dm-captcha-sas.weid.info
Open in
urlscan Pro
84.19.11.20
Public Scan
Submitted URL: https://dm-captcha-sas.weid.info/
Effective URL: https://dm-captcha-sas.weid.info/test-post.php
Submission Tags: phishingrod
Submission: On July 24 via api from DE — Scanned from DE
Effective URL: https://dm-captcha-sas.weid.info/test-post.php
Submission Tags: phishingrod
Submission: On July 24 via api from DE — Scanned from DE
Form analysis
2 forms found in the DOM<form><input type="hidden" webfan-app-key="XXX_YOUR_APP_KEY_XXX" webfan-api-component="@frdl/dm-captcha/display-auto" fieldname="your_fieldname_validation_code" complex="50000" webfan-api-action="action_captcha" required="" invisible=""
frdl-watcher-visited-521a8de5034837f4972a3ef1d89d6997ed840d56-128-514-72="true"></form>
POST test-post.php
<form action="test-post.php" method="POST"> Input anything: <input type="text" name="anything" placeholder="My name is...">
<input type="hidden" webfan-app-key="0488373f-6819-4be9-a88b-b729b36bb259" webfan-api-component="@frdl/dm-captcha/display-auto" fieldname="your_fieldname_validation_code" complex="50000" webfan-api-action="action_captcha" required="" invisible=""
frdl-watcher-visited-521a8de5034837f4972a3ef1d89d6997ed840d56-128-514-72="true">
<button>POST Form</button>
</form>
Text Content
🌓 JavaScript is not enabled! You must enable it in your browser to run this website/app. ✅ DM-CAPTCHACHECK IF A VISITOR IS A ROBOT OR HUMAN About | Documentation | Demo ## Approach 1 (auto/form-field): Input anything: POST Form ## Approach 2 (programmatically/callback): @ToDo Input anything: CLICK Button # API-Explorer You can test and play around with the [API-Explorer](https://api.webfan.de/apps/swagger-ui/#/captcha) # About dm-captcha ## Goals Trying to build a service similar to [googles recaptcha](https://developers.google.com/recaptcha) while... * implementing [Daniel Marschalls Challenge](https://github.com/danielmarschall/php_clientchallenge). * using [Webfan API](https://api.webfan.de/) * using [Frdlweb.js](https://cdn.startdir.de/) * *optionally* using [Webfan Webfat Components](#components) * avoid any *Finde alle Wörter mit Ü und baue daraus ein Müsli um zu beweisen das du kein Mensch bist.* # Registration * [Create an app](https://api.webfan.de/apps/developer/#!/account/app) with the scope -captcha- included. * Get the [key and secret](https://api.webfan.de/apps/developer/#!/account/app) of your app. USING × DM-Captcha API Component PHP Code ( @Component @Module display-auto.php ) <form><component src="module:@frdl/dm-captcha/display-auto" webfan-app-key="XXX_YOUR_APP_KEY_XXX" fieldname="your_fieldname_validation_code" complex="50000" webfan-api-action="action_captcha" invisible /></form> × DM-Captcha API Component HTML Code ( @Component @Module display-auto.js ) <?php <!DOCTYPE html> <html><body><form><input type="hidden" webfan-app-key="XXX_YOUR_APP_KEY_XXX" webfan-api-component="@frdl/dm-captcha/display-auto" fieldname="your_fieldname_validation_code" complex="50000" webfan-api-action="action_captcha" required invisible></form></body></html> × Validation example ( PHP ) <?php $client = new \GuzzleHttp\Client(); $reply = $client->post('https://api.webfan.de/v1/dm-captchas/validate', ['json'=>[ 'secret' => $API_SECRET_EXAMPLE, 'code' => $_POST[$filedname], 'timelimit'=>-1, 'ip'=>$_SERVER['REMOTE_ADDR'], 'action'=>'action_captcha', ]]); $validationResult = json_decode( (string) $reply->getBody() ); $valid = true === $validationResult->valid ? true : false; × Complete example ( this file ) <?php <?php namespace Runtime\r1234567890; $API_KEY_EXAMPLE = 'XXX_YOUR_APP_KEY_XXX'; $API_SECRET_EXAMPLE = 'XXX_YOUR_APP_SECRET_XXX'; $keys = require __DIR__.\DIRECTORY_SEPARATOR.'config.keys.php'; $API_KEY = $keys['key']; $API_SECRET = $keys['secret']; $templatefile = __DIR__.\DIRECTORY_SEPARATOR.'index.html'; $filedname = 'your_fieldname_validation_code'; $captchaCode = '<form><component src="module:@frdl/dm-captcha/display-auto" webfan-app-key="'.$API_KEY_EXAMPLE.'" fieldname="'.$filedname.'" complex="50000" webfan-api-action="action_captcha" invisible /></form>'; $code4 = highlightText(file_get_contents(__FILE__)); require __DIR__.\DIRECTORY_SEPARATOR.'index.php'; $StubRunner-> autoloading(); $Flash = new \frdl\Flash(); // $Engine=new \Webfan\Engine; // For productional final apps: // $Engine->load(\Webfan\DescriptorType::WebApp, $StubRunner-> getStubVM()); //return; $App = new \Webfan\AppLauncherWebfatInstaller($StubRunner); $App->boot(); $App->getContainer()->get('app.runtime.autoloader.remote')->withWebfanWebfatDefaultSettings(); ob_start(); require $templatefile; $response = ob_get_clean(); if('POST' === $_SERVER['REQUEST_METHOD']){ $message = ''; $message.