1) {
foreach ($_POST as $k => $v ) {
if ($k == $postprefix) {
//We aldready have the url, so do nothing
} else {
//Assemble the post with keys & values
$postval .= urlencode($k)."=".urlencode($v)."&";
}
}
}
//Set method, postval & cookieval
$method = "POST";
$postval = substr($postval, 0, -1);
$cookieval = array();
//Check the link
linkcheck($url,$method,$postval,$cookieval);
}
} elseif ($_GET) {
//De-Obfuscate
$url = de_obfuscate($_GET[$getprefix]);
//Nasty hack for url's with extra args e.g. &k=v
if (count($_GET) > 1) {
//We only want one ?
if (!preg_match("/\?/", $url)) {
$url .= "?";
}
foreach ($_GET as $k => $v ) {
if ($k == $getprefix) {
//We aldready have the url, so do nothing
} else {
//Reassemble the url with keys & values
$url .= "&$k=$v";
}
}
// Gets rid of the GET variables in the URL after a GET form.
// Added by xcham, Aug 06/04
header("Location: " . $serverpath . obfuscate($url));
}
//Set holder
$cookieval = array();
if ($_COOKIE) {
//Get any Cookies we've set
//for the right host
//Parse the url
$urlparsed = parse_url($url);
//Get the host
$host = $urlparsed['host'];
foreach ($_COOKIE as $k => $v ) {
$val = explode("|", $v);
if ($url_obfuscation > 0) {
$val[1] = de_obfuscate($val[1]);
}
if ($val[1] == ".".$host) {
array_push($cookieval, "$k=$val[0]");
}
}
}
//Set method & postval
$method = "GET";
$postval = "NULL";
//Check the link
linkcheck($url,$method,$postval,$cookieval);
} else {
//If server_mode is https force the user
//to access via https
if ($server_mode == "https") {
if (!isset($_SERVER['HTTPS'])) {
header("Location: " . $servername);
exit();
}
}
index();
}
/*************************************************************/
/* Index */
/*************************************************************/
function index() {
global $getprefix, $version;
echo "
pHproxy
pHproxy
Start browsing through this php-based proxy by entering a URL below.
";
}
/*************************************************************/
/* Location Bar */
/*************************************************************/
function location($fullurl) {
global $getprefix;
$location = "
";
return $location;
}
/*************************************************************/
/* Error Messages */
/*************************************************************/
function error_blank() {
echo "pHproxy ";
echo "You have to enter a url or domain name ";
echo "Restart ";
}
function error_loop() {
echo "pHproxy ";
echo "You have entered the url of this proxy. ";
echo "Restart ";
}
function error_banned() {
echo "pHproxy ";
echo "You tried to access a restricted server. The owner of this
proxy has restricted which servers it can access,
presumably for security or bandwidth reasons. ";
echo "Restart ";
}
function error_mime() {
echo "pHproxy ";
echo "You tried to access a non-text mime type. This
proxy has been configured to operate in text-only mode,
presumably for security or bandwidth reasons. ";
echo "Restart ";
}
function error_gd() {
echo "pHproxy ";
echo "This proxy has been configured on a server that does
not have GD support. Please disable the pad_images option. ";
echo "Restart ";
}
function error_crypt2plain() {
global $serverpath;
echo "pHproxy ";
echo "You have requested the encrypted contents of an
SSL-enabled web server (HTTPS) but have accessed pHproxy though
plaintext (HTTP). The encrypted contents will be transfered to
you in plaintext. This is a serious security risk.";
echo "Restart ";
}
/*************************************************************/
/* (De) Obfuscate */
/*************************************************************/
