-1?"":"/"); | |
else{ | |
var newurl=this.topurl.get_proto()+"://"+this.get_fieldreq(2,this.topurl.get_userpass())+this.topurl.get_servername()+((this.topurl.get_portval()!=80 && (this.topurl.get_proto()=="https"?this.topurl.get_portval()!=443:true))?":"+this.topurl.get_portval():""); | |
if(this.url.substring(0,1)!="/") newurl+=this.topurl.get_path(); | |
this.url=newurl+this.url; | |
} | |
} | |
this.set_proto((urlwasvalid || this.topurl==undefined?this.url.replace(/^([^:]+).*$/,"\$1"):this.topurl.get_proto())); | |
this.set_userpass(this.url.replace(this.URLREG,"\$2")); | |
this.set_servername(this.url.replace(this.URLREG,"\$3")); | |
this.set_portval(this.url.replace(this.URLREG,"\$4")); | |
this.set_path(this.url.replace(this.URLREG,"\$5")); | |
this.set_file(this.url.replace(this.URLREG,"\$6")); | |
this.set_query(this.url.replace(this.URLREG,"\$7")); | |
this.set_label(this.url.replace(this.URLREG,"\$8")); | |
} | |
//if(!this.locked && !this.url.match(this.URLREG)) havok(7,this.url); //* | |
}, | |
surrogafy_url:function(url,topurl,addproxy){ | |
url=url.toString(); | |
if(!url.substring) return; | |
if(addproxy==undefined) addproxy=true; | |
var urlquote=""; | |
if((url.substring(0,1)=="\"" || url.substring(0,1)=="'") && url.substring(0,1)==url.substring(url.length-1,url.length)){ | |
urlquote=url.substring(0,1); | |
url=url.substring(1,url.length-1); | |
} | |
if(topurl==undefined) topurl=this.curr_urlobj; | |
var urlobj=new this.aurl(url,topurl); | |
var new_url=(addproxy?urlobj.surrogafy():urlobj.get_url()); | |
if(urlquote!="") new_url=urlquote+new_url+urlquote; | |
return new_url; | |
}, | |
surrogafy_url_toobj:function(url,topurl,addproxy){ | |
url=url.toString(); | |
if(!url.substring) return; | |
if(addproxy==undefined) addproxy=true; | |
if((url.substring(0,1)=="\"" || url.substring(0,1)=="'") && url.substring(0,1)==url.substring(url.length-1,url.length)) url=url.substring(1,url.length-1); | |
if(topurl==undefined) topurl=this.curr_urlobj; | |
return new this.aurl(url,topurl); | |
}, | |
de_surrogafy_url:function(url){ | |
if(url==undefined) return ""; | |
url=url.toString(); | |
if(url.match(<?php echo(FRAME_LOCK_REGEXP); ?>) || !url.match(<?php echo(AURL_LOCK_REGEXP); ?>)) return url; | |
return this.pe.proxdec(decodeURIComponent(url.substring(url.indexOf('?')+1).replace(<?php echo(PAGETYPE_REGEXP); ?>,"\$2"))); // urldecode() | |
}, | |
add_querystuff:function(url,querystuff){ | |
var pos=url.indexOf('?'); | |
return url.substr(0,pos+1)+querystuff+url.substr(pos+1,url.length-pos); | |
}, | |
preg_match_all:function(regexpstr,string){ | |
var matcharr=new Array(); | |
var regexp=new RegExp(regexpstr); | |
var result; | |
while(true){ | |
result=regexp.exec(string); | |
if(result!=null) matcharr.push(result); | |
else break; | |
} | |
return matcharr; | |
}, | |
framify_url:function(url,frame_type){ | |
if((frame_type!==<?php echo(PAGETYPE_FRAME_TOP); ?> || !this.URL_FORM) && (frame_type!==<?php echo(PAGETYPE_FRAMED_PAGE); ?> && !this.PAGE_FRAMED)) return url; | |
var urlquote=""; | |
if((url.substring(0,1)=="\"" || url.substring(0,1)=="'") && url.substring(0,1)==url.substring(url.length-1,url.length)){ | |
urlquote=url.substring(0,1); | |
url=url.substring(1,url.length-1); | |
} | |
if(!url.match(<?php echo(FRAME_LOCK_REGEXP); ?>)){ | |
var query; | |
if(frame_type===<?php echo(PAGETYPE_FRAME_TOP); ?> && this.URL_FORM) query='&='; | |
else if(frame_type===<?php echo(PAGETYPE_FRAMED_CHILD); ?>) query='.&='; | |
else if(frame_type===<?php echo(PAGETYPE_FRAMED_PAGE); ?> || this.PAGE_FRAMED) query='_&='; | |
else query=''; | |
url=url.replace(/^([^\?]*)[\?]?<?php echo(PAGETYPE_MINIREGEXP); ?>([^#]*?[#]?.*?)$/,'\$1?='+query+'\$3'); | |
} | |
if(urlquote!="") url=urlquote+url+urlquote; | |
return url; | |
}, | |
parse_html:function(regexp,partoparse,html,addproxy,framify){ | |
var match,begin,end,nurl; | |
if(html.match(regexp)){ | |
var matcharr=this.preg_match_all(regexp,html); | |
var newhtml=""; | |
for(var key in matcharr){ | |
/*match=matcharr[i]; | |
nurl=this.surrogafy_url(match[partoparse],undefined,addproxy); | |
nhtml=match[0].replace(match[partoparse],nurl); | |
html=html.replace(match[0],nhtml);*/ | |
match=matcharr[key]; | |
if(match[partoparse]!=undefined){ | |
begin=html.indexOf(match[partoparse]); | |
end=begin+match[partoparse].length; | |
nurl=this.surrogafy_url(match[partoparse],undefined,addproxy); | |
if(framify) nurl=this.framify_url(nurl,framify); | |
newhtml+=html.substring(0,begin)+nurl; | |
html=html.substring(end); | |
} | |
} | |
html=newhtml+html; | |
} | |
return html; | |
}, | |
parse_all_html:function(){ | |
if(arguments[0]==null) return; | |
var html=arguments[0].toString(); | |
var key; | |
for(var key in regexp_arrays){ | |
if((arguments.length>1 && key!=arguments[1]) || key=='text/javascript') continue; | |
arr=regexp_arrays[key]; | |
for(var regexp_arraykey in arr){ | |
regexp_array=arr[regexp_arraykey]; | |
if(regexp_array[0]==undefined) continue; | |
if(regexp_array[0]==1) html=html.replace(regexp_array[1],regexp_array[2]); | |
else if(regexp_array[0]==2){ | |
addproxy=(regexp_array.length>3?regexp_array[3]:true); | |
framify=(regexp_array.length>4?regexp_array[4]:false); | |
html=this.parse_html(regexp_array[1],regexp_array[2],html,addproxy,framify); | |
} | |
} | |
} | |
return html; | |
}, | |
form_button:null, | |
form_encrypt:function(form){ | |
if(form.method=='post') return true; | |
//action=form.<php echo(COOK_PREF); ?>.value; | |
var action=form.getElementsByName(this.COOK_PREF)[0].value; | |
for(var i=1;i<form.elements.length;i++){ | |
if(form.elements[i].disabled || form.elements[i].name=='' || form.elements[i].value=='' || form.elements[i].type=='reset') continue; | |
if(form.elements[i].type=='submit'){ | |
if(form.elements[i].name!=this.form_button) continue; | |
this.form_button=null; | |
} | |
var pref; | |
if(!action.match(/\?/)) pref="?"; | |
else pref="&"; | |
action+=pref+form.elements[i].name+"="+form.elements[i].value; | |
} | |
location.href=this.surrogafy_url(action); | |
return false; | |
}, | |
setAttr:function(obj,attr,val){ | |
if(typeof(attr)!=typeof("")){ | |
attr=attr.toString(); | |
attr=attr.substr(1,attr.length-2); | |
} | |
if(attr=="innerHTML"){ | |
obj[attr]=this.parse_all_html(val); | |
return obj[attr]; | |
} | |
if(obj==location && attr=="hostname") return this.LOCATION_HOSTNAME; | |
if(obj==document && attr=="cookie"){ | |
const COOK_REG=/^([^=]*)=([^;]*)(?:;[\s\S]*?)?$/i; | |
var realhost=this.LOCATION_HOSTNAME.replace("/^www/i","").replace(".","_"); | |
var cookkey=val.replace(COOK_REG,"\$1"); | |
var cookval=val.replace(COOK_REG,"\$2"); | |
if(this.ENCRYPT_COOKS){ | |
cookkey=proxenc(cookkey); | |
cookval=proxenc(cookval); | |
} | |
var newcookie=realhost+"<?php echo(COOKIE_SEPARATOR); ?>"+cookkey+"="+cookval+"; "; | |
document.cookie=newcookie; | |
return newcookie; | |
} | |
if(obj==location && attr=="search"){ | |
if(val.substr(0,1)=="?") val=val.substr(1); | |
this.curr_urlobj.set_query(val); | |
val=this.curr_urlobj.get_url(); | |
attr="href"; | |
} | |
var proxurl=val; | |
if(attr!="cookie" && attr!="search" && attr!="hostname"){ | |
proxurl=this.surrogafy_url(val); | |
