一、 介绍
大名鼎鼎的雷池WAF最近新上了个名为 动态防护 的功能
所谓动态防护,是在用户浏览到的网页内容不变的情况下,将网页赋予动态特性,即使是静态页面,也会具有动态的随机性。
说白了就是给你网站的 html 和 js 代码加上加密和混淆
那今天我们就来体验一下这个 动态防护 的功能效果如何
二、安装雷池
访问 安装雷池 | 雷池 WAF 社区版 即可查看官方的安装教程,这里我们使用一键脚本的方式安装
bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
一直回车 最后访问 IP:9443 输入日志给出的账号密码登录就可以了
三、 功能体验
接下来我们随便搭建一个网页,并把这个网页对接到雷池,然后访问一下
通过F12可以看到此时源代码为
<h1 style="text-align: center;">欢迎使用 PHP!</h1>
<h2>版本信息</h2>
<ul>
<li>PHP版本:8.2.15</li>
</ul>
<h2>已安装扩展</h2>
<ol>
<li>Core=8.2.15</li>
<li>date=8.2.15</li>
<li>libxml=8.2.15</li>
<li>openssl=8.2.15</li>
<li>pcre=8.2.15</li>
<li>sqlite3=8.2.15</li>
<li>zlib=8.2.15</li>
<li>ctype=8.2.15</li>
<li>curl=8.2.15</li>
<li>dom=20031129</li>
<li>fileinfo=8.2.15</li>
<li>filter=8.2.15</li>
<li>hash=8.2.15</li>
<li>iconv=8.2.15</li>
<li>json=8.2.15</li>
<li>mbstring=8.2.15</li>
<li>SPL=8.2.15</li>
<li>session=8.2.15</li>
<li>PDO=8.2.15</li>
<li>pdo_sqlite=8.2.15</li>
<li>standard=8.2.15</li>
<li>posix=8.2.15</li>
<li>random=8.2.15</li>
<li>readline=8.2.15</li>
<li>Reflection=8.2.15</li>
<li>Phar=8.2.15</li>
<li>SimpleXML=8.2.15</li>
<li>tokenizer=8.2.15</li>
<li>xml=8.2.15</li>
<li>xmlreader=8.2.15</li>
<li>xmlwriter=8.2.15</li>
<li>mysqlnd=mysqlnd 8.2.15</li>
<li>cgi-fcgi=8.2.15</li>
<li>apcu=5.1.23</li>
<li>exif=8.2.15</li>
<li>igbinary=3.2.15</li>
<li>imagick=@PACKAGE_VERSION@</li>
<li>intl=8.2.15</li>
<li>mysqli=8.2.15</li>
<li>pdo_mysql=8.2.15</li>
<li>redis=6.0.2</li>
<li>shmop=8.2.15</li>
<li>sodium=8.2.15</li>
<li>zip=1.21.1</li>
<li>memcached=3.2.0</li>
<li>Zend OPcache=8.2.15</li>
</ol>
然后打开动态防护功能
点击以启用动态防护并添加需要保护的资源,不过可以看到免费版只支持防护一个资源
接下来我们再次访问雷池动态防护后的网页,可以看到开始的时候显示正在解密
很快,网页内容就显示出来, 和之前没有变化
通过F12可以看到此时的源代码(因为太长了,我这里就只放一小部分)
<!doctype html>
<html lang=zh>
<meta charset=utf-8>
<meta name=viewport content="width=device-width,initial-scale=1">
<title>该网页已经加密保护</title>
