当前位置:网站首页>Analysis of using jsonp cross domain vulnerability and XSS vulnerability in honeypot
Analysis of using jsonp cross domain vulnerability and XSS vulnerability in honeypot
2022-07-07 08:37:00 【It old culvert】
One 、 Preface
When we played the red team , I often encounter honeypots , And some more “ Active defense ” Some cross domain vulnerabilities and xss, Make a simple analysis of this .
Two 、 The concept of honeypot
Honeypot is mainly through the arrangement of bait , Entice the attacker to attack , Then capture through traffic 、 Behavioral analysis, etc. on the attacker's portrait and trace the source .
for example HFish Honeypot , It belongs to the honey pot of high intercourse , By capturing attacker behavior , Get attacker attack data 、IP Address, etc , However, it is far from enough to obtain these data for the attacker's portrait , and HFish It also provides customization web Deployment of Honeypot , Simply analyze the two honeypots you encounter .
The following are screenshots of two honeypots encountered in the red team and vulnerability mining .
Why is it “ Active defense ” Well ?
When the attacker visits the page ,JS Automatically , Send requests to many of our favorite websites , These requests take advantage of many websites jsonp Cross domain vulnerabilities and xss Loophole , Get COOKIE、 user name 、 Mobile phone number and other information , So as to trace the source of the attacker , And the attacker just visits this page , So it's “ Active defense ”.
3、 ... and 、jsonp Cross domain
jsonp Cross domain vulnerabilities are similar to CSRF Loophole , Some are also called read type CSRF Loophole , You can get some user names of website users 、 Mobile phone number and other sensitive data , If you are not familiar with this vulnerability, you can baidu by yourself ~
Here are some uses in the honey pot jsonp Screenshot of data package with cross domain vulnerability .
If you have logged in to the website and have cookie There is , You can often return the user name 、 Phone number data .
Four 、xss Loophole
xss Vulnerabilities are basically eval(name), I think there are some problems with the honeypot configuration , see js code , Is all added to one iframe In the label , Then set the iframe In the label name The variable is a string js Code , And here it is eval(name), In my understanding, it should be preset js Code , Set up name Variable , Then execute the string js Code .(P.S. JS I know a little about the code , This paragraph may be misunderstood and analyzed , I won't go into it .)
jsonp Improper configuration will also occur xss, Here's the picture :
There are also direct xss, For example, this csdn Of (csdn The size of is a little heavier )
Blog park xss( Duplicate code )
I believe these two websites are engaged in IT It should be used by most people , Honeypots exploit the loopholes of such websites , You can also easily get the attacker's user name 、 Mobile phone number and other information .
Sum up , The so-called active defense honeypot , As long as the attacker uses the browser to access , And there is a website that exploits the vulnerability of honeypot configuration to obtain user information in the browser cache COOKIE, Then the honey pot can be used jsonp perhaps xss Vulnerability to obtain the attacker's personal information , With a name 、ID、 After the mobile phone number and other information , Tracing the source of the red team has also become easier .
5、 ... and 、 Reverse honeypot
The honeypot is also a system , There are also some loopholes , for example HFish Honeypot once had unauthorized access to information vulnerabilities and storage XSS Loophole , The magic array honeypot of mo'an technology also had an unauthorized access vulnerability , Take advantage of the loopholes in the honeypot itself to reverse the honeypot .
Honey pot my research is not deep , More ideas depend on the free play of teachers , You can still try it when you encounter it XSS And other loopholes .
6、 ... and 、 How to defend the honeypot
If these honeypots are commercial , Many interfaces are the same , For example, the second picture in this article , But there are also user-defined interfaces , So I think it is troublesome to prevent honeypots through features , And cannot be completely prevented .
7、 ... and 、 Precautions
1、 If you have code ability , You can write browser plug-ins or burp plug-in unit , Detected that the packet contains callback、jsonp Wait for keywords , Intercept and let the user confirm .
2、 Browsers use noscript Plug-ins can find potential xss threat , It can be found that partial utilization xss Loophole honeypot .
边栏推荐
- Input and output of floating point data (C language)
- Le système mes est un choix nécessaire pour la production de l'entreprise
- 快速集成认证服务-HarmonyOS平台
- 23 Chengdu instrument customization undertaking_ Discussion on automatic wiring method of PCB in Protel DXP
- Implementation of navigation bar at the bottom of applet
- Ebpf cilium practice (1) - team based network isolation
- 基本数据类型和string类型互相转化
- GOLand idea intellij 无法输入汉字
- [Yu Yue education] C language programming reference of Zhongbei College of Nanjing Normal University
- PVTV2--Pyramid Vision TransformerV2学习笔记
猜你喜欢
Data type - integer (C language)
调用华为游戏多媒体服务的创建引擎接口返回错误码1002,错误信息:the params is error
Teach you how to select PCB board by hand (II)
SSM integration
[Yu Yue education] basic reference materials of electrical and electronic technology of Nanjing Institute of information technology
打通法律服务群众“最后一公里”,方正璞华劳动人事法律自助咨询服务平台频获“点赞”
Opencv learning notes II - basic image operations
Rainbow 5.7.1 supports docking with multiple public clouds and clusters for abnormal alarms
Through the "last mile" of legal services for the masses, fangzheng Puhua labor and personnel law self-service consulting service platform has been frequently "praised"
Merge sort and non comparison sort
随机推荐
使用AGC重签名服务前后渠道号信息异常分析
Automatic upgrading of database structure in rainbow
The single value view in Splunk uses to replace numeric values with text
Explore creativity in steam art design
[kuangbin]专题十五 数位DP
Splunk query CSV lookup table data dynamic query
A method for quickly viewing pod logs under frequent tests (grep awk xargs kuberctl)
Implementation method of data platform landing
Novice entry SCM must understand those things
grpc、oauth2、openssl、双向认证、单向认证等专栏文章目录
JS的操作
Teach you how to select PCB board by hand (II)
Opencv learning note 4 - expansion / corrosion / open operation / close operation
字符串操作
Open3D ISS关键点
单场带货涨粉10万,农村主播竟将男装卖爆单?
[machine learning] watermelon book data set_ data sharing
Interpreting the practical application of maker thinking and mathematics curriculum
Snyk dependency security vulnerability scanning tool
关于基于kangle和EP面板使用CDN