-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.php
More file actions
123 lines (101 loc) · 3.43 KB
/
proxy.php
File metadata and controls
123 lines (101 loc) · 3.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
/* Set it true for debugging. */
$logHeaders = FALSE;
/* Site to forward requests to. */
$site = 'http://IP/';
/* Domains to use when rewriting some headers. */
$remoteDomain = 'remotesite.domain.tld';
$proxyDomain = 'proxysite.tld';
$request = $_SERVER['REQUEST_URI'];
$request = str_replace('/proxy.php', '', $request);
$ch = curl_init();
/* If there was a POST request, then forward that as well.*/
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
curl_setopt($ch, CURLOPT_POST, TRUE);
if($_FILES){
$header = array('Content-Type: multipart/form-data');
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
foreach ($_FILES as $key =>$file) {
if (function_exists('curl_file_create')) { // php 5.5+
$cFile = curl_file_create($file["tmp_name"], $file["type"],
$key.pathinfo($file, PATHINFO_EXTENSION).'.'. strtolower(explode('.', $file["name"])[1]));
} else { //
$cFile = '@' . realpath($file["tmp_name"]);
}
$post = array('file_contents'=> $cFile);
$postFields = array_merge($_POST, $post);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
}
} else {
curl_setopt($ch, CURLOPT_POSTFIELDS, $_POST);
}
}
/*if($_FILES){
foreach ($_FILES as $file) {
die($file["name"].'-'.$file["size"].'-'.$file["tmp_name"].'-'.$file["type"]);
}
}*/
curl_setopt($ch, CURLOPT_URL, $site . $request);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
$headers = getallheaders();
/* Translate some headers to make the remote party think we actually browsing that site. */
$extraHeaders = array();
if (isset($headers['Referer']))
{
$extraHeaders[] = 'Referer: '. str_replace($proxyDomain, $remoteDomain, $headers['Referer']);
}
if (isset($headers['Origin']))
{
$extraHeaders[] = 'Origin: '. str_replace($proxyDomain, $remoteDomain, $headers['Origin']);
}
/* Forward cookie as it came. */
curl_setopt($ch, CURLOPT_HTTPHEADER, $extraHeaders);
if (isset($headers['Cookie']))
{
curl_setopt($ch, CURLOPT_COOKIE, $headers['Cookie']);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
if ($logHeaders)
{
$f = fopen("headers.txt", "a");
curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_STDERR, $f);
}
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$response = curl_exec($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($response, 0, $header_size);
$body = substr($response, $header_size);
$headerArray = explode(PHP_EOL, $headers);
/* Process response headers. */
foreach($headerArray as $header)
{
$colonPos = strpos($header, ':');
if ($colonPos !== FALSE)
{
$headerName = substr($header, 0, $colonPos);
/* Ignore content headers, let the webserver decide how to deal with the content. */
if (trim($headerName) == 'Content-Encoding') continue;
if (trim($headerName) == 'Content-Length') continue;
if (trim($headerName) == 'Transfer-Encoding') continue;
if (trim($headerName) == 'Location') continue;
/* -- */
/* Change cookie domain for the proxy */
if (trim($headerName) == 'Set-Cookie')
{
$header = str_replace('domain='.$remoteDomain, 'domain='.$proxyDomain, $header);
}
/* -- */
}
header($header, FALSE);
}
echo $body;
if ($logHeaders)
{
fclose($f);
}
curl_close($ch);
?>