<link href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAMAAACdt4HsAAAC8VBMVEUAAAAqKipISEgnJydDQkIDAwMcHBw8PDw8PDwWFhYVFRUqKionJycLCws+Pz8ICAgmJiYICAhHR0cNDQ0QEBApKSksLCwbGxs9PT1HR0cjIyNDQ0MwMDA5OTlHR0cHBwdGRkYyMjIVFRUODg5AQEAYGBgxMTEDAwNJSUkfHx8lJSVBQUELCwsHBwdHR0cwMDAcHBxAQEALCws6OzsDAwMyMjL///89Pj79/v0DAgInt3UnuncoKCgFBAQICQk2NzcWFxYPDw9FRUUlvHhBQUE6PTsLCgtGSEY5OTohISESEhIuLy4slnoyl3grlHM+o21htI0rk3dIqXRCpnEzMzMwoFlgsJNEqWwroFMxMTH2+vg4oWQonUwkJiUeHR02mXxPrHotlnQrlW8ynWqEwqZnuolitoY9nX84oGs9o2o/p2Y6pmEtLCz5/Pvf7+g7nngpkHVLrXA5pGg2o10jm0xLS0selUkLAADu9fKx1sJnt5BMpoZLqXgwmnIzoGE4QT3C3dBSqYpYsINIpn1AoHtBpHc2nHU6o3AnrG4qqGw0PjkQGxYIEA5ksZZdtYFSq4FDoYBZs3xTsHc0lWEqnFo2glkvFSsaHBvn8+7b6+K43Mx5vaFasIhHooVVr344m20smmQaWEZEMT8xST642san0rtxuZhZrI4+oXIbmGEAjlRFTEg3MDgwOTRasZNvvI49sn4iuXQor3EdqGkkfGYipWEsm18npE4tV0Q5SUFDOkBFKj05IDQnAR0KFBF0v5cniG80jF0dmlUAlTiwzrqezrdpt5cns3MvoWksmmkyf1g6dFQvdVMCl1AwbVA9ZE4oZUoxY0EVAAHX5t3S5t3L39Kix66Sx6yWwKVNqIFIsHcpjm8yl24VmlosiUoAjkaBvZuBtZBZo3osk2IwpFohalMvekwvckE/LToZSTg2KDQwIC0UMyceLSUOKiFWsI92rY1IrX4rhVoAkiwiABZxr4Ihw3xfqnMmgGAMmkcAjgBUQVAtAAAANnRSTlMABP4G/v0bGjcoNyEKyEbs4NPMvEMR/fz78uzYzcG7bmxsbEsq/PT05sy4rKuVk5OTfn3v202D2tR1AAAI+UlEQVRYw7SSP2uDQBjGeyqc0OIgFBKk4pChEAiEDkIcAv7B+wqd+xk635p0Le7FjtrFqf5ZMiVoiN8ihHyAzH3vbEmTJk069IeeD+/r85x33sU/Il7jjgx08LX4dzNWjJ6uareApuo9Q8HnhyCElZ7afmQIABdttadghM6xi5eGDm5hD8jQjUsRnZ7dUAXBF+DmRFHzFHhRNU58BbpSdF+wfcm3OVEeBHnEJS8Kvq5coV/8uN+2GXUmRWz6MEoSP+RSymreavcxOurvdG1Jkmw7rJ6zPAzzsB5Z1qgOmc6eqxC60O52jiSIsgpvuIx8Np1UVTAbWAO4ZkFVTaaznPcgQZXFw34N7A2ZlGwcy3EGHAfkJpEyaDQR2qEEJGtuy/zEzdIH8ANgZ1gPaeZ+dVuuJqOf678B/xayqoOgLOcvL/OyDIJ6RaC4TbjZ3weEu2bL80xCKIycVVHE8XA8juO4KFZNzfMoITC2zC5Gu/+/b3oAWaRrSqnHoGlK38eOM35nyuNQuk4XhCmzv3MekHJHAFosR4u3++ETg5DXMrFgD5LyddiUhvdvi9GyoAS4U9D3BXxwRT4hiYRhGGcJ+gvRpQ6hBy8eunRqCBM8SKc5CObgjuNCB2dAHYUcEV0WkU5jB5fJ2cEM2oO6ECjuJmqHlkhb3ENBErWLkBRFQd6KiPa07/fNuMQ+Mwzf9877/Ob53tGj2mKxHalakw8nu7lcbvfoWrSCH/6jVbw+wqWTh6S1GmkXF1G3/tUhBgwWpGIuHAaC1dQSxZ3WAtg1wbK1I4otkxX84XCuiNsNA/8CjOlw5b5bRwTTApLpP6lF5K9373G7buxNH2CwOODau6u73eFIpCFCN9Y3TdrWJDYikbDbXb/bwwZDHzCktzgcDrrkrruBgBDVSiWZrFS+alJ3VWQHP7SVaDBY9EMaYM4I25ICAd6CKEqW5drn7e2Pmx6PZxM9vny4qKVrUKZQA4qglMBinNNGOAufRwGwW/D7fc4VZ/J9IZvN5rOJRDYPix9c0m73+fyCQCEIRKAhxKw6xkEdDVLaYL8RkFuSOuV8ECkTPD/MZPAixnYkacUJDIRoKzRJ07pBDBg3kiCle0Nh+3pKKuej8y6XiwgknpvNqw0i4HIF5qMxVkqtq4ibroI8xnEMMJBTJMmv9e3sfixDEPNwn141XwSq+XIehQ0UMoUy20es8STYDOoIyCme7rX9mr/sCWI/4fr9p8FQMJamcOhSETG2zEmA8PvbPRoAeAiTM/wUT36/FdQEEseysaiKOH16bAgyxciPz2cEKuURAGe4VWiwzUwCYExnNvN4BHEmpIZI7Z8F8CcDeV+TYeJx5rh5FX0NCH1SSN5s1o0BYGTCbDaTvYO4LEOn12Zf2eLY1K8NNXT0/PjCG4cXjzBLIpZCALvTGzrokWCbGAHAMALwfDrExOUahPA67curLMcWtNEFL3/amDjTOIR1ocOltpYRIM3zCDAMgNFpM4hMg9PG1BDCtmRfTrHcfgLOQQQ2LpfsNi/DHD+dErEOt6oBUIB306MY8JfJ8glJJAzDOLEgRHQqCDoaHbp1Wjp4mFMwgczgwBxcnNVRajq0wl5aRwX/ewhJiDLTssP6F9ZzF5FglRUqxLVSMgw7BUm1dOi4z/epu72n+eR7fj7PO++LmkywAIDgMhuA+MQhh+toVV29jm/E0+XyqtkgcF/Xb7tX1wOAQBxADwCNwBLCDv3iI59LuT1f58izj1cTaZutklB5HxFxCtphBoDgdoieRQTSRJY16fZOw5zgAoB/abW6eU4hJ75crsQ3mjZe5Y9ckHHK8bFiMLsELny6pzOxLG3ixALLsrrS7j+A4+Nl71wBwWC4axrJRB1keDW57RIETrECIQCwW9JBtjBBB4kCzsK5oGvbl+Rf0pBc5RWrIvy6Gw1xhedVHxC5MEFYlfAZBdBB+rAoIUPphAKSfCbpwAuPd3NWqzWXr42G+DfJsd32B0EgiJMSEkiLdJ+10oxkYn+kckE/AajfMXL7z918CoRUoXe5RAlGD83hD+YI4r4vsZBp6TZOz8YkWDgNvgNgk3uFWqpWS+UL2Ge6Gt/SqsoPEOE/r6wkxWanKUCzEIOF1/oQUHUMTBt/3hdSHYLotowDxBdbpsr7kCNYfzXBwIIGctKE2HxMkvode8Df9vLVjGPUulahkIKFZ6wWtXCQqIrJtj9g7+gkCSK0gNbcDMMwscZFKASEMys+JTyj1j0XCj0PHmioxJOYdUIeCl00YpDMzEFMM0wx8zj3ZXfIDoRXjBRtTbSOIDyj19C0FSOitx2A3i33GQaSKc0QMKZlqIW6uwNEIOr0imJxtM/DlayIouh1RiHHpToMoLRjI8D4JI4rTOPNLbuHiIgYSe9DjEJ4R1WMZAdyXHlrMCsQTI7//3HVrqCY5ccbWbZY9EAcOrORYpV0k0xAogj5YdQe0rstsnzzuMyQ+1q0cGRBM0U+2dp8kFEWvf7zWvTQCwS6uUTDw/2aXa+3yKiHzS1ye0rz/g/C39rLl7dBIA7DaxaaUCCEQDUCUQOG1CCOBHOCXJtgapuqWRx6Gr5CBapuCk0w+wwT1YgmDfsKe48jpQtJm4m9Cclx93ue+6fO0qM4jvKsPGyRQYHT/P76/Nj1+B54P1ZmOa/VLfCjQPXjCIFhe+BVveLIT3PHV/828BgEj8I48tV7ATbhopMbLmd2WwQUp9P7cZyenS8D7942MN5EhNA8u1YsSdMkSViv4Ph+g1/0seqa5TRCNBn877wuDBpRSussK8+DYrOHAjgTeFNmWU0pyowFbmBisIShqIOubZhwbIALmjVtF9SF4C3BT9aghZSGYViTIC+rlN0lrco8IDUGUaEN808NsosCXgRF0JVtVTVIVbVlFwDnQ/hcecKPd+HrJERIWBQBDwC4kKIIeSSi+/NHTxbVMQmRJIkQOACBHhpDt+mos8ePrrltYEIUc1YELU6j27Dns9nTZ59sayvuQAQvCXql2fLriD9chePBcR/QnjPO/jyqYtmeaax1ZG2Ynm0p6stfoy4VeYHIyhLwv+UH4kmftbvi1LgAAAAASUVORK5CYII=" rel="icon shortcut">
<style>
html {
height: 100%
}
body {
margin: 0;
height: 100%
}
.....
.....
.....
@keyframes ball-beat {
50% {
opacity: .2;
transform: scale(.75)
}
to {
opacity: 1;
transform: scale(1)
}
}
</style>
<div class=container>
<table class=content>
<tr>
<td>
<div class=logo>
<svg width=200px height=200px viewBox="0 0 396 407" version=1.1>
<defs>
<linearGradient id=linearGradient-1 y2=100% x2=50% x1=50%>
<stop stop-color=#4B4B4B offset=0%/>
<stop stop-color=#000000 offset=100%/>
</linearGradient>
<filter id=filter-2 width=106.1% height=105.6% y=-2.8% x=-3.0%>
<feGaussianBlur in=SourceGraphic stdDeviation=3/>
</filter>
.....
.....
.....
function o6QxzHV2jV() {
var xbhqNV3HHX = 44.9406232900469;
var I32qAiZQ2h = 43.272069200498386;
while (I32qAiZQ2h < 10) {
I32qAiZQ2h++
}
93.63526958269301 + 1.0260792322738912;
var zrJ4fWRiM0 = 49.57621186854963;
"igeAQpMlCN";
"heqHv2PFBY";
var GvgweQZH0Y = 54.18709046922689;
"lvGvM_JyCV";
"vvcuwUewSx";
var fIKjmaObhW = 57.42289216545666;
while (fIKjmaObhW < 5) {
fIKjmaObhW++
}
"rV6ArybzzV";
var hfwhKXdE7m = 4.770341141780767;
15.785828862978551 + 51.449119347309704;
var qXdHZV84iz = 48.73106811368916;
38.547892633875044 + 91.25262287955438;
41.27593766005814 + 99.8848458420351;
63.263351378748965 + 57.23323494975478;
41.39014174150638 + 33.15485593718298;
"amqqYbpzhI";
var jbD9VeTJrg = 49.30848009481171;
"nUaFNVpCNo";
"ecHXEA0VT1";
"tdQH9L51Ul";
var v4sZNcaemV = 17.947112269837124;
while (v4sZNcaemV < 7) {
v4sZNcaemV++
}
"KGUoQEo4PS";
"m4xS5UZfe_";
18.7217445990086 + 41.30200764674107;
97.50130967922404 + 9.98835615324836;
31.78871753018143 + 48.197152106922495;
"fsuwiC5M_8"
}
}
;
</script>
可以看到,动态防护的效果很成功,很有趣的一个功能