mirror of
https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS.git
synced 2023-12-14 04:31:21 +00:00
Update anti_ddos_challenge.lua
Added Feature : A new Javascript encryption / Obfuscation method i built to my list of others inside my function, This will take Javascript encrypt it as a base64 string, Split it up into chunks randomize those chunks then output it. Just like a deck of cards you can shuffle the stack and allow the code to run still regardless of the order the deck would come out as. Fix : Added defer and async ability to my Hexdecimal encryption when I Built the encryption function originaly in development I added it to the rest and forgot that one.
This commit is contained in:
C0nw0nk
GitHub
@ -176,6 +176,7 @@ Encrypt/Obfuscate Javascript output to prevent content scrappers and bots decryp
|
||||
2 = Base64 Data URI only
|
||||
3 = Hex encryption
|
||||
4 = Base64 Javascript Encryption
|
||||
5 = --Conor Mcknight's Javascript Scrambler (Obfuscate Javascript by putting it into vars and shuffling them like a deck of cards)
|
||||
]]
|
||||
local encrypt_javascript_output = 0
|
||||
|
||||
@ -349,6 +350,9 @@ local function check_ip_blacklist(ip_table)
|
||||
end
|
||||
check_ip_blacklist(ip_blacklist) --run blacklist check function
|
||||
|
||||
--to have better randomization upon encryption
|
||||
math.randomseed(os.time())
|
||||
|
||||
--function to encrypt strings with our secret key / password provided
|
||||
local function calculate_signature(str)
|
||||
return ngx.encode_base64(ngx.hmac_sha1(secret, ngx.md5(str)))
|
||||
@ -374,6 +378,15 @@ local function stringrandom(length)
|
||||
end
|
||||
--stringrandom(10)
|
||||
|
||||
--shuffle table function
|
||||
function shuffle(tbl)
|
||||
for i = #tbl, 2, -1 do
|
||||
local j = math.random(i)
|
||||
tbl[i], tbl[j] = tbl[j], tbl[i]
|
||||
end
|
||||
return tbl
|
||||
end
|
||||
|
||||
--for my javascript Hex output
|
||||
local function sep(str, patt, re)
|
||||
local rstr = str:gsub(patt, "%1%" .. re)
|
||||
@ -392,7 +405,7 @@ local function encrypt_javascript(string1, type, defer_async, num_encrypt, encry
|
||||
local output = "" --Empty var
|
||||
|
||||
if type == 0 then
|
||||
type = math.random(3, 4) --Random encryption
|
||||
type = math.random(3, 5) --Random encryption
|
||||
end
|
||||
|
||||
if type == 1 or type == nil then --No encryption
|
||||
@ -461,9 +474,17 @@ local function encrypt_javascript(string1, type, defer_async, num_encrypt, encry
|
||||
end
|
||||
end
|
||||
|
||||
if defer_async == "0" or defer_async == nil then --Browser default loading / execution order
|
||||
--https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent
|
||||
output = "<script type=\"text/javascript\" charset=\"" .. default_charset .. "\" data-cfasync=\"false\">eval(decodeURIComponent('" .. hexadecimal_x .. "'))</script>"
|
||||
end
|
||||
if defer_async == "1" then --Defer
|
||||
output = "<script type=\"text/javascript\" defer=\"defer\" charset=\"" .. default_charset .. "\" data-cfasync=\"false\">eval(decodeURIComponent('" .. hexadecimal_x .. "'))</script>"
|
||||
end
|
||||
if defer_async == "2" then --Defer
|
||||
output = "<script type=\"text/javascript\" async=\"async\" charset=\"" .. default_charset .. "\" data-cfasync=\"false\">eval(decodeURIComponent('" .. hexadecimal_x .. "'))</script>"
|
||||
end
|
||||
end
|
||||
|
||||
if type == 4 then --Base64 javascript decode
|
||||
local base64_javascript = "eval(decodeURIComponent(escape(window.atob('" .. ngx.encode_base64(string1) .. "'))))"
|
||||
@ -485,6 +506,40 @@ local function encrypt_javascript(string1, type, defer_async, num_encrypt, encry
|
||||
end
|
||||
end
|
||||
|
||||
if type == 5 then --Conor Mcknight's Javascript Scrambler (Obfuscate Javascript by putting it into vars and shuffling them like a deck of cards)
|
||||
local base64_javascript = ngx.encode_base64(string1) --base64 encode our script
|
||||
|
||||
local l = #base64_javascript --count number of chars our variable has
|
||||
local i = 0 --keep track of how many times we pass through
|
||||
local r = math.random(1, l) --randomize where to split string
|
||||
local chunks = {} --create our chunks table for string storage
|
||||
local chunks_order = {} --create our chunks table for string storage that stores the value only
|
||||
|
||||
while i <= l do
|
||||
local random_var = stringrandom(10) --create a random variable name to use
|
||||
--table.insert(chunks_order, "decodeURIComponent(escape(window.atob(_" .. random_var .. ")))")
|
||||
table.insert(chunks_order, "_" .. random_var .. "") --insert the value into our ordered table
|
||||
table.insert(chunks, 'var _' .. random_var .. '="' .. base64_javascript:sub(i,i+r).. '";') --insert our value into our table we will scramble
|
||||
|
||||
i = i+r+1
|
||||
end
|
||||
|
||||
shuffle(chunks) --scramble our table
|
||||
|
||||
output = table.concat(chunks, "") --put our scrambled table into string
|
||||
output = output .. "eval(decodeURIComponent(escape(window.atob(" .. table.concat(chunks_order, " + " ) .. "))));" --put our scrambled table and ordered table into a string
|
||||
|
||||
if defer_async == "0" or defer_async == nil then --Browser default loading / execution order
|
||||
output = "<script type=\"text/javascript\" charset=\"" .. default_charset .. "\" data-cfasync=\"false\">" .. output .. "</script>"
|
||||
end
|
||||
if defer_async == "1" then --Defer
|
||||
output = "<script type=\"text/javascript\" defer=\"defer\" charset=\"" .. default_charset .. "\" data-cfasync=\"false\">" .. output .. "</script>"
|
||||
end
|
||||
if defer_async == "2" then --Defer
|
||||
output = "<script type=\"text/javascript\" async=\"async\" charset=\"" .. default_charset .. "\" data-cfasync=\"false\">" .. output .. "</script>"
|
||||
end
|
||||
end
|
||||
|
||||
return output
|
||||
end
|
||||
--end encrypt_javascript function
|
||||
|
||||
Reference in New Issue
Block a user