function obfuscate($url) {
global $url_obfuscation, $passwd;
if ($url_obfuscation == 1) {
return base64_encode($url);
} elseif ($url_obfuscation == 2) {
return str_rot13($url);
} elseif ($url_obfuscation == 3) {
return xorcist($url, $passwd);
} else {
return rawurlencode($url);
}
}
function de_obfuscate($url) {
global $url_obfuscation, $passwd;
if ($url_obfuscation == 1) {
return base64_decode($url);
} elseif ($url_obfuscation == 2) {
return str_rot13($url);
} elseif ($url_obfuscation == 3) {
return de_xorcist($url, $passwd);
} else {
return rawurldecode($url);
}
}
/*************************************************************/
/* XOR (Server Side) */
/*************************************************************/
function xorcist($string, $passwd) {
$xorized = "";
$index = 0;
$ichars = str_split($string);
foreach ($ichars as $i) {
$xor1 = ord($i);
$xor2 = ord($passwd[$index % strlen($passwd)]);
$xored = ($xor1 ^ $xor2);
$xorized .= sprintf("%02x", $xored);
$index++;
}
return $xorized;
}
function str_split($string, $split_length = 1) {
$strlen = strlen($string);
for ($i = 0; $i < $strlen; $i += $split_length) {
$array[] = substr($string, $i, $split_length);
}
return $array;
}
/*************************************************************/
/* de-XOR (Server Side) */
/*************************************************************/
function de_xorcist($string, $passwd) {
// Decode string
$string = base16_decode($string);
//de-XOR
$output = '';
for ($i = 0; $i < strlen($string); $i++) {
$output .= chr(ord($string{$i})
^ ord($passwd{$i % strlen($passwd)}));
}
return $output;
}
function base16_decode($string) {
$hex_digits = '0123456789abcdef';
$output='';
for ($i = 0; $i < strlen($string); $i = $i + 2) {
$char_code = (strpos($hex_digits, $string{$i}) << 4)
| (strpos($hex_digits, $string{$i+1}));
$output .= chr($char_code);
}
return $output;
}
/*************************************************************/
/* XOR (Client Side) */
/*************************************************************/
// Original JavaScript by Tim Smith.
function gen_symbolname() {
$obfusc_ch = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890";
// choose a random length between 13 and 32
$len = rand(13,32); // should be long enough to avoid collision
$s_name = "";
for ($i = 0; $i < $len; $i++) {
$s_name .= substr($obfusc_ch,rand(0,strlen($obfusc_ch) - 1),1);
}
// ensure that it starts with a letter and not a number
// index 51 is where the letters end (26 * 2 - 1)
$s_name = substr($obfusc_ch,rand(0,51),1) . $s_name;
return $s_name;
}
function gen_spaces() {
$MAX = 50;
$MIN = 20;
$N = rand($MIN,$MAX);
$str = "";
for ($i = 0; $i < $N; $i++)
{
$str .= " ";
}
return $str;
}
function spaceify($str) {
$ar = explode("\n",$str);
$str2 = "";
foreach ($ar as $val) {
$str2 .= gen_spaces() . $val . (rand(0,1) ? "\n" : "");
}
return $str2;
}
function xorjs($xorized, $passwd) {
$symbols = array(
"base16_decode" => gen_symbolname(),
"string" => gen_symbolname(),
"hex_digits" => gen_symbolname(),
"output" => gen_symbolname(),
"i" => gen_symbolname(),
"char_code" => gen_symbolname(),
"xor_decode" => gen_symbolname(),
"output" => gen_symbolname(),
"passwd" => gen_symbolname(),
"key" => gen_symbolname(),
"j" => gen_symbolname(),
"docwritefn" => gen_symbolname()
);
// randomly create javascript function, to throw off pattern matching
// for doc.write
$coinflip = rand(0,1);
$obfusc_fn = "
function " . $symbols['docwritefn'] . "(str) {
document.write(str);
}";
if ($coinflip == 0) {
$symbols['docwritefn'] = "document.write";
}
$position = rand(0,3);
return spaceify("
");
}