// tags framified must match REGEXPS with regexp_array[5] | |
if(obj.tagName=="A" || obj.tagName=="AREA") | |
proxurl=this.framify_url(proxurl,<?php echo(NEW_PAGETYPE_FRAME_TOP); ?>); | |
else if(obj.tagName=="FRAME" || obj.tagName=="IFRAME") | |
proxurl=this.framify_url(proxurl,<?php echo(PAGETYPE_FRAMED_CHILD); ?>); | |
} | |
if(this.URL_FORM){ | |
if((obj==location && attr=="href") || attr=="location"){ | |
urlobj=this.surrogafy_url_toobj(val); | |
if(!urlobj.locked) proxurl=this.add_querystuff(proxurl,"=&"); | |
this.thetop.location.href=proxurl; | |
} | |
else obj[attr]=proxurl; | |
} | |
else obj[attr]=proxurl; | |
}, | |
getAttr:function(obj,attr){ | |
if(typeof(attr)!=typeof("")){ | |
attr=attr.toString(); | |
attr=attr.substr(1,attr.length-2); | |
} | |
if(obj==document && attr=="cookie"){ | |
var ocookies=this.getCookieArr(); | |
var cookies="",ocook; | |
const COOK_REG=/^([\s\S]*)<?php echo(COOKIE_SEPARATOR); ?>([^=]*)=([\s\S]*)(?:; )?$/i; | |
for(var key in ocookies){ | |
ocook=ocookies[key]; | |
if(typeof(ocook)!=typeof("")) continue; | |
if(ocook.match(COOK_REG)==null) continue; | |
var realhost=this.LOCATION_HOSTNAME.replace("/^www/i","").replace(".","_"); | |
var cookhost=ocook.replace(COOK_REG,"\$1"); | |
if(cookhost==realhost){ | |
if(this.ENCRYPT_COOKS){ | |
var cookkey=this.pe.proxdec(ocook.replace(COOK_REG,"\$2")); | |
var cookval=this.pe.proxdec(ocook.replace(COOK_REG,"\$3")); | |
cookies+=cookkey+"="+cookval+"; "; | |
} | |
else cookies+=ocook.replace(COOK_REG,"\$2=\$3; "); | |
} | |
} | |
return cookies; | |
} | |
if(obj==navigator){ | |
if(this.USERAGENT=="-1" && (attr!="plugins" && attr!="mimeType")) return undefined; | |
if(this.USERAGENT=="") return obj[attr]; | |
var msie=this.USERAGENT.match(/msie/i); | |
const UA_REG=/^([^\/\(]*)\/?([^ \(]*)[ ]*(\(?([^;\)]*);?([^;\)]*);?([^;\)]*);?([^;\)]*);?([^;\)]*);?[^\)]*\)?)[ ]*([^ \/]*)\/?([^ \/]*).*$/i; | |
switch(attr){ | |
case "userAgent": return this.USERAGENT; | |
case "appCodeName": return this.USERAGENT.replace(UA_REG,"\$1"); | |
case "appVersion": return (msie?this.USERAGENT.replace(UA_REG,"\$2 \$3"):this.USERAGENT.replace(UA_REG,"\$2 (\$4; \$7)")); | |
case "platform": | |
var tempplatform=this.USERAGENT.replace(UA_REG,"\$4"); | |
return (tempplatform=="compatible" || tempplatform=="Windows"?"Win32":this.USERAGENT.replace(UA_REG,"\$6")); | |
case "oscpu": return (msie?undefined:this.USERAGENT.replace(UA_REG,"\$6")); | |
case "language": return (msie?undefined:this.USERAGENT.replace(UA_REG,"\$7")); | |
case "appName": | |
var tempappname=(msie?"Microsoft Internet Explorer":this.USERAGENT.replace(UA_REG,"\$1")); | |
if(tempappname=="Opera" || tempappname=="Mozilla") tempappname="Netscape"; | |
return tempappname; | |
case "product": return (msie?undefined:this.USERAGENT.replace(UA_REG,"\$9")); | |
case "productSub": return (msie?undefined:this.USERAGENT.replace(UA_REG,"\$10")); | |
case "plugins": return (<?php echo((empty($_COOKIE[COOK_PREF.'_remove_objects'])?'1':'0')); ?>==1?navigator.plugins:undefined); | |
case "mimeType": return navigator.mimeType; | |
default: return undefined; | |
} | |
} | |
if(obj==location && attr=="search") url=location.href; | |
else url=obj[attr]; | |
url=this.de_surrogafy_url(url); | |
if(obj==location && attr=="search") url=url.replace(/^[^?]*/,""); | |
return url; | |
}, | |
eventify:function(a1,a2){ | |
document.getElementsByTagName("head")[0].addEventListener("load",function(){<?php echo(COOK_PREF); ?>.setParentStuff(a1,a2);},false); | |
window.addEventListener("load",function(){<?php echo(COOK_PREF); ?>.setParentStuff(a1,a2);},false); | |
this.setParentURL(this.CURR_URL); | |
}, | |
setParentURL:function(url){ | |
if(this.thetop!=null && this.thetop!=window){ | |
this.thetop.document.getElementById('url').value=url; | |
this.thetop.document.getElementById('proxy_link').href=this.add_querystuff(this.surrogafy_url(url),"=-&"); | |
} | |
}, | |
setParentStuff:function(proto,server){ // amazing creativity with the name on my part | |
var topdoc=this.thetop.document; | |
topdoc.title=document.title; | |
// find and set shortcut icon | |
var tophead=topdoc.getElementsByTagName("head")[0]; | |
var links=tophead.getElementsByTagName("link"); | |
var link=null; | |
for(var i=0; i<links.length; i++){ if(links[i].type=="image/x-icon" && links[i].rel=="shortcut icon") link=links[i]; } | |
if(tophead.getElementsByTagName("link").length>0) tophead.removeChild(topdoc.getElementsByTagName("link")[0]); | |
var favicon=topdoc.createElement("link"); | |
favicon.type="image/x-icon"; | |
favicon.rel="shortcut icon"; | |
favicon.href=(link==null?this.surrogafy_url(proto+"://"+server+"/favicon.ico"):link.href); | |
tophead.appendChild(favicon); | |
}, | |
XMLHttpRequest_wrap:function(xmlhttpobj){ | |
xmlhttpobj.<?php echo(COOK_PREF); ?>_open=xmlhttpobj.open; | |
xmlhttpobj.open=<?php echo(COOK_PREF); ?>.XMLHttpRequest_open; | |
return xmlhttpobj; | |
}, | |
XMLHttpRequest_open:function(){ | |
if(arguments.length<2) return; | |
arguments[1]=<?php echo(COOK_PREF); ?>.surrogafy_url(arguments[1]); | |
return this.<?php echo(COOK_PREF); ?>_open.apply(this,arguments); | |
}, | |
// WRAPPED FUNCTIONS AND OBJECTS | |
thetop:top, | |
theparent:parent, | |
setTimeout:window.setTimeout, | |
setInterval:window.setInterval, | |
document_write_queue:"", | |
purge:function(){ | |
thehtml=this.document_write_queue; | |
if(thehtml=="") return; | |
thehtml=this.parse_all_html(thehtml); | |
this.document_write_queue=""; | |
//alert(thehtml); // DEBUG | |
document.write_<?php echo(COOK_PREF); ?>(thehtml); | |
}, | |
purge_noparse:function(){ | |
thehtml=this.document_write_queue; | |
if(thehtml=="") return; | |
this.document_write_queue=""; | |
document.write_<?php echo(COOK_PREF); ?>(thehtml); | |
} | |
} | |
// }}} | |
// JAVASCRIPT FUNCS: WRAPPING {{{ | |
document.write_<?php echo(COOK_PREF); ?>=document.write; | |
document.writeln_<?php echo(COOK_PREF); ?>=document.writeln; | |
document.write=function(html){ <?php echo(COOK_PREF); ?>.document_write_queue+=html; } | |
document.writeln=function(html){ <?php echo(COOK_PREF); ?>.document_write_queue+=html+"\n"; } | |
window.open_<?php echo(COOK_PREF); ?>=window.open; | |
window.open=document.open=function(){ | |
if(arguments.length<1) return; | |
var url=<?php echo(COOK_PREF); ?>.surrogafy_url(arguments[0]); | |
if((url.substring(0,1)=="\"" || url.substring(0,1)=="'") && url.substring(0,1)==url.substring(url.length-1,url.length)) url=url.substring(1,url.length-1); | |
arguments[0]=url; | |
return window.open_<?php echo(COOK_PREF); ?>.apply(this.caller,arguments); | |
} | |
setTimeout=function(){ | |
if(arguments.length<2) return; | |
arguments[0]=<?php echo(COOK_PREF); ?>.parse_all_html(arguments[0],"application/x-javascript"); | |
return <?php echo(COOK_PREF); ?>.setTimeout.apply(this,arguments); | |
} | |
setInterval=function(){ | |
if(arguments.length<2) return; | |
arguments[0]=<?php echo(COOK_PREF); ?>.parse_all_html(arguments[0],"application/x-javascript"); | |
return <?php echo(COOK_PREF); ?>.setInterval.apply(this,arguments); | |
} | |
/* hooking for eval(), not necessary anymore, but worked relatively well in the past | |
/*eval_<?php echo(COOK_PREF); ?>=eval; | |
eval=function(){ | |