='You typed in: '.secmail($_POST['anything']); $message.='<br />'.'Challenge calculated code: '.$_POST[$filedname]; $client = new \GuzzleHttp\Client(); $reply = $client->post('https://api.webfan.de/v1/dm-captchas/validate', ['json'=>[ 'secret' => $API_SECRET, 'code' => $_POST[$filedname], 'timelimit'=>-1, 'ip'=>$_SERVER['REMOTE_ADDR'], 'action'=>'action_captcha', ]]); $validationResult = json_decode( (string) $reply->getBody() ); $valid = true === $validationResult->valid ? true : false; $message.='<br />'; $message.=(true === $valid ? '<h1>Captcha: OK</h1>' : '<h1>Captcha: ERROR</h1>') .'<br />'.'Validation result (from API Server): '.print_r($validationResult,true); $flashMethod = true === $valid ? 'success' : 'error'; $Flash->{$flashMethod}( $message ); } /* $code = secmail('<component src="module:@frdl/flash" clear="true" types="*"></component>'); $Flash->info(<<<HTMLCODE <legend>Flashmessages Component PHP:</legend> <pre> $code </pre> HTMLCODE); */ $code = secmail($captchaCode); $code2 = highlightText($App->Document->compile($captchaCode), 'html'); $code3 = highlightText(<<<PHPCODE \$client = new \GuzzleHttp\Client(); \$reply = \$client->post('https://api.webfan.de/v1/dm-captchas/validate', ['json'=>[ 'secret' => \$API_SECRET_EXAMPLE, 'code' => \$_POST[\$filedname], 'timelimit'=>-1, 'ip'=>\$_SERVER['REMOTE_ADDR'], 'action'=>'action_captcha', ]]); \$validationResult = json_decode( (string) \$reply->getBody() ); \$valid = true === \$validationResult->valid ? true : false; PHPCODE , 'php'); $Flash->info(<<<HTMLCODE <legend> DM-Captcha API Component PHP Code <small> ( <a href="https://webfan.de/install/latest/@frdl/dm-captcha/display-auto" target="_blank">@Component @Module display-auto.php</a> ) </small> </legend> <pre> $code </pre> HTMLCODE); $Flash->info(<<<HTMLCODE <legend> DM-Captcha API Component HTML Code <small> ( <a href="https://cdn.startdir.de/@webfan3/components/dm-captcha/display-auto.js" target="_blank">@Component @Module display-auto.js</a> ) </small> </legend> <pre> $code2 </pre> HTMLCODE); $Flash->info(<<<HTMLCODE <legend> Validation example <small> ( PHP ) </small> </legend> <pre> $code3 </pre> HTMLCODE); $Flash->info(<<<HTMLCODE <legend> Complete example <small> ( this file ) </small> </legend> <pre> $code4 </pre> HTMLCODE); $response2 = $App->getContainer()->get('response'); $response = $response2->withBody(\GuzzleHttp\Psr7\Utils::streamFor($response)); $ConentType = $App->getResponseHeader('Content-Type', $response); if(false === $ConentType || 'text/html' === $ConentType){ $contents = (string) $response->getBody(); $contents = $App->Document->compile($contents); $response = $response->withBody(\GuzzleHttp\Psr7\Utils::streamFor($contents)); } (new \Laminas\HttpHandlerRunner\Emitter\SapiEmitter)->emit($response); //SCHLUSS / return function secmail($emailaddress){ $email= $emailaddress; $length = strlen($email); $obfuscatedEmail=''; for ($i = 0; $i < $length; $i++){ $obfuscatedEmail .= "&#" . \ord($email[$i]).";"; } return $obfuscatedEmail; } function highlightText($text, $fileExt="") { if ($fileExt == "php") { ini_set("highlight.comment", "#008000"); ini_set("highlight.default", "#000000"); ini_set("highlight.html", "#808080"); ini_set("highlight.keyword", "#0000BB; font-weight: bold"); ini_set("highlight.string", "#DD0000"); } else if ($fileExt == "html") { ini_set("highlight.comment", "green"); ini_set("highlight.default", "#CC0000"); ini_set("highlight.html", "#000000"); ini_set("highlight.keyword", "black; font-weight: bold"); ini_set("highlight.string", "#0000FF"); } // ... $text = trim($text); $text = highlight_string("<?php " . $text, true); // highlight_string() requires opening PHP tag or otherwise it will not colorize the text $text = trim($text); $text = preg_replace("|^\\<code\\>\\<span style\\=\"color\\: #[a-fA-F0-9]{0,6}\"\\>|", "", $text, 1); // remove prefix $text = preg_replace("|\\</code\\>\$|", "", $text, 1); // remove suffix 1 $text = trim($text); // remove line breaks $text = preg_replace("|\\</span\\>\$|", "", $text, 1); // remove suffix 2 $text = trim($text); // remove line breaks $text = preg_replace("|^(\\<span style\\=\"color\\: #[a-fA-F0-9]{0,6}\"\\>)(<\\?php )(.*?)(\\</span\\>)|", "\$1\$3\$4", $text); // remove custom added "<?php " return $text; } powered by Webfan Software