网站安全攻击和防御中的屏蔽代理服务器
来源:互联网 发布:铁塔倾斜度的算法 编辑:程序博客网 时间:2024/06/11 02:20
网站安全攻击和防御中的屏蔽代理服务器
网站安全一直是个重要话题,本人写了网络攻防的屏蔽代理服务器相关代码,分享下:
1. 写个网页request类:
using System;using System.Collections.Generic;using System.IO;using System.Linq;using System.Net;using System.Text;using System.Threading;using System.Threading.Tasks;namespace ConsoleApplication1{ public class WebRequestUtil { public static string responseBody = string.Empty; public static bool GetWeb(string uri, string proxyAddress = "", int proxyPort = 0) { string serverUri = string.Format(uri); ////set limit for supporting 200 connection ServicePointManager.DefaultConnectionLimit = 1000; HttpWebRequest request = (HttpWebRequest)WebRequest.Create(serverUri); if (!string.IsNullOrEmpty(proxyAddress)) { WebProxy myproxy = new WebProxy(proxyAddress, proxyPort); request.Proxy = myproxy; } ////extend timeout for decrease request timeout re-trying times request.Timeout = 60 * 1000; request.Method = @"GET"; UTF8Encoding encoding = new UTF8Encoding(); request.Headers.Set("Cache-Control", @"no-cache"); request.UserAgent = "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)"; try { HttpWebResponse response = (HttpWebResponse)request.GetResponse(); bool isSent = false; int retryCount = 0; string errorStr = string.Empty; while (!isSent && retryCount <= 2) { retryCount++; try { using (StreamReader stream = new StreamReader(response.GetResponseStream(), Encoding.UTF8)) { responseBody = stream.ReadToEnd(); } isSent = true; } catch (Exception exc) { if (!errorStr.Contains(exc.ToString())) { errorStr += exc.ToString(); } ////Re-try when operation timeout if (!exc.ToString().Contains("The operation has timed out")) { LogError(exc.ToString()); } Thread.Sleep(1000); } } if (retryCount > 100) { string err = string.Format("request.GetRequestStream try 100 times and timeout! detail error: {0}", errorStr); LogError(err); return false; } ////need to close or abort request for each call to fix timeout issue, otherwise it will fail when the 3rd call! if (request != null) { request.Abort(); } if (response.StatusCode != HttpStatusCode.OK) { string err = string.Format("Failed, error:{1}", response.ToString()); LogError(err); return false; } if (response != null) { response.Close(); } } catch (Exception exc) { LogError(exc.ToString()); return false; } return true; } public static void LogError(string content) { File.AppendAllText("log.log", "ERROR: " + content + Environment.NewLine); } }}
2. 采集代理服务器代码:
using System;using System.Collections.Generic;using System.Linq;using System.Net;using System.Reflection;using System.Text;using System.Threading.Tasks;using Microsoft.ServiceBus;using Microsoft.ServiceBus.Messaging;using System.Threading;using System.IO;using System.Text.RegularExpressions;namespace ConsoleApplication1{ class Program { static int FailCount = 0; static int TotalCount = 0; const string IPRegex = @"(\d{1,3}\.){3}\d{1,3}</td><td>\d{1,4}"; static void Main() { DateTime startTime = DateTime.Now; //int i = 0; //while (DateTime.Now < startTime.AddMinutes(5)) { //WriteLog("Try " + i++ + "th round! Begin" + DateTime.Now.ToString()); //WebRequestUtil.GetWeb(@"http://edu.laliyun.com/test.php", "147.47.106.36", 1920); //File.AppendAllText(@"test.txt", WebRequestUtil.responseBody, Encoding.UTF8); string url = @"http://proxy.com.ru/gaoni/list_{0}.html"; for (int i = 1; i <= 