if(arguments.length<1) return; | |
arguments[0]=<?php echo(COOK_PREF); ?>.parse_all_html(arguments[0],"application/x-javascript"); | |
return eval_<?php echo(COOK_PREF); ?>.apply(this.caller,arguments); | |
}*/ | |
// wrap top and parent objects for anti-frame breaking | |
if(<?php echo(COOK_PREF); ?>.PAGE_FRAMED){ | |
if(parent==top) parent=self; | |
if(top!=self) top=<?php echo(COOK_PREF); ?>.thetop.frames[0]; | |
} | |
// }}} | |
//</script><?php exit(); } | |
# }}} | |
# REGEXPS {{{ | |
# This is where all the parsing is defined. If a site isn't being | |
# parsed properly, the problem is more than likely in this section. | |
# The rest of the code is just there to set up this wonderful bunch | |
# of incomprehensible regular expressions. | |
# REGEXPS: CONVERSION TO JAVASCRIPT {{{ | |
function bool_to_js($bool){ return ($bool?'true':'false'); } | |
function convertarray_to_javascript(){ | |
global $regexp_arrays; | |
$js='regexp_arrays=new Array('.count($regexp_arrays).");\n"; | |
reset($regexp_arrays); | |
while(list($key,$arr)=each($regexp_arrays)){ | |
$js.="regexp_arrays[\"$key\"]=new Array(".count($arr).");\n"; | |
for($i=0;$i<count($arr);$i++){ | |
$js.="regexp_arrays[\"$key\"][$i]=new Array("; | |
if($arr[$i][0]==1) $js.='1,'.escape_regexp($arr[$i][2]).'g,"'.escape_regexp($arr[$i][3],true).'"'; | |
elseif($arr[$i][0]==2) $js.='2,'.escape_regexp($arr[$i][2])."g,{$arr[$i][3]}".(count($arr[$i])<5?null:','.bool_to_js($arr[$i][4])).(count($arr[$i])<6?null:",{$arr[$i][5]}"); | |
$js.=");\n"; | |
} | |
} | |
return stripslashes($js); | |
} | |
# }}} | |
# REGEXPS: VARIABLES {{{ | |
global $regexp_arrays; | |
# 'img' was in $jsattrs... what's that for? | |
$jsattrs='(?:href|src|location|action|backgroundImage|pluginspage|codebase|location\.href|innerHTML)'; | |
$jshookattrs="(?:{$jsattrs}|cookie|search|hostname)"; | |
$jshookgetattrs="(?:{$jshookattrs}|userAgent|platform|appCodeName|appName|appVersion|language|oscpu|product|productSub|plugins)"; | |
//$jshtmlattrs='(innerHTML)'; | |
$jsmethods='(location\.(?:replace|assign))'; | |
$jslochost='(location\.host(?:name){0,1})'; | |
//$jslocsearch='(location\.search)'; | |
//$jsrealpage='((?:(?:document|window)\.){0,1}location(?:(?=[^\.])|\.href)|document\.documentURI|[a-z]+\.referrer)'; | |
$htmlattrs='(data|href|src|background|pluginspage|codebase|action)'; | |
$justspace="[\t ]*"; | |
$plusjustspace="[\t ]+"; | |
$anyspace="[\t\r\n ]*"; | |
$plusspace="[\t\r\n ]+"; | |
$operands='[\+\-\/\*]'; | |
$notoperands='[^\+\-\/\*]'; | |
$quoteseg='(?:"(?:[^"]|[\\\\]")*?"|\'(?:[^\']|[\\\\]\')*?\''; | |
$regseg='\/(?:[^\/]|[\\\\]\/)*?\/'; | |
//$jsobjsect="{$jsvarsect}(?:\((?:{$quoteseg}|{$jsvarsect}|))\))?"; | |
//$jsobjsect="{$jsvarsect}(?:\({$anyspace}(?:{$quoteseg}|{$jsvarsect}|))(?:{$anyspace},{$anyspace}{$quoteseg}|{$jsvarsect}|))*{$anyspace}\))?(?:\[(?:{$quoteseg}|{$jsvarsect}|))\])?"; | |
//$jsobjsect="{$jsvarsect}(?:\((?:[^\(\)\"']*(?:{$quoteseg}|(?R))))\))?(?:\[(?:[^\[\]\"']*(?:{$quoteseg}|(?R))))\])?"; | |
//$jsvarobj='(?:[a-zA-Z0-9\._\(\)\[\]\+\-]+)'; | |
$jsvarsect='[a-zA-Z0-9_\$](?:[a-zA-Z0-9\$\._\/\[\]\+-]*[a-zA-Z0-9_\/\]])?'; | |
$jsobjsect="{$jsvarsect}(?:\((?:{$quoteseg}|{$jsvarsect}|))\))?(?:\[(?:{$quoteseg}|{$jsvarsect}|))\])?"; | |
$jsvarobj="{$jsobjsect}(?:\.{$jsobjsect})*"; | |
//$jsquotereg="((?:(?:{$anyspace}{$quoteseg}|{$jsvarobj}){$anyspace}\+)*){$anyspace}{$quoteseg}|{$jsvarobj}){$justspace}(?=[;\}\n\r]))"; # HUH? | |
$jsquotesect="(?:{$anyspace}{$quoteseg}|{$jsvarobj}))"; | |
$jsquotereg="{$jsquotesect}(?:\+{$jsquotesect})*"; | |
//$notjsvarsect='[^a-zA-Z0-9\._\[\]\+-]'; | |
//$notjsvarsect='[^a-zA-Z0-9\._\[\]\/]'; | |
$notjsvarsect='[^a-zA-Z0-9\._\[\]]'; | |
//$jsend="(?={$anyspace}[;\}\n\r\'\"])"; | |
//$jsend="(?={$anyspace}(?:[;\}]|{$notoperands}[\n\r]))"; | |
$jsend="(?={$justspace}(?:[;\}\n\r]|{$notoperands}[\n\r]))"; | |
$notjsend="(?!{$justspace}(?:[;\}\n\r]|{$notoperands}[\n\r]))"; | |
$jsbegin="((?:[;\{\}\n\r\(\)]|[\!=]=){$anyspace})"; | |
//$jsbeginright="((?:[;\{\}\n\r\(\)=\+\-\/\*]){$anyspace})"; | |
$jsbeginright="((?:[;\{\}\(\)=\+\-\/\*]){$justspace})"; | |
$htmlnoquot='(?:[^"\'\\\\][^> ]*)'; | |
$htmlnoquotnoqm='(?:[^\?"\'\\\\][^\?> ]*)'; | |
$htmlreg="({$quoteseg}|{$htmlnoquot}))"; | |
$xmlhttpreq="(?:XMLHttpRequest{$anyspace}(?:\({$anyspace}\)|)|ActiveXObject{$anyspace}\({$anyspace}[^\)]+\.XMLHTTP['\"]{$anyspace}\))(?=;)"; | |
$jsnewobj="(?:{$anyspace}new{$plusspace}|{$anyspace})"; | |
$formnotpost="(?:(?!method{$anyspace}={$anyspace}(?:'|\")?post)[^>])"; | |
$frametargets='_(?:top|parent|self)'; | |
$js_string_methods='(?:anchor|big|blink|bold|charAt|charCodeAt|concat|fixed|fontcolor|fontsize|fromCharCode|indexOf|italics|lastIndexOf|link|match|replace|search|slice|small|split|strike|sub|substr|substring|sup|toLowerCase|toUpperCase|toSource|valueOf)'; | |
$js_string_attrs='(?:constructor|length|prototype)'; | |
# }}} | |
# REGEXPS: JAVASCRIPT PARSING {{{ | |
$js_regexp_arrays=array( | |
array(1,2,"/{$jsbegin}({$jsvarobj})\.({$jshookgetattrs}){$anyspace}\+=/i",'\1\2.\3='.COOK_PREF.'.getAttr(\2,/\3/)+'), | |
array(1,2,"/{$jsbegin}({$jsvarobj})\.(({$jshookattrs}){$anyspace}=(?:{$anyspace}{$jsvarobj}{$anyspace}=)*{$anyspace})((?!\=)({$notjsend}.)*){$jsend}/i",'\1'.COOK_PREF.'.setAttr(\2,/\4/,\5)'), | |
array(1,2,"/{$jsbeginright}({$jsvarobj})\.({$jshookgetattrs})([^\.=a-z0-9_\[\]\t\r\n]|\.{$js_string_methods}\(|\.{$js_string_attrs}{$notjsvarsect})/i",'\1'.COOK_PREF.'.getAttr(\2,/\3/)\4'), | |
array(1,2,"/([^a-z0-9]{$jsmethods}{$anyspace}\()([^)]*)\)/i",'\1'.COOK_PREF.'.surrogafy_url(\3))'), | |
array(1,2,"/([^a-z0-9])eval{$anyspace}\(({$anyspace}{$jsvarobj})\)/i",'\1eval('.COOK_PREF.'.parse_all_html(\2,"application/x-javascript"))'), | |
array(1,2,"/{$jsbegin}\.action{$anyspace}=/i",'\1.'.COOK_PREF.'.value='), | |
//array(1,2,"/{$jsbegin}(\.setAttribute{$anyspace}\({$anyspace}(\"|')({$jsattrs})(\\2){$anyspace},{$anyspace})(.*?){$jsend}/i",'\1\2'.COOK_PREF.'.surrogafy_url(\6)'), | |
//array(1,2,"/{$jsbegin}(\.setAttribute{$anyspace}\({$anyspace}(\"|')({$jsattrs})(\\2){$anyspace},{$anyspace})(.*?){$jsend}/i",'\1\2'.COOK_PREF.'.surrogafy_url(\6)'), | |
array(1,2,"/{$jsbegin}({$jsvarobj})\.setAttribute{$anyspace}\({$anyspace}({$jsquotereg}){$anyspace},{$anyspace}({$jsquotereg}){$anyspace}\)/i",'\1'.COOK_PREF.'.setAttr(\2,\3,\4)'), | |
array(1,2,"/{$jsbegin}([^\ {>\t\r\n=;]+{$anyspace}=)({$jsnewobj}{$xmlhttpreq})/i",'\1\2'.COOK_PREF.'.XMLHttpRequest_wrap(\3)'), | |
array(1,2,"/{$jsbegin}(return{$plusspace})({$jsnewobj}{$xmlhttpreq})/i",'\1\2'.COOK_PREF.'.XMLHttpRequest_wrap(\3)'), | |
(ENCRYPT_URLS?array(1,2,"/{$jsbegin}((?:[^\) \{\}]*(?:\)\.{0,1}))+)(\.submit{$anyspace}\(\)){$jsend}/i",'\1void((\2.method=="post"?null:\2\3));'):null), | |
); | |
# }}} | |
# REGEXPS: HTML/CSS PARSING {{{ | |
$regexp_arrays=array( | |
'text/html' => array( | |
## do HTML based javascript stuff # OLDWAY | |
#array(1,1,"/( on[a-z]{3,20}{$anyspace}={$anyspace})(?:(\")([^\"]+)(\")|(')([^']+)('))/i",'\1\2\5;\3\6;\4\7'), # OLDWAY | |
#array(1,2,"/(<script(?:(?:(?! src{$anyspace}=)[^>])*)>)([\s\S]*?)(?:{$anyspace}(?:\/\/)?{$anyspace}-->{$anyspace})?<\/script>/i",'\1\2;'.COOK_PREF.'.purge();//--></script>'), # OLDWAY | |
