Skip to content

Instantly share code, notes, and snippets.

@alibo

alibo/filternet_bypass_bug.php

Last active August 29, 2015 14:23
Show Gist options
  • Save alibo/22ed0cf12d8398703335 to your computer and use it in GitHub Desktop.
Save alibo/22ed0cf12d8398703335 to your computer and use it in GitHub Desktop.
Download ZIP
Bypass filternet! (a bug in filtering system of Iran) - Proof of Concept
Raw
filternet_bypass_bug.php
<?php
/**
* There is a bug in filternet (filtering system of Iran).
* if you wait 2 seconds or more
* before sending http request headers, you can bypass
* filternet! Also you should use LF
* instead of CRLF (like netcat).
*
*
* How to run:
* $ php filternet_bypass_bug.php <domain-address> <http-host-value> <sleep-time>
*
* - <domain-address> : connecting via tcp
* - <http-host-value> : [optional] [default: <domain-address>] value of header `Host`
* - <sleep-time> : [optional] [default: 2] waiting time before requesting
*/
// Create a new socket
$sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if(!$sock){
die(socket_strerror(socket_last_error($sock)));
}
// Bind the source address
if(!socket_bind($sock, '0.0.0.0')){
die(socket_strerror(socket_last_error($sock)));
}
// Get arguments
$domain = $argv[1];
$host = isset($argv[2])? $argv[2]: $domain;
$sleepTime = isset($argv[3])? $argv[3]: 2;
$ip = gethostbyname($domain);
// Connect to destination address
echo "Connecting to '$domain' [$ip] ...\n";
if(!socket_connect($sock, $ip, 80)){
die(socket_strerror(socket_last_error($sock)));
}
echo "Waiting $sleepTime second(s) ... \n";
sleep($sleepTime);
echo "Requesting 'Host: $host' ... \n";
echo "===========================\n\n";
// Write Http request header
$request = 'GET / HTTP/1.1' . "\n" .
'Host: ' . $host . "\n\n";
socket_write($sock, $request);
echo socket_read($sock, 4096);
// Close
socket_close($sock);
@remohammadi
Copy link

Didn't work for me (ISP=Sabanet/PHP=5.5.20/OS=Mac-10.10.3):

$ php filternet_bypass_bug.php bbc.co.uk bbc.co.uk 3
Connecting to 'bbc.co.uk' [212.58.244.20] ...
Waiting 3 second(s) ...
Requesting 'Host: bbc.co.uk' ...
===========================

HTTP/1.0 403 Forbidden
Connection: close

<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1256"><title>M5-6
</title></head><body><iframe src="http://10.10.34.34?type=Invalid Site&policy=MainPolicy " style="width: 100%; height: 100%" scrolling="no" marginwidth="0" marginheight="0" frameborder="0" vspace="0" hspace="0"></iframe></body></html>

@alibo
Copy link
Author

alibo commented Jun 19, 2015

Please increase waiting time (5 seconds or more) and test it again :)

@alibo
Copy link
Author

alibo commented Jun 19, 2015 

php filternet_bypass_bug.php bbc.co.uk bbc.co.uk 3
Connecting to 'bbc.co.uk' [212.58.246.103] ...
Waiting 3 second(s) ... 
Requesting 'Host: bbc.co.uk' ... 
===========================

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Date: Fri, 19 Jun 2015 08:27:38 GMT
Location: http://www.bbc.co.uk/
Connection: Keep-Alive
Content-Length: 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment