Spaces:

caarleexx
/

Stf

Paused

App Files Files Community

caarleexx commited on Mar 3

Commit

8dc9826

verified ·

1 Parent(s): 8204b7d

Create app.py

Browse files

Files changed (1) hide show

app.py +598 -0

app.py ADDED Viewed

	@@ -0,0 +1,598 @@

+import os
+import sys
+import json
+import time
+import logging
+import requests
+from flask import Flask, request, jsonify, render_template_string
+from playwright.sync_api import sync_playwright, TimeoutError as PlaywrightTimeoutError
+from playwright_stealth import stealth_sync
+import traceback
+# Configuração de logging
+logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+logger = logging.getLogger(__name__)
+app = Flask(__name__)
+# Template HTML para interface simples
+HTML_TEMPLATE = """
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Bypass AWS WAF - STF Jurisprudência</title>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
+            max-width: 1200px;
+            margin: 0 auto;
+            padding: 20px;
+            background: #f5f5f5;
+        }
+        .container {
+            background: white;
+            border-radius: 10px;
+            padding: 30px;
+            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+        }
+        h1 {
+            color: #333;
+            border-bottom: 2px solid #4CAF50;
+            padding-bottom: 10px;
+        }
+        .info-box {
+            background: #e3f2fd;
+            border-left: 4px solid #2196F3;
+            padding: 15px;
+            margin: 20px 0;
+            border-radius: 4px;
+        }
+        button {
+            background: #4CAF50;
+            color: white;
+            border: none;
+            padding: 12px 30px;
+            font-size: 16px;
+            border-radius: 5px;
+            cursor: pointer;
+            transition: background 0.3s;
+        }
+        button:hover {
+            background: #45a049;
+        }
+        button:disabled {
+            background: #cccccc;
+            cursor: not-allowed;
+        }
+        pre {
+            background: #f8f9fa;
+            border: 1px solid #dee2e6;
+            border-radius: 5px;
+            padding: 15px;
+            overflow: auto;
+            max-height: 500px;
+            font-size: 12px;
+        }
+        .loading {
+            display: inline-block;
+            width: 20px;
+            height: 20px;
+            border: 3px solid #f3f3f3;
+            border-top: 3px solid #4CAF50;
+            border-radius: 50%;
+            animation: spin 1s linear infinite;
+            margin-right: 10px;
+            vertical-align: middle;
+        }
+        @keyframes spin {
+            0% { transform: rotate(0deg); }
+            100% { transform: rotate(360deg); }
+        }
+        .stats {
+            display: grid;
+            grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+            gap: 15px;
+            margin: 20px 0;
+        }
+        .stat-card {
+            background: white;
+            border: 1px solid #dee2e6;
+            border-radius: 8px;
+            padding: 15px;
+            text-align: center;
+        }
+        .stat-value {
+            font-size: 24px;
+            font-weight: bold;
+            color: #2196F3;
+        }
+        .stat-label {
+            color: #666;
+            font-size: 14px;
+            margin-top: 5px;
+        }
+        .error {
+            color: #f44336;
+            background: #ffebee;
+            border-left: 4px solid #f44336;
+            padding: 15px;
+            margin: 10px 0;
+            border-radius: 4px;
+        }
+        .success {
+            color: #4CAF50;
+            background: #e8f5e8;
+            border-left: 4px solid #4CAF50;
+            padding: 15px;
+            margin: 10px 0;
+            border-radius: 4px;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>🛡️ Bypass AWS WAF - STF Jurisprudência</h1>
+        <div class="info-box">
+            <strong>📌 Sobre:</strong> Teste de bypass do AWS WAF usando Playwright + Stealth para acessar a API de jurisprudência do STF.
+            <br>
+            <strong>🔗 API Alvo:</strong> https://jurisprudencia.stf.jus.br/api/search/search
+        </div>
+        <div class="stats">
+            <div class="stat-card">
+                <div class="stat-value" id="requestsCount">0</div>
+                <div class="stat-label">Total de Requisições</div>
+            </div>
+            <div class="stat-card">
+                <div class="stat-value" id="successCount">0</div>
+                <div class="stat-label">Sucessos</div>
+            </div>
+            <div class="stat-card">
+                <div class="stat-value" id="failCount">0</div>
+                <div class="stat-label">Falhas</div>
+            </div>
+        </div>
+        <div style="margin: 20px 0;">
+            <button id="testBtn" onclick="runTest()">
+                <span class="loading" id="loading" style="display: none;"></span>
+                <span id="btnText">🚀 Executar Teste de Bypass</span>
+            </button>
+        </div>
+        <div id="result" style="margin-top: 20px;"></div>
+    </div>
+    <script>
+        let requestsCount = 0;
+        let successCount = 0;