/*************************************************************/
/* Link Check */
/*************************************************************/
function linkcheck($url,$method,$postval,$cookieval) {
global $servername, $allowed_servers, $banned_servers, $banned_networks;
$ok = 1;
//Blank Check
if ($url == "") {
//No url
error_blank();
} elseif ($url == $servername) {
//Calling itself, infinite loop
error_loop();
} else {
//Get rid of any space
$url = preg_replace("/ /i", "%20", $url);
//Check if url starts with http
preg_match("/^(.*:\/\/)?([^:\/]+)/i", $url, $match);
if (!preg_match("/^http(s?):\/\//i", $match[1])) { $url = "http://$url";};
//Parse the url
$urlparsed = parse_url($url);
$host = $urlparsed['host'];
$hostaddr = gethostbyname($host);
//Check if banned_network
if (count($banned_networks) > 0) {
foreach ($banned_networks as $banned_net) {
if (preg_match("/^$banned_net/", $hostaddr)) {
$ok = 0;
}
}
}
//Check if banned_server
if (count($banned_servers) > 0) {
foreach ($banned_servers as $banned_serv) {
$banned_ip = gethostbyname($banned_serv);
if (preg_match("/^$banned_ip/", $hostaddr)) {
$ok = 0;
}
}
}
//Check if allowed_servers
if (count($allowed_servers) > 0) {
$ok = 0;
foreach ($allowed_servers as $allowed_serv) {
$allowed_ip = gethostbyname($allowed_serv);
if (preg_match("/^$allowed_ip/", $hostaddr)) {
$ok = 1;
}
}
}
//Get the URL
if ($ok == 1) {
proxy($url,$method,$postval,$cookieval);
} else {
//Server is banned
error_banned();
}
}
}
/*************************************************************/
/* URL Join */
/*************************************************************/
//URLJoin was made possible thanks to uber-help from Catspaw!
function urljoin($prev,$next) {
//Don't fuck with the order of things, this was unpleasant
//move $next & $prev to lowercase
//$prev = strtolower($prev);
//$next = strtolower($next);
//Parse the url
$urlparsed = parse_url($prev);
//Get the scheme
$scheme = $urlparsed['scheme']."://";
//Strip anchor
$prev = array_shift(split("#", $prev));
$next = array_shift(split("#", $next));
$prev = preg_replace("/\?.*/","",$prev);
//If there is nothing after the hostname, ensure there is a trailing slash
if (count(split("/", $prev)) < 4) {
$prev = "$prev"."/";
}
//Kick the previous filename off, so we can append other stuff
//array_pop(split("/", $prev));
$x = split("/", $prev);
array_pop($x);
$prev = implode("/", $x);
//If the next url is ablsolute, just use it
if (preg_match("/:\/\//", $next)) {
return $next;
}
//Split by /
$baseURL = split("/", preg_replace("/.*:\/\//","",$prev));
//Remove blanks
$baseURL = array_filter($baseURL, "is_blank");
//If it doesnt start with a / or a . then append to url
if ((substr("$next",0,1) != "/") && (substr("$next",0,1) != ".")) {
return $scheme.implode("/", $baseURL)."/$next";
}
elseif ($next == "/") {
return $scheme.array_shift($baseURL);
}
elseif (substr("$next",0,2) == "//") {
return $scheme.substr("$next",2);
}
elseif (substr("$next",0,1) == "/") {
return $scheme.array_shift($baseURL)."/".substr("$next",1);
}
elseif (substr("$next",0,2) == "./") {
return $scheme.implode("/", $prev)."/".substr("$next",2);
}
else {
$adders = split("/", $next);
foreach ($adders as $m) {
if (($m == "..") && (count($baseURL) > 1)) {
array_pop($baseURL);
} elseif ($m != "..") {
array_push($baseURL, "$m");
}
}
return $scheme.implode("/", $baseURL);
}
}
//Blank Remove Check
function is_blank($var) {
return ($var != "");
}
/*************************************************************/
/* Script Stripper */
/*************************************************************/
//TODO: This needs to be done right!