# target attr | |
(PAGETYPE_ID===PAGETYPE_FRAMED_PAGE?array(1,1,"/(<[a-z][^>]*{$anyspace}) target{$anyspace}={$anyspace}(?:{$frametargets}|('){$frametargets}'|(\"){$frametargets}\")/i",'\1'):null), | |
(PAGETYPE_ID===PAGETYPE_FRAMED_CHILD?array(1,1,"/(<[a-z][^>]*{$anyspace} target{$anyspace}={$anyspace})(?:_top|(')_top'|(\")_top\")/i",'\1\2\3'.COOK_PREF.'_top\2\3'):null), | |
# deal with <form>s | |
array(1,1,"/(<form{$formnotpost}*?)(?:{$plusspace}action{$anyspace}={$anyspace}{$htmlreg})({$formnotpost}*)>/i",'\1\3><input type="hidden" name="" class="'.COOK_PREF.'" value=\2 />'), | |
array(2,1,"/<input type=\"hidden\" name=\"\" class=\"".COOK_PREF."\" value{$anyspace}={$anyspace}{$htmlreg} \/>/i",1,false), | |
array(1,1,'/(<form[^>]*?)>/i','\1 target="_self"'.(ENCRYPT_URLS?' onsubmit="return '.COOK_PREF.'.form_encrypt(this);">':'>')), | |
array(1,1,"/(<form{$formnotpost}+)>(?!<!--".COOK_PREF.'-->)/i','\1 target="_parent"><!--'.COOK_PREF.'--><input type="hidden" name="" value="_">'), | |
# deal with the form button for encrypted URLs | |
(ENCRYPT_URLS?array(1,1,"/(<input[^>]*? type{$anyspace}={$anyspace}(?:\"submit\"|'submit'|submit)[^>]*?[^\/])((?:[ ]?[\/])?>)/i",'\1 onclick="'.COOK_PREF.'_form_button=this.name;"\2'):null), | |
# parse all the other tags | |
array(2,1,"/<[a-z][^>]*{$plusspace}{$htmlattrs}{$anyspace}={$anyspace}{$htmlreg}/i",2), | |
array(2,1,"/<param[^>]*{$plusspace}name{$anyspace}={$anyspace}[\"']?movie[^>]*{$plusspace}value{$anyspace}={$anyspace}{$htmlreg}/i",1), | |
array(2,2,"/<script[^>]*?{$plusspace}src{$anyspace}={$anyspace}([\"']){$anyspace}(.*?[^\\\\])\\1[^>]*>{$anyspace}<\/script>/i",2), | |
(URL_FORM && PAGE_FRAMED?array(2,1,"/<a(?:rea)?{$plusspace}[^>]*href{$anyspace}={$anyspace}{$htmlreg}/i",1,false,NEW_PAGETYPE_FRAME_TOP):null), | |
(URL_FORM && PAGE_FRAMED?array(2,1,"/<[i]?frame{$plusspace}[^>]*src{$anyspace}={$anyspace}{$htmlreg}/i",1,false,PAGETYPE_FRAMED_CHILD):null) | |
), | |
'text/css' => array( | |
array(2,1,"/[^a-z]url\({$anyspace}(&(?:quot|#(?:3[49]));|\"|')(.*?[^\\\\])(\\1){$anyspace}\)/i",2), | |
array(2,1,"/[^a-z]url\({$anyspace}((?!&(?:quot|#(?:3[49]));)[^\"'\\\\].*?[^\\\\]){$anyspace}\)/i",1), | |
array(2,1,"/@import{$plusspace}(&(?:quot|#(?:3[49]));|\"|')(.*?[^\\\\])(\\1);/i",2) | |
), | |
'application/x-javascript' => $js_regexp_arrays, | |
'text/javascript' => $js_regexp_arrays | |
); | |
# }}} | |
# REGEXPS: INSERT JAVASCRIPT REGEXPS {{{ | |
if(QUERY_STRING=='js_regexps' || QUERY_STRING=='js_regexps_framed'){ ?>//<script> | |
<?php echo(convertarray_to_javascript().((!empty($_COOKIE[COOK_PREF.'_remove_objects']))?'regexp_arrays["text/html"].push(Array(1,/<[\\\\/]?(embed|param|object)[^>]*>/ig,""));':null)); ?> | |
//</script><?php exit(); } | |
# }}} | |
# REGEXPS: SERVER-SIDE ONLY PARSING {{{ | |
array_push($regexp_arrays['text/html'], | |
array(2,1,"/<meta[^>]*{$plusspace}http-equiv{$anyspace}={$anyspace}([\"']|)refresh\\1[^>]* content{$anyspace}={$anyspace}([\"']|)[ 0-9\.;\t\\r\n]*url=(.*?)\\2[^>]*>/i",3,true,NEW_PAGETYPE_FRAMED_PAGE), | |
array(1,1,"/(<meta[^>]*{$plusspace}http-equiv{$anyspace}={$anyspace}([\"']|)set-cookie\\2[^>]* content{$anyspace}={$anyspace})([\"'])(.*?[^\\\\]){$anyspace}\\3/i",'\1\3'.PAGECOOK_PREFIX.'\4\3') | |
); | |
# }}} | |
# REGEXPS: CLEANUP {{{ | |
# needed later, but $anyspace and $htmlreg are unset below | |
define('BASE_REGEXP',"<base[^>]* href{$anyspace}={$anyspace}{$htmlreg}[^>]*>"); | |
define('END_OF_SCRIPT_TAG',"(?:{$anyspace}(?:\/\/)?{$anyspace}-->{$anyspace})?<\/script>"); | |
define('REGEXP_SCRIPT_ONEVENT',"( on[a-z]{3,20}=(?:\"[^\"]+\"|'[^']+'|[^\"' >][^ >]+[^\"' >])| href=(?:\"{$anyspace}javascript:[^\"]+\"|'{$anyspace}javascript:[^']+'|{$anyspace}javascript:[^\"' >][^ >]+[^\"' >]))"); | |
unset($jsattrs,$jshookattrs,$jsmethods,$jslochost,$htmlattrs, | |
$anyspace,$plusspace,$operands,$notoperands, | |
$quoteseg,$regseg, | |
$jsvarsect,$jsobjsect,$jsvarobj,$jsquotesect,$jsquotereg, | |
$notjsvarsect, | |
$jsend,$notjsend,$jsbegin,$jsbeginright, | |
$htmlnoquot,$htmlnoquotnoqm,$htmlreg,$xmlhttpreq,$jsnewobj,$formnotpost,$frametargets, | |
$js_string_methods,$js_string_attrs, | |
$js_regexp_arrays | |
); | |
# }}} | |
# }}} | |
# PROXY FUNCTIONS {{{ | |
# PROXY FUNCTIONS: AURL CLASS {{{ | |
# class for URL | |
class aurl{ | |
var $url,$topurl,$locked; | |
var $proto,$userpass,$servername,$portval,$path,$file,$query,$label; | |
function aurl($url,$topurl=null){ | |
if(strlen($url)>MAXIMUM_URL_LENGTH) $this->url=null; | |
else $this->url=preg_replace('/&#([0-9]+);/e','chr(\1)',trim(str_replace('&','&',str_replace(chr(13),null,str_replace(chr(10),null,$url))))); | |
$this->topurl=$topurl; | |
$this->determine_locked(); | |
if($this->locked) return; | |
$urlwasvalid=true; | |
if(!preg_match(URLREG,$this->url)){ | |
$urlwasvalid=false; | |
if($this->topurl==null) $this->url='http://'.(($this->url{0}==':' || $this->url{0}=='/')?substr($this->url,1):$this->url).(strpos($this->url,'/')!==false?null:'/'); | |
#if($this->topurl==null) $this->url='http://'.preg_replace("/^:?\/{0,2}/","",$this->url).(strpos($this->url,'/')!==false?null:'/'); | |
else{ | |
$newurl=$this->topurl->get_proto().$this->get_fieldreq(2,$this->topurl->get_userpass()).$this->topurl->get_servername().(($this->topurl->get_portval()!=80 && ($this->topurl->get_proto()=='https'?$this->topurl->get_portval()!=443:true))?':'.$this->topurl->get_portval():null); | |
if($this->url{0}!='/') $newurl.=$this->topurl->get_path(); | |
$this->url=$newurl.$this->url; | |
} | |
} | |
$this->set_proto(($urlwasvalid || $this->topurl==null?preg_replace('/^([^:\/]*).*$/','\1',$this->url):$this->topurl->get_proto())); | |
$this->set_userpass(preg_replace(URLREG,'\2',$this->url)); | |
$this->set_servername(preg_replace(URLREG,'\3',$this->url)); | |
$this->set_portval(preg_replace(URLREG,'\4',$this->url)); | |
$this->set_path(preg_replace(URLREG,'\5',$this->url)); | |
$this->set_file(preg_replace(URLREG,'\6',$this->url)); | |
$this->set_query(preg_replace(URLREG,'\7',$this->url)); | |
$this->set_label(preg_replace(URLREG,'\8',$this->url)); | |
if(!$this->locked && !preg_match(URLREG,$this->url)) havok(7,$this->url); #* | |
} | |
function determine_locked(){ $this->locked=preg_match(AURL_LOCK_REGEXP,$this->url)>0; } #* | |
function get_fieldreq($fieldno,$value){ | |
$fieldreqs=array(2 => '://'.($value!=null?"$value@":null), 4 => ($value!=null && intval($value)!=80?':'.intval($value):null), 7 => ($value!=null?"?$value":null), 8 => ($value!=null?"#$value":null)); | |
if(!array_key_exists($fieldno,$fieldreqs)) return (empty($value)?null:$value); | |
else return $fieldreqs[$fieldno]; | |
} | |
function set_proto($proto=''){ if($this->locked) return; $this->proto=(!empty($proto)?$proto:'http'); } | |
function get_proto(){ return $this->proto; } | |
function get_userpass(){ return $this->userpass; } | |
function set_userpass($userpass=null){ $this->userpass=$userpass; } | |
function get_servername(){ return $this->servername; } | |
function set_servername($servername=null){ $this->servername=$servername; } | |
function get_portval(){ return (empty($this->portval)?($this->get_proto()=='https'?'443':'80'):$this->portval); } | |
function set_portval($port=null){ $this->portval=strval((intval($port)!=80)?$port:null); } | |