63; i++) { WebRequestUtil.GetWeb(string.Format(url, i)); string sourceString = WebRequestUtil.responseBody; string IPs = string.Empty; var matches = Regex.Matches(sourceString, IPRegex); if (matches.Count > 0) { foreach (var m in matches) { string ip = m.ToString().Replace("</td><td>", "#").Split('#')[0]; IPs += ip + Environment.NewLine; } } File.AppendAllText(@"blacklist.txt", IPs, Encoding.UTF8); Console.WriteLine("Done " + i.ToString() + " page."); } //Test2(1); //WriteLog("Total:" + TotalCount); //WriteLog("Fail:" + FailCount); //WriteLog("Try " + i++ + "th round! End" + DateTime.Now.ToString()); } Console.WriteLine("Please press any key to end of this program!\r\n"); Console.ReadKey(); } static void WriteTotalLog(string message) { //WriteLog(message, @"C:\TotalLog.txt"); } static void WriteLog(string message, string path = @"C:\Test\Test#log.txt") { message = "ThreadId:" + Thread.CurrentThread.ManagedThreadId + "," + message + Environment.NewLine; File.AppendAllText(path.Replace("#", Thread.CurrentThread.ManagedThreadId.ToString()), message); } static void WriteErrorLog(string message) { WriteLog(message, @"C:\TestError" + Thread.CurrentThread.ManagedThreadId + "log.txt"); }
3. 多线程攻击服务器代码:
static void Test2(int numThreads) { ManualResetEvent resetEvent = new ManualResetEvent(false); int toProcess = numThreads; // Start workers. for (int i = 0; i < numThreads; i++) { new Thread(delegate() { test(); //Console.WriteLine(Thread.CurrentThread.ManagedThreadId); // If we're the last thread, signal if (Interlocked.Decrement(ref toProcess) == 0) resetEvent.Set(); }).Start(); } // Wait for workers. resetEvent.WaitOne(); WriteTotalLog("Done all!"); } static void test() { TotalCount++; try { WebRequestUtil.GetWeb(@"http://1111.ip138.com/ic.asp", "219.239.236.49", 8888); File.AppendAllText(@"response.html", WebRequestUtil.responseBody, Encoding.UTF8); Console.WriteLine(Thread.CurrentThread.ManagedThreadId + "pass"); } catch (Exception exc2) { FailCount++; WriteErrorLog("Error:" + exc2.ToString()); } } }}
4. Php网页屏蔽代理服务器代码:
<?php$page= file_get_contents("blacklist.txt");if(!empty($_SERVER['HTTP_CLIENT_IP'])){ //check ip from share internet $ip = $_SERVER['HTTP_CLIENT_IP']; }else if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){ //to check ip is pass from proxy $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; }else{ $ip = $_SERVER['REMOTE_ADDR']; }echo $ip;if(strpos($page,$ip)!== false)echo "您使用代理浏览我们的网站,很抱歉本站出于安全考虑屏蔽了代理,请使用非代理浏览,谢谢!";elseecho "执行程序的正常逻辑";?>
演示代码:http://edu.laliyun.com/test.php
0 0
- 网站安全攻击和防御中的屏蔽代理服务器
- 网站安全-前端XSS攻击和防御
- 网站安全 Spring MVC防御CSRF、XSS和SQL注入攻击
- 网站安全 Spring MVC防御CSRF、XSS和SQL注入攻击
- 安全科普:什么是暴力破解攻击?如何检测和防御?
- WEB网站防御XSS攻击思路和XSS实践
- xss防御和攻击
- CSRF安全攻击原理,以及防御措施
- 浅析XSS攻击和防御
- CSRF的攻击和防御
- 全面防御asp网站防黑客攻击
- 一次大规模网站攻击防御报告
- 网站制作如何防御DDOS攻击
- 常用网站攻击手段及防御方法
- 常用网站攻击手段及防御方法
- 网站常见攻击方式与防御汇总
- 如何让前端更安全?——XSS攻击和防御详解
- PHP攻击网站防御代码-以及攻击代码反译
- 语义分析(semantic analysis)
- Water
- FtpClient连接ftp 报Connection reset by peer: socket write error异常
- httpGET和httpPOST
- 使用带进度显示的圆形进度条
- 网站安全攻击和防御中的屏蔽代理服务器
- java native 关键字。。。
- formatDate-------date、datetime型数据用EL表达式在页面显示
- 解决iText 5.0.6生成pdf,出现异常 Font 'STSong-Light' with 'UniGB-UCS2-H' is not recognized.的异常
- 软件工程 - 2、项目管理
- 用JS或者jQuery监听 浏览器窗口大小的变化事件
- 剑指offer源码-旋转数组的最小数字
- 广告牌安放问题
- [Python]Invalid mode ('w') or filename: 'd:\x0bideo'