function script_stripper($stuff) {
//Script Tags
$tags = array("''si",
"' ]*?>'si",
"' ]*?>'si",
"']*?>.*? 'si",
"']*?>.*? 'si",
"''si");
$stuff = preg_replace($tags, "", $stuff);
/*
//JS event handlers found inside html tags
//Takes too long if using more than 5 tags
$intags = array(/<(\w*\s)(.*?)(style=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onClick=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onload=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onMouseOut=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onMouseOver=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onSubmit=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onChange=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onFocus=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onBlur=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onDblClick=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onDragDrop=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onError=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onKeyDown=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onKeyPress=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onKeyUp=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onMouseDown=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onMouseUp=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onMove=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onReset=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onResize=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onSelect=['\"].*?['\"])/si",
"/<(\w*\s)(.*?)(onUnload=['\"].*?['\"])/si");
$replacement = "<\$1\$2";
$stuff = preg_replace($intags, $replacement, $stuff);
*/
return $stuff;
}
//Fix postnuke's &
function fixpostnuke($stuff) {
$stuff = preg_replace("/&/si", "&", $stuff);
return $stuff;
}
/*************************************************************/
/* Pad Images */
/*************************************************************/
function padimages($img,$mime) {
//Get GD info
$gdinfo = gd_info();
$image_mime = array();
foreach ($gdinfo as $k => $v ) {
if (($k == "JPG Support") && ($v)) {
array_push($image_mime, "image/jpeg");
}
if (($k == "PNG Support") && ($v)) {
array_push($image_mime, "image/png");
}
//Support for GIF was restored in gd 2.0.28
if (($k == "GIF Create Support") && ($v)) {
array_push($image_mime, "image/gif");
}
}
if (in_array($mime, $image_mime)) {
$imgpad = str_repeat(decbin(rand(1,100)), rand(1,10));
$src_img = imagecreatefromstring($img);
$text_color = imagecolorallocate($src_img, 0, 0, 255);
imagestring($src_img, 1, 5, 5, $imgpad, $text_color);
if (preg_match("/image\/gif/i", $mime)) {
imagegif($src_img);
}
if (preg_match("/image\/jpeg/i", $mime)) {
imagejpeg($src_img);
}
if (preg_match("/image\/png/i", $mime)) {
imagepng($src_img);
}
imagedestroy($src_img);
} else {
echo $img;
}
}
/*************************************************************/
/* Proxy Socket */
/*************************************************************/
function proxysocket($url,$method,$postval,$cookieval) {
global $server_mode, $serverpath, $url_obfuscation, $version;
$headers = "";
$html = "";
//Parse the url
$urlparsed = parse_url($url);
$scheme = $urlparsed['scheme'];
$host = $urlparsed['host'];
if(count($urlparsed) > 2) {
//It parsed a path
$path = $urlparsed['path'];
} else {
$path = "/";
}
//Strip _underscore that parse_url sometimes
//puts on the end of the path
if (substr($path, -1) == '_') {
$path = substr_replace($path, "", strlen($path)-1, strlen($path));
}
//Check the path, is there isn't one its /
if ($path == "") {
$path = "/";
}
//If phproxy is access through http, but is requesting https
//then warn the user that the encrypted text is transfered in plaintext
if (($server_mode == "http") && ($scheme == "https")) {
error_crypt2plain();
exit();
}
//Construct the link path
$link = '';
if (isset($urlparsed['query'])) {
$link .= "?$urlparsed[query]";
}
if (isset($urlparsed['fragment'])) {
$link .= "#$urlparsed[fragment]";
}
$link = $path.$link;
//Get the IP
//fsockopen cannot handle domains with _underscores ?
