Comments (6)
starjun
commented on August 18, 2024
何不自行测试一下,看看是不是你想的那样
from openstar.
linger118927
commented on August 18, 2024
看到这么自信的回复,有点荒,赶紧把这项目跑起来
是这样的,我在开发的过程当中遇到了这个细节,然后参考开源项目的过程当中看到您这边也是没注意这个问题,
要不你也自己试试?
在body_filter阶段替换内容。
1、如果response 是chunk模式,即 Transfer-Encoding:chunked,这种情况下是无所谓的
2、如果是非chunk,即指定了Content-Length:10346(这个数字是server返回的),这种情况下,你替换返回内容,会存在这样的情况。就拿你的demo来说,["deny","","denyFUCK"],这种情况属于增加了length,超过了content-length,浏览器只接受10346,但是不会报错,可能在resp原报文你会看到最后没了
如下图
如果长度小于10346,exp: ["getshell","","ddd"],会导致浏览器一直等待到超时
请大师指点一二,是不是我哪里有问题
from openstar.
starjun
commented on August 18, 2024
hi, 今天测试了一下,找了一个 第二种情况的网站:
curl http://www.runoob.com/ -I
HTTP/1.1 200 OK
Server: Tengine
Content-Type: text/html
Content-Length: 251919
Connection: keep-alive
Vary: Accept-Encoding
Date: Thu, 10 May 2018 06:51:45 GMT
Vary: Accept-Encoding
X-Powered-By: HHVM/3.22.1
Vary: Accept-Encoding
Via: cache24.l2et15-2[0,200-0,H], cache28.l2et15-2[11,0], kunlun10.cn249[0,200-0,H], kunlun10.cn249[1,0]
Age: 7986
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2 mlen:-1
X-Swift-SaveTime: Thu, 10 May 2018 08:52:13 GMT
X-Swift-CacheTime: 86400
Timing-Allow-Origin: *
EagleId: 2a51040a15259430910928041e
对这个网站的首页进行内容的替换:
[ {
"hostname": [ "www.runoob.com", "" ],
"id": "1-",
"replace_list": [ [ "菜鸟教程", "", "FUCK" ], [ "allow", "", "allowPASS" ], [ "lzcaptcha\?key='\s*\+ key", "jio", "lzcaptcha?keY='+key+'&keytoken=@token@'" ] ],
"state": "on",
"uri": [ "/", "" ]
} ]
1:长内容换成短的
curl http://www.runoob.com/ -I
HTTP/1.1 200 OK
Date: Thu, 10 May 2018 09:12:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 251915
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Powered-By: HHVM/3.22.1
Vary: Accept-Encoding
Link: http://www.runoob.com/wp-json/; rel="https://api.w.org/"
Via: cache32.l2nu17-1[0,200-0,H], cache9.l2nu17-1[2,0], kunlun5.cn1049[0,200-0,H], kunlun3.cn1049[7,0]
Age: 84481
X-Cache: HIT TCP_HIT dirn:7:150645251 mlen:-1
X-Swift-SaveTime: Wed, 09 May 2018 15:23:57 GMT
X-Swift-CacheTime: 86400
Timing-Allow-Origin: *
EagleId: d35d96cb15259435605008994e
Server: openstar system
比较正常,浏览器访问也没有等待,
2:短内容换成长的:
curl 最后的内容:
关闭
你那个现象 能找个网站我来测试么?
from openstar.
linger118927
commented on August 18, 2024
这又是另外一个细节点
你直接 curl http://www.runoob.com/ -I,服务端返回的不是压缩格式的
你试试 curl http://www.runoob.com/ -I -H "Accept-Encoding:gzip, deflate, sdch"
正常浏览器访问,response是gzip压缩了,Content-Encoding:gzip,有点奇怪你在body_f阶段都没有针对这种压缩格式,解压、匹配、替换、压缩,怎么会替换内容呢
我猜测 你浏览器访问的时候,body_f阶段肯定是没有进行匹配的,因为你没解压,肯定不会识别替换的
但是通过curl http://www.runoob.com/ -I的方式,curl可能没带accept_encoding,服务端以为你不支持gzip,是明文的resp这样,你body_f阶段是可以替换的,我刚才试了一下curl确实能替换,["runoob","","denyFUCKdenydenyenynyFUCKdenydenyennyFUCKdenydenyennyFUCKdenydenyennyFUCKdenydenyennyFUCKdenydenyenFUCKdenydenydenydeny"]
但是浏览器他不是这样的,从性能和带宽上考虑,一般都是gzip压缩回来的
要不咱加微信聊吧,顺便膜拜一下大神
不放方便直接留微信可以发到[email protected]
from openstar.
starjun
commented on August 18, 2024
找个这样的网站测试,不然没有场景,我找的不满足,你出现问题那个网站是那个?直接测试一下就行
仔细看代码,压缩的我进行了处理,请求时删掉了 压缩标志, 浏览器也会替换的,,
from openstar.
linger118927
commented on August 18, 2024
我内网的一个乌云镜像站,关键是公网也很好找啊,http://wy.hx99.net/
这其实想一下就知道了,这种情况下(非chunk)keep-alive, 浏览器根据啥来识别报文结束啊,肯定是content-length啊,你content-length不变的情况下,改变报文长度,浏览器肯定是懵逼了
(test1) ["microsoft","","denyFUCKdenydenyenynyFUCKdenydenyennyFUCKdenydenyennyFUCKdenydenyennyFUCKdenydenyennyFUCKdenydenyenFUCKdenydenydenydeny"],
(test2)
["microsoft","","deny"],
cry,今天的砖搬不完了,关闭issue吧
from openstar.
Related Issues (20)
- multipart模式下的post请求体无法过滤 HOT 1
- openstar/access_all.lua:559: bad argument #1 to 'pairs' (table expected, got nil) HOT 1
- 关于过cdn配置ip黑名单的问题 HOT 1
- 一个小问题 HOT 1
- no suitable image found for macos HOT 1
- no http.close after http.new
- 如何配置地址白名单 HOT 1
- Jenkins 上传插件被拦截 HOT 1
- nginx: [emerg] unknown log format "main" in /opt/openresty/openstar/conf/waf.conf:62 HOT 2
- 使用bash/install.sh脚本安装出现错误,脚本中存在未定义变量install_or_version HOT 1
- attempt to index local 'optl' (a userdata value) HOT 3
- 使用bash下的脚本安装openstar后访问提示500 HOT 6
- 集群部署问题 HOT 2
- 访问http://localhost: 5460报500错误,后台error.log日志如下: HOT 1
- curl 127.0.0.1:5460 报错 HOT 7
- 功能改进 HOT 2
- 对于盲命令执行,大佬如何做检测的 HOT 1
- 安装报错:shell.lua:6: module 'resty.signal' not found HOT 1
- 4层代理-转发配置-stream配置无法保存 HOT 2
- 带正则的规则都不生效 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openstar.