function get_path(){ | |
if(strpos($this->path,'/../')!==false) $this->path=preg_replace('/(?:\/[^\/]+){0,1}\/\.\.\//','/',$this->path); | |
if(strpos($this->path,'/./')!==false) while(($path=str_replace('/./','/',$this->path)) && $path!=$this->path) $this->path=$path; | |
return $this->path; | |
} | |
function set_path($path=null){ $this->path=(empty($path)?'/':$path); } | |
function get_file(){ return $this->file; } | |
function set_file($file=null){ $this->file=$file; } | |
function get_query(){ return $this->query; } | |
function set_query($query=null){ $this->query=$query; } | |
function get_label(){ return $this->label; } | |
function set_label($label=null){ $this->label=$label; } | |
function get_url($withlabel=true){ | |
if($this->locked) return $this->url; | |
return $this->get_proto().'://'. | |
($this->get_userpass()==null?null:$this->get_userpass().'@'). | |
$this->get_servername(). | |
(($this->get_proto()=='https' && intval($this->get_portval())==443) || intval($this->get_portval())==80?null:':'.intval($this->get_portval())). | |
$this->get_path().$this->get_file(). | |
($this->get_query()==null?null:'?'.$this->get_query()). | |
($withlabel && $this->get_label()==null?null:'#'.$this->get_label()) | |
; | |
} | |
function surrogafy(){ | |
$label=$this->get_label(); | |
$this->set_label(); | |
$url=$this->get_url(); | |
$this->set_label($label); | |
#$this->determine_locked(); | |
if($this->locked) return $url; | |
# || $this->get_proto().$this->get_fieldreq(2,$this->get_userpass()).$this->get_servername().$this->get_path().$this->get_file()==THIS_SCRIPT) return $url; | |
if(ENCRYPT_URLS && !$this->locked) $url=proxenc($url); | |
#$url=THIS_SCRIPT.'?='.(!ENCRYPT_URLS?urlencode($url):$url).(!empty($label)?"#$label":null); # urlencoded | |
$url=THIS_SCRIPT."?={$url}".(!empty($label)?"#$label":null); | |
return $url; | |
} | |
} | |
# }}} | |
# PROXY FUNCTIONS: URL PARSING {{{ | |
function surrogafy_url($url,$topurl=false,$addproxy=true){ | |
global $curr_urlobj; | |
//if(preg_match('/^(["\']).*\1$/is',$url)>0){ | |
if(($url{0}=='"' && substr($url,-1)=='"') || ($url{0}=='\'' && substr($url,-1)=='\'')){ | |
$urlquote=$url{0}; | |
$url=substr($url,1,strlen($url)-2); | |
} | |
if($topurl===false) $topurl=$curr_urlobj; | |
$urlobj=new aurl($url,$topurl); | |
$new_url=($addproxy?$urlobj->surrogafy():$urlobj->get_url()); | |
if(!empty($urlquote)) $new_url="{$urlquote}{$new_url}{$urlquote}"; | |
return $new_url; | |
} | |
function framify_url($url,$frame_type=false){ | |
if(($frame_type!==PAGETYPE_FRAME_TOP || !URL_FORM) && ($frame_type!==PAGETYPE_FRAMED_PAGE && !PAGE_FRAMED)) return $url; | |
//if(preg_match('/^(["\']).*\1$/is',$url)>0){ | |
if(($url{0}=='"' && substr($url,-1)=='"') || ($url{0}=='\'' && substr($url,-1)=='\'')){ | |
$urlquote=$url{0}; | |
$url=substr($url,1,strlen($url)-2); | |
} | |
if(preg_match(FRAME_LOCK_REGEXP,$url)<=0){ | |
if($frame_type===PAGETYPE_FRAME_TOP && URL_FORM) $query='&='; | |
elseif($frame_type===PAGETYPE_FRAMED_CHILD) $query='.&='; | |
elseif($frame_type===PAGETYPE_FRAMED_PAGE || PAGE_FRAMED) $query='_&='; | |
else $query=null; | |
$url=preg_replace('/^([^\?]*)[\?]?'.PAGETYPE_MINIREGEXP.'([^#]*?[#]?.*?)$/',"\\1?={$query}\\3",$url,1); | |
} | |
if(!empty($urlquote)) $url="{$urlquote}{$url}{$urlquote}"; | |
return $url; | |
} | |
function proxenc($url){ | |
if($url{0}=='~' || strtolower(substr($url,0,3))=='%7e') return $url; | |
$url=urlencode($url); | |
$new_url=null; | |
for($i=0;$i<strlen($url);$i++){ | |
$char=ord($url{$i}); | |
$char+=ord(substr(SESS_PREF,$i%strlen(SESS_PREF),1)); | |
while($char>126) $char-=94; | |
$new_url.=chr($char); | |
} | |
#return '~'.base64_encode($new_url); | |
return '~'.urlencode(base64_encode($new_url)); | |
} | |
# }}} | |
# PROXY FUNCTIONS: ERRORS & EXITING {{{ | |
function finish_noexit(){ | |
global $dns_cache_array; | |
# save DNS Cache before exiting | |
$_SESSION['DNS_CACHE_ARRAY']=$dns_cache_array; | |
} | |
function finish(){ | |
finish_noexit(); | |
exit(); | |
} | |
function havok($errorno,$arg1=null,$arg2=null,$arg3=null){ | |
global $curr_url; | |
$url=$curr_url; | |
switch($errorno){ | |
case 1: | |
$et='Bad IP Address'; | |
$ed="The IP address given ({$arg2}) is an impossible IP address, or the domain given ({$arg1}) was resolved to an impossible IP address."; | |
break; | |
case 2: | |
$et='Address is Blocked'; | |
$ed="The administrator of this proxy service has decided to block this address, domain, or subnet.\n<br /><br />\nDomain: {$arg1}\n<br />\nAddress: {$arg2}"; | |
break; | |
case 3: | |
$et='Could Not Resolve Domain'; | |
$ed="The domain of the URL given ({$arg1}) could not be resolved due to DNS issues or an errorneous domain name."; | |
break; | |
case 4: | |
$et='Bad Filters'; | |
$ed='The administrator of this proxy has incorrectly configured his domain filters, or a domain given could not be resolved.'; | |
break; | |
case 5: | |
$et='Domain is Blocked'; | |
$ed='The administrator of this proxy has decided to block this domain.'; | |
break; | |
case 6: | |
$et='Could Not Connect to Server'; | |
$ed="An error has occurred while attempting to connect to \"{$arg1}\" on port \"{$arg2}\"."; | |
break; | |
case 7: | |
$et='Invalid URL'; | |
$ed='The URL below was detected to be an invalid URL.'; | |
$url=$arg1; | |
break; | |
} | |
$ed.="\n<br /><br />\nURL: {$url}"; | |
?> | |
<div style="font-family: bitstream vera sans, trebuchet ms"><div style="border: 3px solid #FFFFFF; padding: 2px"> | |
<div style="float: left; border: 1px solid #602020; padding: 1px; background-color: #FFFFFF"> | |
<div style="float: left; background-color: #801010; color: #FFFFFF; font-weight: bold; font-size: 54px; padding: 2px; padding-left: 12px; padding-right: 12px">!</div> | |
</div> | |
<div style="float: left; width: 500px; padding-left: 20px"> | |
<div style="border-bottom: 1px solid #000000; font-size: 12pt; text-align: center; font-weight: bold; padding: 2px">Error: <?php echo($et); ?></div> | |
<div style="padding: 6px"><?php echo($ed); ?></div> | |
</div> | |
</div></div> | |
<?php finish(); } | |
# }}} | |
# PROXY FUNCTIONS: TCP/IP {{{ | |
function ipbitter($ipaddr){ | |
$ipsplit=explode('.',$ipaddr); | |
for($i=0;$i<4;$i++){ | |
$ipsplit[$i]=decbin($ipsplit[$i]); | |
$ipsplit[$i]=str_repeat('0',8-strlen($ipsplit[$i])).$ipsplit[$i]; | |
} | |
return implode(null,$ipsplit); | |
} | |
function ipcompare($iprange,$ip){ | |
$iprarr=split('/',$iprange); | |
$ipaddr=$iprarr[0]; | |
$mask=$iprarr[1]; | |
$maskbits=str_repeat('1',$mask).str_repeat('0',$mask); | |
$ipbits=ipbitter($ipaddr); | |
$ipbits2=ipbitter($ip); | |
return (($ipbits & $maskbits)==($ipbits2 & $maskbits)); | |
} | |
function ip_check($ip,$mask=false){ | |
$ipseg='(?:[01]?[0-9]{1,2}|2(?:5[0-5]|[0-4][0-9]))'; | |
return preg_match("/^(?:$ipseg\.){0,3}$ipseg".($mask?'\/[0-9]{1,2}':null).'$/i',$ip); #* | |
} | |
function gethostbyname_cacheit($address){ | |
global $dns_cache_array; | |
$ipaddr=gethostbyname($address); | |
$dns_cache_array[$address]=array('time'=>time(), 'ipaddr'=>$ipaddr); | |
return $ipaddr; | |
} | |
function gethostbyname_cached($address){ | |
global $dns_cache_array; | |
if(isset($dns_cache_array[$address])) return $dns_cache_array[$address]['ipaddr']; | |