+        let failCount = 0;
+        async function runTest() {
+            const btn = document.getElementById('testBtn');
+            const loading = document.getElementById('loading');
+            const btnText = document.getElementById('btnText');
+            const resultDiv = document.getElementById('result');
+            btn.disabled = true;
+            loading.style.display = 'inline-block';
+            btnText.textContent = ' Executando teste...';
+            resultDiv.innerHTML = '<div class="info-box">⏳ Aguardando resposta do servidor...</div>';
+            try {
+                const response = await fetch('/api/test-bypass', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json'
+                    }
+                });
+                const data = await response.json();
+                requestsCount++;
+                document.getElementById('requestsCount').textContent = requestsCount;
+                if (data.success) {
+                    successCount++;
+                    document.getElementById('successCount').textContent = successCount;
+                    let resultHtml = '<div class="success">✅ Teste executado com sucesso!</div>';
+                    resultHtml += '<pre>' + JSON.stringify(data.data, null, 2) + '</pre>';
+                    if (data.token) {
+                        resultHtml += '<div class="info-box"><strong>🔑 Token AWS WAF obtido:</strong><br>' +
+                                     '<code style="word-break: break-all;">' + data.token + '</code></div>';
+                    }
+                    resultDiv.innerHTML = resultHtml;
+                } else {
+                    failCount++;
+                    document.getElementById('failCount').textContent = failCount;
+                    resultDiv.innerHTML = '<div class="error">❌ Falha no teste: ' + data.error + '</div>' +
+                                         '<pre>' + JSON.stringify(data.details, null, 2) + '</pre>';
+                }
+            } catch (error) {
+                failCount++;
+                document.getElementById('failCount').textContent = failCount;
+                resultDiv.innerHTML = '<div class="error">❌ Erro na requisição: ' + error.message + '</div>';
+            } finally {
+                btn.disabled = false;
+                loading.style.display = 'none';
+                btnText.textContent = '🚀 Executar Teste de Bypass';
+            }
+        }
+    </script>
+</body>
+</html>
+"""
+# Dados da requisição (extraídos do curl)
+URL_API = "https://jurisprudencia.stf.jus.br/api/search/search"
+HEADERS = {
+    "Accept": "application/json, text/plain, */*",
+    "Content-Type": "application/json",
+    "User-Agent": "Mozilla/5.0 (Linux; Android 10; Pixel 4a Build/QD4A.200805.003; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/129.0.6668.71 Mobile Safari/537.36",
+    "Referer": "https://jurisprudencia.stf.jus.br/pages/search?base=acordaos&pesquisa_inteiro_teor=false&sinonimo=true&plural=true&radicais=false&buscaExata=true&page=1&pageSize=250&queryString=*&sort=_score&sortBy=desc&isAdvanced=true",
+    "Accept-Encoding": "gzip, deflate, br",
+    "Connection": "keep-alive",
+    "Origin": "https://jurisprudencia.stf.jus.br"
+}
+# Payload completo (resumido para não sobrecarregar o código - o payload completo está no histórico)
+PAYLOAD = {
+    "query": {
+        "function_score": {
+            "functions": [
+                {"exp": {"julgamento_data": {"origin": "now", "scale": "47450d", "offset": "1095d", "decay": 0.1}}},
+                {"filter": {"term": {"orgao_julgador.keyword": "Tribunal Pleno"}}, "weight": 1.15}
+            ],
+            "query": {
+                "bool": {
+                    "filter": [
+                        {"query_string": {
+                            "default_operator": "AND",
+                            "fields": ["ementa_texto.plural^3", "acordao_ata.plural^3"],
+                            "query": "*",
+                            "type": "cross_fields",
+                            "fuzziness": "AUTO:4,7"
+                        }}
+                    ],
+                    "should": []
+                }
+            }
+        }
+    },
+    "_source": ["id", "titulo", "ementa_texto", "processo_numero", "julgamento_data"],
+    "size": 10,
+    "from": 0,
+    "sort": [{"_score": "desc"}]
+}
+def extract_waf_token_from_cookies(response):
+    """Extrai o token AWS WAF dos cookies da resposta"""
+    cookies = response.cookies
+    for cookie in cookies:
+        if cookie.get('name') == 'aws-waf-token':
+            return cookie.get('value')
+    # Tentar extrair de headers de resposta
+    set_cookie = response.headers.get('set-cookie', '')
+    if 'aws-waf-token=' in set_cookie:
+        import re
+        match = re.search(r'aws-waf-token=([^;]+)', set_cookie)
+        if match:
+            return match.group(1)
+    return None
+def test_with_requests():
+    """Testa acesso direto com requests"""
+    logger.info("Tentando acesso direto com requests...")
+    try:
+        # Primeiro, tentar acessar a página principal para obter token inicial
+        session = requests.Session()
+        # Acessar página de busca primeiro
