Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Plugin Name: Ballast Security Wordpress Honeypot
- Description: This Wordpress plugin makes your active Wordpress into a honeypot that Ballast Security can use to help defeat threats. You can view all the RFI payloads at https://firebwall.com/decoding/read.php
- Version: 0.0.0.1
- Author: @bwallHatesTwits
- Author URI: http://ballastsec.blogspot.com/
- License: GPLv2
- */
- ?>
- <?php
- add_action('init', 'SendRFIUrlToBallastSec');
- function SendRFIUrlToBallastSec()
- {
- $urls = array();
- foreach($_GET as $name => $value)
- {
- if(preg_match('/(?<url>https?:\/\/[^<>[:space:]]+)/', $_GET[$name], $matches) > 0)
- {
- array_push($urls, $_GET[$name]);
- }
- }
- foreach($_POST as $name => $value)
- {
- if(preg_match('/(?<url>https?:\/\/[^<>[:space:]]+)/', $_POST[$name], $matches) > 0)
- {
- array_push($urls, $_POST[$name]);
- }
- }
- foreach($_COOKIE as $name => $value)
- {
- if(preg_match('/(?<url>https?:\/\/[^<>[:space:]]+)/', $_COOKIE[$name], $matches) > 0)
- {
- array_push($urls, $_COOKIE[$name]);
- }
- }
- foreach($urls as $index => $url)
- {
- $encoded = base64_encode($url);
- file_get_contents("https://firebwall.com/decoding/submit.php?u=".urlencode($encoded));
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
