Skip to content

Commit 1baaf6f

Browse files
msigleymsigley
authored
Added HEAD request handling.
1 parent 8b36270 commit 1baaf6f

File tree

1 file changed

+12
-2
lines changed

1 file changed

+12
-2
lines changed

la_brea.php

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,12 @@
22
/* PHP HTTP Tarpit
33
* Purpose: Confuse and waste bot scanners time.
44
* Use: Url rewrite unwanted bot traffic to this file. It is important you use Url rewrites not redirects as most bots ignore location headers.
5-
* Version: 1.2.1
5+
* Version: 1.3.1
66
* Author: Chaoix
77
*
88
* Change Log:
9+
* -Added random content-length header to HEAD requests. (1.3.1)
10+
* -Added HEAD request handling to bait vulnerability scanners such as Jorgee (1.3.0)
911
* -Fixed Chained Redirection to bounceback requests that don't send HTTP_HOST. (1.2.1)
1012
* -Added bounceback redirect defense. (1.2.0)
1113
* -Changed default defense to Random by the minute. (1.1.6)
@@ -25,7 +27,7 @@
2527

2628
//Basic Options
2729
$random_content_length = 2048; //In characters. Used to fill up the size of the scanner's log files.
28-
$defense_number = 7; //1 is Blinding Mode, 2 is Ninja Mode, 3 is HTTP Tarpit, 4 is a Chained Redirection, 5 is a Bounceback Redirection, 6 is a Random defense for each request, 7 is a Random Defense by the minute.
30+
$defense_number = 1; //1 is Blinding Mode, 2 is Ninja Mode, 3 is HTTP Tarpit, 4 is a Chained Redirection, 5 is a Bounceback Redirection, 6 is a Random defense for each request, 7 is a Random Defense by the minute.
2931
$responce_delay_min = 100; //Range of delay in microseconds before headers are sent. You want a range of delays so the introduced latentcy can not be detected by the scanner.
3032
$responce_dalay_max = 300;
3133
$times_redirected_max = 9; //Maximum number of times to redirect (0-9).
@@ -99,6 +101,14 @@ function validate_integer ($numeric_string) {
99101
//Delay for a random number of microseconds
100102
usleep( mt_rand($responce_delay_min, $responce_dalay_max) );
101103

104+
//Entice vulnerability scanners to actually perform a GET request
105+
//Most vulnerability scanners, such as Jorgee, immediately follow a 200 responce on a HEAD request with a GET request
106+
if( 'HEAD' == $_SERVER['REQUEST_METHOD'] ) {
107+
header("HTTP/1.1 200 OK");
108+
header("Content-Length: " . mt_rand( 0, $random_content_length - 1 ));
109+
die();
110+
}
111+
102112
//Enforce Endless Redirection
103113
$times_redirected = 0;
104114
if( !empty($_SERVER['REQUEST_URI']) ) {

0 commit comments

Comments
 (0)