+        search_page_url = "https://jurisprudencia.stf.jus.br/pages/search"
+        headers_page = HEADERS.copy()
+        headers_page.pop("Content-Type", None)
+        page_response = session.get(search_page_url, headers=headers_page, timeout=30)
+        logger.info(f"Página principal: status {page_response.status_code}")
+        # Verificar se recebemos token
+        token = extract_waf_token_from_cookies(page_response)
+        if token:
+            logger.info(f"Token AWS WAF obtido da página: {token[:30]}...")
+        # Tentar a API
+        api_response = session.post(
+            URL_API,
+            headers=HEADERS,
+            json=PAYLOAD,
+            timeout=30
+        )
+        logger.info(f"API Response: status {api_response.status_code}")
+        if api_response.status_code == 200:
+            data = api_response.json()
+            return {
+                "success": True,
+                "method": "requests",
+                "status_code": api_response.status_code,
+                "token": token,
+                "data": data
+            }
+        elif api_response.status_code in [403, 202]:
+            # AWS WAF detectado
+            return {
+                "success": False,
+                "method": "requests",
+                "status_code": api_response.status_code,
+                "error": "AWS WAF detectado - necessário bypass com navegador",
+                "response_text": api_response.text[:500]
+            }
+        else:
+            return {
+                "success": False,
+                "method": "requests",
+                "status_code": api_response.status_code,
+                "error": f"Status inesperado: {api_response.status_code}",
+                "response_text": api_response.text[:500]
+            }
+    except Exception as e:
+        logger.error(f"Erro no requests: {str(e)}")
+        return {
+            "success": False,
+            "method": "requests",
+            "error": str(e),
+            "traceback": traceback.format_exc()
+        }
+def test_with_playwright():
+    """Testa acesso usando Playwright com stealth"""
+    logger.info("Tentando acesso com Playwright + stealth...")
+    token = None
+    playwright = None
+    try:
+        with sync_playwright() as p:
+            # Configurar navegador com argumentos anti-detecção
+            browser = p.chromium.launch(
+                headless=True,
+                args=[
+                    '--disable-blink-features=AutomationControlled',
+                    '--disable-dev-shm-usage',
+                    '--no-sandbox',
+                    '--disable-setuid-sandbox',
+                    '--disable-web-security',
+                    '--disable-features=IsolateOrigins,site-per-process',
+                    '--start-maximized'
+                ]
+            )
+            context = browser.new_context(
+                viewport={'width': 1920, 'height': 1080},
+                user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
+                locale='pt-BR',
+                timezone_id='America/Sao_Paulo',
+                permissions=['geolocation']
+            )
+            page = context.new_page()
+            # Aplicar stealth
+            stealth_sync(page)
+            # Navegar para página principal
+            logger.info("Navegando para página de busca...")
+            response = page.goto(
+                "https://jurisprudencia.stf.jus.br/pages/search",
+                wait_until='networkidle',
+                timeout=30000
+            )
+            if not response:
+                raise Exception("Sem resposta da página")
+            logger.info(f"Página carregada: status {response.status}")
+            # Aguardar um pouco para execução de JS
+            page.wait_for_timeout(5000)
+            # Coletar cookies
+            cookies = context.cookies()
+            for cookie in cookies:
+                if cookie.get('name') == 'aws-waf-token':
+                    token = cookie.get('value')
+                    logger.info(f"Token AWS WAF encontrado: {token[:30]}...")
+            if not token:
+                # Tentar extrair do localStorage
+                token = page.evaluate("""
+                    () => {
+                        for(let i=0; i<localStorage.length; i++) {
+                            let key = localStorage.key(i);
+                            if(key.includes('waf') || key.includes('token')) {
+                                return localStorage.getItem(key);
+                            }
+                        }
+                        return null;
+                    }
+                """)
+                if token:
+                    logger.info(f"Token encontrado no localStorage: {token[:30]}...")
+            # Fazer requisição à API via JavaScript
+            logger.info("Executando requisição à API via JavaScript...")
+            api_result = page.evaluate("""
+                async (payload, headers) => {
+                    try {
+                        const response = await fetch('https://jurisprudencia.stf.jus.br/api/search/search', {
+                            method: 'POST',
+                            headers: headers,
+                            body: JSON.stringify(payload)