return gethostbyname_cacheit($address); | |
} | |
function get_check($address){ | |
global $blocked_addresses; | |
if(strrchr($address,'/')) $address=substr(strrchr($address,'/'),1); | |
$ipc=ip_check($address); | |
$addressip=(ip_check($address)?$address:gethostbyname_cached($address)); | |
if(!ip_check($addressip)) havok(1,$address,$addressip); | |
foreach($blocked_addresses as $badd){ | |
if(!$ipc) if(strlen($badd)<=strlen($address) && substr($address,strlen($address)-strlen($badd),strlen($badd))==$badd) havok(5); | |
if($badd==$addressip) havok(2,$address,$addressip); | |
elseif(ip_check($badd,true)){ if(ipcompare($badd,$addressip)) havok(2,$address,$addressip); } | |
else{ | |
$baddip=gethostbyname_cached($badd); | |
if(empty($baddip)) havok(4); | |
if($baddip==$addressip) havok(2,$address,$addressip); | |
} | |
} | |
return $addressip; | |
} | |
# }}} | |
# PROXY FUNCTIONS: HTTP {{{ | |
function httpclean($str){ return str_replace(' ','+',preg_replace('/([^":\-_\.0-9a-z ])/ie','\'%\'.(strlen(dechex(ord(\'\1\')))==1?\'0\':null).strtoupper(dechex(ord(\'\1\')))',$str)); } | |
function getpage($url){ | |
global $headers,$out,$post_vars,$proxy_variables,$referer; | |
$urlobj=new aurl($url); | |
$query=$urlobj->get_query(); | |
$requrl=$urlobj->get_path().$urlobj->get_file().(!empty($query)?"?{$query}":null); | |
$http_auth=null; | |
if(extension_loaded('apache')){ | |
$fail=false; | |
$cheaders=getallheaders(); | |
$http_auth=$reqarray['Authorization']; | |
} | |
else $fail=true; | |
$authorization=($fail?$_SERVER['HTTP_AUTHORIZATION']:$cheaders['Authorization']); | |
$cache_control=($fail?$_SERVER['HTTP_CACHE_CONTROL']:$cheaders['Cache-Control']); | |
$if_modified=($fail?$_SERVER['HTTP_IF_MODIFIED_SINCE']:$cheaders['If-Modified-Since']); | |
$if_none_match=($fail?$_SERVER['HTTP_IF_NONE_MATCH']:$cheaders['If-None-Match']); | |
if($fail){ | |
if(!empty($authorization)) $http_auth=$authorization; | |
elseif(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) | |
$http_auth='Basic '.base64_encode("{$_SERVER['PHP_AUTH_USER']}:{$_SERVER['PHP_AUTH_PW']}"); | |
elseif(!empty($_SERVER['PHP_AUTH_DIGEST'])) $http_auth="Digest {$_SERVER['PHP_AUTH_DIGEST']}"; | |
} | |
if(PIP!=null && PPORT!=null){ | |
$servername=PIP; | |
$ipaddress=get_check(PIP); | |
$portval=PPORT; | |
$requrl=$urlobj->get_url(false); | |
} | |
else{ | |
$servername=$urlobj->get_servername(); | |
$ipaddress=($urlobj->get_proto()=='ssl' || $urlobj->get_proto()=='https'?'ssl://':null).get_check($servername); | |
$portval=$urlobj->get_portval(); | |
} | |
$out="{$_SERVER['REQUEST_METHOD']} ".str_replace(' ','%20',$requrl)." HTTP/1.1\r\nHost: ".$urlobj->get_servername().(($portval!=80 && ($urlobj->get_proto()=='https'?$portval!=443:true))?":$portval":null)."\r\n"; | |
global $useragent; | |
$useragent=null; | |
if($_COOKIE[COOK_PREF.'_useragent']!='-1'){ | |
$useragent=$_COOKIE[COOK_PREF.'_useragent']; | |
if(empty($useragent)) $useragent=$_SERVER['HTTP_USER_AGENT']; | |
$useragent_cook=($useragent==1?$_COOKIE[COOK_PREF.'_useragenttext']:$useragent); | |
if(!empty($useragent_cook)) $out.="User-Agent: $useragent_cook\r\n"; | |
} | |
if(!empty($http_auth)) $out.="Authorization: $http_auth\r\n"; | |
if(empty($_COOKIE[COOK_PREF.'_remove_referer']) && !empty($referer)) $out.='Referer: '.str_replace(' ','+',$referer)."\r\n"; | |
if($_SERVER['REQUEST_METHOD']=='POST') $out.='Content-Length: '.strlen($post_vars)."\r\nContent-Type: application/x-www-form-urlencoded\r\n"; | |
$cook_prefdomain=preg_replace('/^www\./i',null,$urlobj->get_servername()); #* | |
$cook_prefix=str_replace('.','_',$cook_prefdomain).COOKIE_SEPARATOR; | |
if(count($_COOKIE)>0 && empty($_COOKIE[COOK_PREF.'_remove_cookies'])){ | |
$addtoout=null; | |
reset($_COOKIE); | |
while(list($key,$val)=each($_COOKIE)){ | |
if(ENCRYPT_COOKS){ | |
$key=proxdec($key); | |
$val=proxdec($val); #urldecode($val)); | |
} | |
if(str_replace(COOKIE_SEPARATOR,null,$key)==$key) continue; | |
#$cook_domain=preg_replace('/^(.*'.COOKIE_SEPARATOR.').*$/','\1',$key); #** | |
$cook_domain=substr($key,0,strpos($key,COOKIE_SEPARATOR)).COOKIE_SEPARATOR; | |
if(substr($cook_prefix,strlen($cook_prefix)-strlen($cook_domain),strlen($cook_domain))!=$cook_domain) continue; | |
$key=substr($key,strlen($cook_domain),strlen($key)-strlen($cook_domain)); | |
if(!in_array($key,$proxy_variables)) $addtoout.=" $key=$val;"; | |
} | |
if(!empty($addtoout)){ | |
$addtoout.="\r\n"; | |
$out.="Cookie:{$addtoout}"; | |
} | |
} | |
$out.="Accept: */*;q=0.1\r\n". | |
(GZIP_PROXY_SERVER?"Accept-Encoding: gzip\r\n":null). | |
//"Accept-Charset: ISO-8859-1,utf-8;q=0.1,*;q=0.1\r\n". | |
/*/ | |
"Keep-Alive: 300\r\n". | |
"Connection: keep-alive\r\n". /*/ | |
"Connection: close\r\n". //*/ | |
($cache_control!=null?"Cache-Control: $cache_control\r\n":null). | |
($if_modified!=null?"If-Modified-Since: $if_modified\r\n":null). | |
($if_none_match!=null?"If-None-Match: $if_none_match\r\n":null). | |
"\r\n{$post_vars}" | |
; | |
// This part ignores any "SSL: fatal protocol error" errors, and makes sure other errors are still triggered correctly | |
function errorHandle($errno,$errmsg){ | |
if($errno<=E_PARSE && ($errno!=E_WARNING || substr($errmsg,-25)!='SSL: fatal protocol error')){ | |
restore_error_handler(); | |
trigger_error($errmsg,$errno<<8); | |
set_error_handler('errorHandle'); | |
} | |
} | |
set_error_handler('errorHandle'); | |
$fp=@fsockopen($ipaddress,$portval,$errno,$errval,5) or havok(6,$servername,$portval); | |
stream_set_timeout($fp,5); | |
# for persistent connections, this may be necessary | |
/* | |
$ub=stream_get_meta_data($fp); | |
$ub=$ub['unread_bytes']; | |
if($ub>0) fread($fp,$ub); | |
*/ | |
fwrite($fp,$out); | |
$response='100'; | |
while($response=='100'){ | |
$responseline=fgets($fp,8192); | |
$response=substr($responseline,9,3); | |
$headers=array(); | |
while($curline!="\r\n" && $curline=fgets($fp,8192)){ | |
$harr=explode(':',$curline,2); | |
$headers[strtolower($harr[0])][]=trim($harr[1]); | |
} | |
} | |
#if($headers['pragma'][0]==null) header('Pragma: public'); | |
#if($headers['cache-control'][0]==null) header('Cache-Control: public'); | |
#if($headers['last-modified'][0]==null && $headers['expires']==null) header('Expires: '.date('D, d M Y H:i:s e',time()+86400)); | |
# read and store cookies | |
if(empty($_COOKIE[COOK_PREF.'_remove_cookies'])){ | |
for($i=0;$i<count($headers['set-cookie']);$i++){ | |
$thiscook=explode('=',$headers['set-cookie'][$i],2); | |
if(!strpos($thiscook[1],';')) $thiscook[1].=';'; | |
$cook_val=substr($thiscook[1],0,strpos($thiscook[1],';')); | |
$cook_domain=preg_replace('/^.*domain=[ ]*\.?([^;]+).*?$/i','\1',$thiscook[1]); #* | |
if($cook_domain==$thiscook[1]) $cook_domain=$cook_prefdomain; | |
elseif(substr($cook_prefdomain,strlen($cook_prefdomain)-strlen($cook_domain),strlen($cook_domain))!=$cook_domain) continue; | |
$cook_name=str_replace('.','_',$cook_domain).COOKIE_SEPARATOR.$thiscook[0]; | |
if(ENCRYPT_COOKS){ | |
$cook_name=proxenc($cook_name); | |
$cook_val=proxenc($cook_val); | |
} | |
dosetcookie($cook_name,$cook_val); | |
} | |
} | |
if($response{0}=='3' && $response{1}=='0' && $response{2}!='4'){ | |
$urlobj=new aurl($url); | |
