PHP code to Send RFI attempts to @BallastSec

1. <?php
2. /*
3. Use this function on any page you want to check for RFI attempts on, and send the attempted payloads
4. to @BallastSec for analysis.
5. */
6.  
7. function SendAnyRFIsToBallastSec($useGET = true, $usePOST = true, $useCOOKIE = false)
8. {
9.     $urls = array();
10.     if($useGET === true)
11.     {
12.         foreach($_GET as $name => $value)
13.         {
14.             if(preg_match('/(http|https|ftp):\/\/[^\s]+/', urldecode($_GET[$name]), $matches) > 0)
15.             {
16.                 array_push($urls, $matches[0]);
17.             }
18.         }
19.     }
20.     if($usePOST === true)
21.     {
22.         foreach($_POST as $name => $value)
23.         {
24.             if(preg_match('/(http|https|ftp):\/\/[^\s]+/', urldecode($_POST[$name]), $matches) > 0)
25.             {
26.                 array_push($urls, $matches[0]);
27.             }
28.         }
29.     }
30.     if($useCOOKIE === true)
31.     {
32.         foreach($_COOKIE as $name => $value)
33.         {
34.             if(preg_match('/(http|https|ftp):\/\/[^\s]+/', urldecode($_COOKIE[$name]), $matches) > 0)
35.             {
36.                 array_push($urls, $matches[0]);
37.             }
38.         }
39.     }
40.     foreach($urls as $index => $url)
41.     {      
42.         $postdata = http_build_query(
43.             array('u' => urlencode(base64_encode($url)))
44.         );
45.         $opts = array(
46.             'http'=>array(
47.             'method'=>'POST',
48.             'header'=>'Content-type: application/x-www-form-urlencoded',
49.             'content' => $postdata,
50.             'protocol_version' => 1.1
51.             )
52.         );
53.         $context = stream_context_create($opts);
54.         file_get_contents('https://defense.ballastsecurity.net/decoding/submit.php', false, $context);
55.     }
56. }
57. SendAnyRFIsToBallastSec();
58. ?>