+                        });
+                        const data = await response.json();
+                        return {
+                            success: response.ok,
+                            status: response.status,
+                            data: data,
+                            headers: Object.fromEntries(response.headers)
+                        };
+                    } catch (error) {
+                        return {
+                            success: false,
+                            error: error.toString()
+                        };
+                    }
+                }
+            """, PAYLOAD, HEADERS)
+            browser.close()
+            if api_result.get('success'):
+                return {
+                    "success": True,
+                    "method": "playwright",
+                    "status_code": api_result.get('status'),
+                    "token": token,
+                    "data": api_result.get('data')
+                }
+            else:
+                return {
+                    "success": False,
+                    "method": "playwright",
+                    "error": api_result.get('error', 'Falha desconhecida'),
+                    "token": token
+                }
+    except PlaywrightTimeoutError:
+        error_msg = "Timeout ao carregar página"
+        logger.error(error_msg)
+        return {
+            "success": False,
+            "method": "playwright",
+            "error": error_msg,
+            "traceback": traceback.format_exc()
+        }
+    except Exception as e:
+        logger.error(f"Erro no Playwright: {str(e)}")
+        return {
+            "success": False,
+            "method": "playwright",
+            "error": str(e),
+            "traceback": traceback.format_exc()
+        }
+@app.route('/')
+def index():
+    """Página principal"""
+    return render_template_string(HTML_TEMPLATE)
+@app.route('/api/test-bypass', methods=['POST'])
+def test_bypass():
+    """Endpoint para testar bypass"""
+    logger.info("Requisição de teste recebida")
+    result = {
+        "success": False,
+        "attempts": []
+    }
+    # Tentar primeiro com requests
+    requests_result = test_with_requests()
+    result["attempts"].append(requests_result)
+    # Se requests falhou, tentar com playwright
+    if not requests_result.get("success"):
+        logger.info("Requests falhou, tentando Playwright...")
+        time.sleep(2)  # Pequena pausa entre tentativas
+        playwright_result = test_with_playwright()
+        result["attempts"].append(playwright_result)
+        if playwright_result.get("success"):
+            result["success"] = True
+            result["method"] = "playwright"
+            result["token"] = playwright_result.get("token")
+            result["data"] = playwright_result.get("data")
+    else:
+        result["success"] = True
+        result["method"] = "requests"
+        result["token"] = requests_result.get("token")
+        result["data"] = requests_result.get("data")
+    # Preparar resposta
+    response_data = {
+        "success": result["success"],
+        "timestamp": time.time(),
+        "method": result.get("method"),
+        "attempts": [
+            {
+                "method": a.get("method"),
+                "success": a.get("success", False),
+                "status_code": a.get("status_code"),
+                "error": a.get("error") if not a.get("success") else None
+            }
+            for a in result["attempts"]
+        ]
+    }
+    if result.get("success") and result.get("data"):
+        response_data["data"] = result["data"]
+        response_data["token_preview"] = result.get("token", "")[:50] + "..." if result.get("token") else None
+    if not result["success"]:
+        response_data["error"] = "Todas as tentativas falharam"
+        response_data["details"] = result["attempts"]
+        return jsonify(response_data), 500
+    return jsonify(response_data)
+@app.route('/api/health', methods=['GET'])
+def health():
+    """Endpoint de health check"""
+    return jsonify({
+        "status": "healthy",
+        "timestamp": time.time(),
+        "playwright_installed": True,
+        "python_version": sys.version
+    })
+@app.route('/api/token-status', methods=['GET'])
+def token_status():
+    """Verifica status do token atual"""
+    # Este endpoint poderia verificar se o token ainda é válido
+    return jsonify({
+        "message": "Para obter um token, execute /api/test-bypass primeiro"
+    })
+if __name__ == '__main__':
+    # Verificar dependências na inicialização
+    logger.info("Iniciando aplicação de bypass AWS WAF")
+    logger.info(f"Python version: {sys.version}")
+    # Testar playwright na inicialização
+    try:
+        with sync_playwright() as p:
+            browser = p.chromium.launch(headless=True)
+            logger.info("Playwright iniciado com sucesso")
+            browser.close()
+    except Exception as e:
+        logger.error(f"Erro ao iniciar Playwright: {str(e)}")
+        logger.error("Verifique se as dependências do sistema estão instaladas")
+    # Iniciar servidor Flask
+    port = int(os.environ.get('PORT', 7860))
+    app.run(host='0.0.0.0', port=port, debug=False)