web-client.rules

来自「关于网络渗透技术的详细讲解」· RULES 代码 · 共 18 行

RULES

18 行

# (C) Copyright 2001,2002, Martin Roesch, Brian Caswell, et al.
#    All rights reserved.
# $Id$
#---------------
# WEB-CLIENT RULES
#---------------
#
# These signatures look for two things:
# * bad things coming from our users
# * attacks against our web users

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT Outlook EML access"; uricontent:".eml"; flow:from_client,established; classtype:attempted-admin; sid:1233; rev:7;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT XMLHttpRequest attempt"; flow:to_client,established; content:"new XMLHttpRequest\("; content:"file\://"; nocase; classtype:web-application-attack; sid:1735; rev:3;)
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT readme.eml download attempt"; flow:from_client,established; uricontent:"/readme.eml"; nocase; classtype:attempted-user; sid:1284; reference:url,www.cert.org/advisories/CA-2001-26.html; rev:9;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT readme.eml autoload attempt"; flow:to_client,established; content:"window.open(\"readme.eml\""; nocase; classtype:attempted-user; sid:1290; reference:url,www.cert.org/advisories/CA-2001-26.html; rev:8;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT javascript document.domain attempt"; flow:to_client,established; content:"document.domain("; nocase; classtype:attempted-user; reference:bugtraq,5346; sid:1840; rev:2;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT javascript URL host spoofing attempt"; flow:to_client,established; content:"javascript\://"; nocase; classtype:attempted-user; reference:bugtraq,5293; sid:1841; rev:2;)

web-client.rules - 源码说明

本页面展示了「关于网络渗透技术的详细讲解」中的 web-client.rules 源码文件，采用 RULES 编程语言编写，共 18 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与网络相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?