$ip = gethostbyname($host);
if ($scheme == "https") {
$fp = fsockopen("ssl://".$ip, 443, $errno, $errstr, 30);
} else {
$fp = fsockopen($ip, 80, $errno, $errstr, 30);
}
if (!$fp) {
echo "$errstr ($errno)\n";
} else {
if ($method == "POST") {
$length = strlen($postval);
$out = "POST $path HTTP/1.0\r\n";
$out .= "Host: $host\r\n";
$out .= "User-Agent: Mozilla/5.0 (compatible; pHproxy/$version)\r\n";
$out .= "Referer: $url\r\n";
$out .= "Content-Type: application/x-www-form-urlencoded\r\n";
$out .= "Content-Length: $length\r\n";
$out .= "\r\n";
$out .= $postval;
} else {
$out = "GET $link HTTP/1.0\r\n";
$out .= "Host: $host\r\n";
$out .= "User-Agent: Mozilla/5.0 (compatible; pHproxy/$version)\r\n";
$out .= "Referer: $url\r\n";
if (count($cookieval) > 0) {
foreach ($cookieval as $cookie) {
$out .= "Cookie: $cookie\r\n";
}
}
$out .= "Connection: Close\r\n\r\n";
}
fwrite($fp, $out);
$fheader = 1;
$headers = "";
while (!feof($fp)) {
$line = fgets($fp, 128);
//Grab the headers
if ($fheader == 1) {
if ($line == "\r\n") {
$fheader = 0;
} else {
//Assemble the headers
$headers .= $line;
}
} else {
//Grab the page content
$html .= $line;
}
}
fclose($fp);
}
//Return headers & html
return array($headers, $html);
}
/*************************************************************/
/* Process Headers */
/*************************************************************/
function processheaders($url,$headers) {
global $serverpath, $url_obfuscation, $media_mode, $no_cookies;
//Place holder for headers to process and return
$location = "";
$content_type = "";
$content_disposition = "";
$set_cookie = "";
//Parse the url
$urlparsed = parse_url($url);
$scheme = $urlparsed['scheme'];
$host = $urlparsed['host'];
//Split headers into array
$headers = preg_split("/\n/", $headers);
//Start processing the headers
foreach ($headers as $headerline) {
//Location header (302 re-direct)
if (preg_match("/Location: (.*)/i", $headerline)) {
//Some 302 redirects use just the path, need to construct a full url
if (!preg_match("/[Ll]ocation: $scheme/i", $headerline)) {
$fullurl = $scheme."://".$host."/";
$headerline = preg_replace("/Location: (.*)/ie","'Location: $fullurl'.'\\1'",$headerline);
}
if ($url_obfuscation == 0) {
$location = preg_replace("/Location: (.*)/ie","'Location: $serverpath'.'\\1'",$headerline);
} else {
$location = preg_replace("/Location: (.*)/ie","'Location: $serverpath'.obfuscate('\\1')",$headerline);
}
}
// Content-Type
//Text Mimes
$text_mime = array("text/plain",
"text/html",
"text/css");
if (preg_match("/Content-Type: (\w+\/\w+)(.*)/i", $headerline, $matches)) {
$mime = $matches[1];
if (in_array($mime, $text_mime)) {
//Yay text
$content_type = $headerline;
} else {
//media_mode is 2 (all), images are handled in proxy()
if ($media_mode == 2) {
//Get the name of the file
$filearray = preg_split("/\//", $url);
$output_file = $filearray[count($filearray) -1];
$content_type = $headerline;
$content_disposition = "Content-Disposition: attachment; filename=".$output_file;
} else {
//Error
error_mime();
exit();
}
}
}
//Cookies
if (!$no_cookies) {
if (preg_match("/Set-Cookie: (.*)/i", $headerline)) {
//Append the real host to the val, split with |
if ($url_obfuscation > 0) {
$set_cookie = preg_replace("/Set-Cookie: (.*?=.*?)(;)(.*)/ie",
"'Set-Cookie: '.'\\1'.'|'.obfuscate('.$host').'\\2\\3'",$headerline);
} else {
$set_cookie = preg_replace("/Set-Cookie: (.*?=.*?)(;)(.*)/ie",
"'Set-Cookie: '.'\\1'.'|.$host'.'\\2\\3'",$headerline);
}
//Get rid of the real domain if there is one
$set_cookie = preg_replace("/Set-Cookie: (.*?)(domain=.*)/ie",
"'Set-Cookie: '.'\\1'",$set_cookie);
}
}
//Process more headers
}
return array($location, $content_type, $content_disposition, $set_cookie);
}
/*************************************************************/
/* Proxify HTML */
/*************************************************************/
function proxifyhtml($url,$html) {
global $servername, $serverpath, $serverpost,
$script_stripper, $getprefix, $postprefix,
$passwd, $xormode;
//Proxify the HTML
//Fix postnuke's &
$url_tags = "href=|url=|src=|background=|code=|codebase=|archive=|data=|usemap=";
$html = preg_replace("/(<[^>]*)($url_tags)(['\"]?)(.*?)(['\" >])/ie",
"'\\1\\2\\3'.'$serverpath'.obfuscate(urljoin('$url',fixpostnuke('\\4'))).'\\5'", $html);
//Proxify weird css tag
$html = preg_replace("/(