$redirurl=framify_url(surrogafy_url($headers['location'][0],$urlobj),NEW_PAGETYPE_FRAMED_PAGE); | |
fclose($fp); | |
restore_error_handler(); | |
finish_noexit(); | |
header("Location: {$redirurl}"); | |
exit(); | |
} | |
$oheaders=$headers; | |
$oheaders['location']=$oheaders['content-length']=$oheaders['content-encoding']= | |
$oheaders['set-cookie']=$oheaders['transfer-encoding']=$oheaders['connection']= | |
$oheaders['keep-alive']=$oheaders['pragma']=$oheaders['cache-control']=$oheaders['expires']=null; | |
while(list($key,$val)=each($oheaders)) if(!empty($val[0])) header("{$key}: {$val[0]}"); | |
unset($oheaders); | |
header("Status: {$response}"); | |
if(substr($headers['content-type'][0],0,4)=='text' || substr($headers['content-type'][0],0,24)=='application/x-javascript'){ | |
$justoutput=false; | |
$justoutputnow=false; | |
} | |
else{ | |
$justoutputnow=($headers['content-encoding'][0]=='gzip'?false:true); | |
$justoutput=true; | |
} | |
if($headers['transfer-encoding'][0]=='chunked'){ | |
$body=null; | |
$chunksize=null; | |
while($chunksize!==0){ | |
$chunksize=intval(fgets($fp,8192),16); | |
$bufsize=$chunksize; | |
while($bufsize>=1){ | |
$chunk=fread($fp,$bufsize); | |
if($justoutputnow) echo $chunk; | |
else $body.=$chunk; | |
$bufsize-=strlen($chunk); | |
} | |
fread($fp,2); | |
} | |
} | |
// Content-Length stuff - commented for even more chocolatey goodness | |
/*elseif($headers['content-length'][0]!=null){ | |
$conlen=$headers['content-length'][0]; | |
$body=null; | |
for($i=0;$i<$conlen;$i+=$read){ | |
$read=($conlen-$i<8192?$conlen-$i:8192); | |
$byte=fread($fp,$read); | |
if($justoutputnow) echo $byte; | |
else $body.=$byte; | |
} | |
}*/ | |
else{ | |
if(function_exists('stream_get_contents')){ | |
if($justoutputnow) echo stream_get_contents($fp); | |
else $body=stream_get_contents($fp); | |
} | |
else{ | |
$body=null; | |
while(true){ | |
$chunk=fread($fp,8192); | |
if(empty($chunk)) break; | |
if($justoutputnow) echo $chunk; | |
else $body.=$chunk; | |
} | |
} | |
} | |
fclose($fp); | |
restore_error_handler(); | |
if(GZIP_PROXY_SERVER && $headers['content-encoding'][0]=='gzip') $body=gzinflate(substr($body,10)); | |
if($justoutput){ | |
if(!$justoutputnow) echo $body; | |
finish(); | |
} | |
return array($body,$url,$cook_prefix); | |
} | |
# }}} | |
# }}} | |
# PROXY EXECUTION {{{ | |
# PROXY EXECUTION: USER COOKIES {{{ | |
global $proxy_variables; | |
$proxy_variables=array(COOK_PREF,COOK_PREF.'_pip',COOK_PREF.'_pport',COOK_PREF.'_useragent',COOK_PREF.'_useragenttext',COOK_PREF.'_url_form',COOK_PREF.'_remove_cookies',COOK_PREF.'_remove_referer',COOK_PREF.'_remove_scripts',COOK_PREF.'_remove_objects',COOK_PREF.'_encrypt_urls',COOK_PREF.'_encrypt_cooks'); | |
if($postandget[COOK_PREF.'_set_values']){ | |
$proxy_varblacklist=array(COOK_PREF); | |
if($postandget[COOK_PREF.'_useragent']!='1'){ | |
unset($postandget[COOK_PREF.'_useragenttext']); | |
dosetcookie(COOK_PREF.'_useragenttext',false,0); | |
} | |
while(list($key,$val)=each($proxy_variables)){ | |
if(!in_array($val,$proxy_varblacklist)){ | |
dosetcookie($val,false,0); | |
if(isset($postandget[$val]) && !empty($postandget[$val])) dosetcookie($val,$postandget[$val]); | |
} | |
} | |
$theurl=framify_url(surrogafy_url(ORIG_URL),PAGETYPE_FRAME_TOP); | |
#$theurl=surrogafy_url((ENCRYPT_URLS?proxdec($theurl):$theurl),null); | |
header("Location: {$theurl}"); | |
finish(); | |
} | |
# }}} | |
# PROXY EXECUTION: PROXY GET/POST/COOKIES {{{ | |
define('PIP',(FORCE_DEFAULT_TUNNEL?$_COOKIE[COOK_PREF.'_pip']:DEFAULT_TUNNEL_PIP)); | |
define('PPORT',intval(FORCE_DEFAULT_TUNNEL?$_COOKIE[COOK_PREF.'_pport']:DEFAULT_TUNNEL_PPORT)); | |
define('ENCRYPT_COOKS',gethardattr('encrypt_cooks')); | |
global $referer; | |
if($_SERVER['HTTP_REFERER']==null){ | |
$refurlobj=new aurl($_SERVER['HTTP_REFERER']); | |
$referer=proxdec(preg_replace('/^[\s\S]*'.COOK_PREF.'=([^&]*)[\s\S]*$/i','\1',$refurlobj->get_path())); #* | |
} | |
else $referer=null; | |
#$getkeys=array_keys($_GET); | |
#foreach($getkeys as $getvar){ if(!in_array($getvar,$proxy_variables)){ $curr_url.=(strpos($curr_url,'?')===false?'?':'&')."$getvar=".urlencode($_GET[$getvar]); } } | |
global $post_vars; | |
$post_vars=null; | |
$postkeys=array_keys($_POST); | |
foreach($postkeys as $postkey){ | |
if(!in_array($postkey,$proxy_variables)){ | |
if(!is_array($_POST[$postkey])) | |
$post_vars.=($post_vars!=null?'&':null).httpclean($postkey).'='.httpclean($_POST[$postkey]); | |
else{ | |
foreach($_POST[$postkey] as $postval) | |
$post_vars.=($post_vars!=null?'&':null).httpclean($postkey).'%5B%5D='.httpclean($postval); | |
} | |
} | |
} | |
unset($postkeys); | |
# }}} | |
# PROXY EXECUTION: DNS CACHE {{{ | |
if(!isset($_SESSION['DNS_CACHE_ARRAY'])) $dns_cache_array=array(); | |
else $dns_cache_array=$_SESSION['DNS_CACHE_ARRAY']; | |
# purge old records from DNS cache | |
while(list($key,$entry)=each($dns_cache_array)){ | |
if($entry['time']<time()-(DNS_CACHE_EXPIRE*60)) unset($dns_cache_array[$key]); | |
} | |
# }}} | |
# PROXY EXECUTION: PAGE RETRIEVAL {{{ | |
$pagestuff=getpage($curr_url); | |
$body=$pagestuff[0]; | |
$tbody=trim($body); | |
if(($tbody{0}=='"' && substr($tbody,-1)=='"') || ($tbody{0}=='\'' && substr($tbody,-1)=='\'')){ | |
echo $body; | |
finish(); | |
} | |
unset($tbody); | |
$curr_url=$pagestuff[1]; | |
define('PAGECOOK_PREFIX',$pagestuff[2]); | |
unset($pagestuff); | |
define('CONTENT_TYPE',preg_replace('/^([a-z0-9\-\/]+).*$/i','\1',$headers['content-type'][0])); #* | |
# }}} | |
# PROXY EXECUTION: PAGE PARSING {{{ | |
if(strpos($body,'<base')){ | |
$base=preg_replace('/^.*'.BASE_REGEXP.'.*$/is','\1',$body); | |
if(!empty($base) && $base!=$body && !empty($base{100})){ | |
$body=preg_replace('/'.BASE_REGEXP.'/i',null,$body); | |
//preg_match('/^(["\']).*\1$/i',$base)>0 | |
if(($base{0}=='"' && substr($base,-1)=='"') || ($base{0}=='\'' && substr($base,-1)=='\'')) | |
$base=substr($base,1,strlen($base)-2); #* | |
$curr_url=$base; | |
} | |
unset($base); | |
} | |
global $curr_urlobj; | |
$curr_urlobj=new aurl($curr_url); | |
# PROXY EXECUTION: PAGE PARSING: PARSING FUNCTIONS {{{ | |
function parse_html($regexp,$partoparse,$html,$addproxy,$framify){ | |
global $curr_urlobj; | |
$newhtml=null; | |
while(preg_match($regexp,$html,$matcharr,PREG_OFFSET_CAPTURE)){ | |
$nurl=surrogafy_url($matcharr[$partoparse][0],$curr_urlobj,$addproxy); | |
if($framify) $nurl=framify_url($nurl,$framify); | |
$begin=$matcharr[$partoparse][1]; | |
$end=$matcharr[$partoparse][1]+strlen($matcharr[$partoparse][0]); | |
$newhtml.=substr_replace($html,$nurl,$begin); | |
$html=substr($html,$end,strlen($html)-$end); | |
} | |
$newhtml.=$html; | |
return $newhtml; | |
} | |
function regular_express($regexp_array,$thevar){ | |
#$regexp_array[2].='S'; # in benchmarks, this 'optimization' appeared to not do anything at all, or possibly even slow things down | |
if($regexp_array[0]==1) $newvar=preg_replace($regexp_array[2],$regexp_array[3],$thevar); | |
elseif($regexp_array[0]==2){ | |
$addproxy=(isset($regexp_array[4])?$regexp_array[4]:true); | |
$framify=(isset($regexp_array[5])?$regexp_array[5]:false); | |
$newvar=parse_html($regexp_array[2],$regexp_array[3],$thevar,$addproxy,$framify); | |
} | |
return $newvar; | |
} | |
function parse_all_html($html){ | |
global $regexp_arrays; | |
if(CONTENT_TYPE!='text/html'){ | |
for(reset($regexp_arrays);list($key,$arr)=each($regexp_arrays);){ | |
if($key==CONTENT_TYPE){ | |
foreach($arr as $regarr){ | |
if($regarr==null) continue; | |
$html=regular_express($regarr,$html); | |
} | |
} | |
} | |
return $html; | |
} | |
#if(!empty($_COOKIE[COOK_PREF.'_remove_scripts'])) $splitarr=array($html); | |
$splitarr=preg_split('/(<!--(?!\[if).*?-->|<style.*?<\/style>|<script.*?<\/script>)/is',$html,-1,PREG_SPLIT_DELIM_CAPTURE); | |
unset($html); | |
//define('REGEXP_SCRIPT_ONEVENT','( on[a-z]{3,20}=(?:"(?:[^"]+)"|\'(?:[^\']+)\'|[^"\' >][^ >]+[^"\' >]))'); | |
$firstrun=true; | |
$firstjsrun=true; | |
for(reset($regexp_arrays);list($key,$arr)=each($regexp_arrays);){ | |
if($key=='text/javascript') continue; | |
// OPTION1: use ONLY if no Javascript REGEXPS affect HTML sections | |
// and all HTML modifying Javascript REGEXPS are performed after HTML regexps | |
// This gives a pretty significant speed boost | |
// If used, make sure "OPTION2" lines are commented, and other "OPTION1" lines AREN'T | |
if($firstjsrun && $key=='application/x-javascript'){ | |
if(!empty($_COOKIE[COOK_PREF.'_remove_scripts'])) break; | |
$splitarr2=array(); | |
for($i=0;$i<count($splitarr);$i+=2){ | |
$splitarr2[$i]=preg_split('/'.REGEXP_SCRIPT_ONEVENT.'/is',$splitarr[$i],-1,PREG_SPLIT_DELIM_CAPTURE); | |
} | |
} | |
// END OPTION1 | |
# firstrun remove scripts: on<event>s and noscript tags; also remove objects | |
if($firstrun && (!empty($_COOKIE[COOK_PREF.'_remove_scripts']) || !empty($_COOKIE[COOK_PREF.'_remove_objects']))){ | |
for($i=0;$i<count($splitarr);$i+=2){ | |
if(!empty($_COOKIE[COOK_PREF.'_remove_scripts'])) | |
$splitarr[$i]=preg_replace('/(?:'.REGEXP_SCRIPT_ONEVENT.'|<.?noscript>)/is',null,$splitarr[$i]); | |
if(!empty($_COOKIE[COOK_PREF.'_remove_objects'])) | |
$splitarr[$i]=preg_replace('/<(embed|object).*?<\/\1>/is',null,$splitarr[$i]); | |
} | |
} | |
foreach($arr as $regexp_array){ | |
if($regexp_array==null) continue; | |
for($i=0;$i<count($splitarr);$i++){ | |
# parse scripts for on<event>s | |
if($i%2==0 && isset($splitarr2) && $regexp_array[1]==2){ // OPTION1 | |
// OPTION2 | |
//if($regexp_array[1]==2 && $i%2==0){ // OPTION2 | |
//$splitarr2[$i]=preg_split('/( on[a-z]{3,20}=(?:"(?:[^"]+)"|\'(?:[^\']+)\'|[^"\' >][^ >]+[^"\' >]))/is',$splitarr[$i],-1,PREG_SPLIT_DELIM_CAPTURE); | |
// END OPTION2 | |
//if(count($splitarr2[$i])<2) $splitarr[$i]=regular_express($regexp_array,$splitarr[$i]); // UNRELATED TO OPTIONS | |
if(count($splitarr2[$i])>1){ | |
for($j=1;$j<count($splitarr2[$i]);$j+=2){ | |
$begin=preg_replace('/^([^=]+=.).*$/i','\1',$splitarr2[$i][$j]); | |
$quote=substr($begin,-1); | |
if($quote!='"' && $quote!='\''){ | |
$quote=null; | |
$begin=substr($begin,0,-1); | |
} | |
$code=preg_replace('/^[^=]+='.($quote==null?'(.*)$/i':'.(.*).$/i'),'\1',$splitarr2[$i][$j]); | |
if(substr($code,0,11)=='javascript:'){ | |
$begin.='javascript:'; | |
$code=substr($code,11); | |
} | |
if($firstjsrun) $code=";{$code};"; | |
$splitarr2[$i][$j]=$begin.regular_express($regexp_array,$code).$quote; | |
} | |
//$splitarr[$i]=implode(null,$splitarr2[$i]); // OPTION2 | |
} | |
} | |
# remove scripts | |
elseif($firstrun && !empty($_COOKIE[COOK_PREF.'_remove_scripts']) && strtolower(substr($splitarr[$i],0,7))=='<script') | |
$splitarr[$i]=null; | |
# parse valid stuff | |
elseif(($i%2==0 && $regexp_array[1]==1) || ($regexp_array[1]==2 && strtolower(substr($splitarr[$i],0,7))=='<script') || ($key=='text/css' && strtolower(substr($splitarr[$i],0,6))=='<style')){ | |
$splitarr[$i]=regular_express($regexp_array,$splitarr[$i]); | |
} | |
# script purge cleanup | |
if($firstrun && empty($_COOKIE[COOK_PREF.'_remove_scripts']) && strtolower(substr($splitarr[$i],-9))=='</script>' && !preg_match('/^[^>]*src/i',$splitarr[$i])){ | |
$splitarr[$i]=preg_replace('/'.END_OF_SCRIPT_TAG.'$/i',';'.COOK_PREF.'.purge();//--></script>',$splitarr[$i]); | |
} | |
} | |
$firstrun=false; | |
if($firstjsrun && $key=='application/x-javascript') | |
$firstjsrun=false; | |
} | |
} | |
// OPTION1 | |
if(empty($_COOKIE[COOK_PREF.'_remove_scripts'])){ | |
for($i=0;$i<count($splitarr);$i+=2){ | |
$splitarr[$i]=implode(null,$splitarr2[$i]); | |
} | |
} | |
// END OPTION1 | |
return implode(null,$splitarr); | |
} | |
# }}} | |
//$starttime=microtime(true); # BENCHMARK | |
$body=parse_all_html($body); | |
//$parsetime=microtime(true)-$starttime; # BENCHMARK | |
# PROXY EXECUTION: PAGE PARSING: PROXY HEADERS/JAVASCRIPT {{{ | |
if(CONTENT_TYPE=='text/html'){ | |
$big_headers='<meta name="robots" content="noindex, nofollow" />'. | |
(PAGETYPE_ID===PAGETYPE_FRAMED_PAGE?'<base target="_top">':null). | |
'<link rel="shortcut icon" href="'.surrogafy_url($curr_urlobj->get_proto().'://'.$curr_urlobj->get_servername().'/favicon.ico').'" />'. | |
(empty($_COOKIE[COOK_PREF.'_remove_scripts'])? | |
'<script type="text/javascript" src="'.THIS_SCRIPT.'?js_funcs'.(PAGE_FRAMED?'_framed':null).'"></script>'. | |
'<script type="text/javascript" src="'.THIS_SCRIPT.'?js_regexps'.(PAGE_FRAMED?'_framed':null).'"></script>'. | |
'<script language="javascript">'. | |
//'<!--'. | |
COOK_PREF.'.DOCUMENT_REFERER="'.(URL_FORM?str_replace('"','\\"',$referer):null).'";'. | |
COOK_PREF.'.CURR_URL="'.str_replace('"','\\"',$curr_urlobj->get_url()).'"+location.hash;'.COOK_PREF.'.gen_curr_urlobj();'. | |
COOK_PREF.'.LOCATION_SEARCH="'.($curr_urlobj->get_query()!=null?'?'.str_replace('"','\\"',$curr_urlobj->get_query()):null).'";'. | |
COOK_PREF.'.LOCATION_HOSTNAME="'.str_replace('"','\\"',$curr_urlobj->get_servername()).'";'. | |
COOK_PREF.'.LOCATION_PORT="'.str_replace('"','\\"',$curr_urlobj->get_portval()).'";'. | |
COOK_PREF.'.ENCRYPT_URLS='.bool_to_js(ENCRYPT_URLS).';'. | |
COOK_PREF.'.ENCRYPT_COOKS='.bool_to_js(ENCRYPT_COOKS).';'. | |
COOK_PREF.'.URL_FORM='.bool_to_js(URL_FORM).';'. | |
COOK_PREF.'.PAGE_FRAMED='.bool_to_js(PAGE_FRAMED).';'. | |
COOK_PREF.".USERAGENT=\"{$useragent}\";". | |
(URL_FORM && PAGETYPE_ID==PAGETYPE_FRAMED_PAGE?'if('.COOK_PREF.'.theparent=='.COOK_PREF.'.thetop) '. | |
COOK_PREF.'.eventify("'.$curr_urlobj->get_proto().'","'.$curr_urlobj->get_servername().'");' | |
:null). | |
//'//-->'. | |
'</script>' | |
:null) | |
; | |
$body=preg_replace('/(?:(<(?:head|body)[^>]*>)|(<(?:\/head|meta|link|script)))/i',"\\1$big_headers\\2",$body,1); | |
unset($big_headers); | |
} | |
elseif(CONTENT_TYPE=='application/x-javascript' || CONTENT_TYPE=='text/javascript') $body.=';'.COOK_PREF.'.purge();'; | |
# }}} | |
# }}} | |
## Retrieved, Parsed, All Ready to Output ## | |
echo $body; | |
//echo 'total time: '.(microtime(true)-$totstarttime)."<br />parse time: {$parsetime} seconds".(isset($oparsetime)?"<br />other time 1: {$oparsetime} seconds":null).(isset($oparsetime2)?"<br />other time 2: {$oparsetime2} seconds":null); # BENCHMARK | |
# }}} | |
finish(); | |
############ | |
## THE END ## | |
############## | |
# | |
# VIM is the ideal way to edit this file. Automatic folding occurs making the | |
# blocks of code easier to read and navigate | |
# vim:foldmethod=marker | |
# | |
################## ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment