基于vpn和透明代理的web漏洞掃描器的實現
責編:admin |2015-07-21 11:17:34Transparent-Proxy-Scanner是一個基于vpn和透明代理的web漏洞掃描器,本文是vpn + 透明代理式的web漏洞掃描器的實現的簡單說明。 用戶連接vpn后訪問網站時就會把網站的請求與響應信息保存到mongodb中,然后web掃描器從數據庫中讀取請求信息并進行掃描。
架構說明
透明代理的實現
透明代理是在 https://github.com/xiam/hyperfox 這個項目的基礎上改的,hyperfox是go語言實現的一個http/https的透明代理。
hyperfox本來是用 upper.io/db 這個orm將數據存入sqlite中的,我個人比較喜歡mongodb,于是就改成將數據存入mongodb中。
依賴包安裝
go get github.com/netxfly/Transparent-Proxy-Scanner/hyperfox
go get github.com/toolkits/slice
go get upper.io/db
go get github.com/gorilla/mux
go get menteslibres.net/gosexy/to
透明代理的部分實現代碼
package main
import (
“flag”
“fmt”
“github.com/netxfly/Transparent-Proxy-Scanner/hyperfox/proxy”
“github.com/netxfly/Transparent-Proxy-Scanner/hyperfox/tools/capture”
“strings”
// “github.com/netxfly/Transparent-Proxy-Scanner/hyperfox/tools/logger”
“github.com/toolkits/slice”
“log”
“net/url”
“os”
“upper.io/db”
“upper.io/db/mongo”
)
const version = “0.9”
const (
defaultAddress = `0.0.0.0`
defaultPort = uint(3129)
defaultSSLPort = uint(3128)
)
const (
Host = “127.0.0.1”
Port = “27017”
User = “xsec”
Password = “x@xsec.io”
Database = “passive_scan”
)
var settings = mongo.ConnectionURL{
Address: db.Host(Host), // MongoDB hostname.
Database: Database, // Database name.
User: User, // Optional user name.
Password: Password, // Optional user password.
}
var (
flagAddress = flag.String(“l”, defaultAddress, “Bind address.”)
flagPort = flag.Uint(“p”, defaultPort, “Port to bind to, default is 3129″)
flagSSLPort = flag.Uint(“s”, defaultSSLPort, “Port to bind to (SSL mode), default is 3128.”)
flagSSLCertFile = flag.String(“c”, “”, “Path to root CA certificate.”)
flagSSLKeyFile = flag.String(“k”, “”, “Path to root CA key.”)
)
var (
sess db.Database
col db.Collection
)
var (
static_resource []string = []string{“js”, “css”, “jpg”, “gif”, “png”, “exe”, “zip”, “rar”, “ico”,
“gz”, “7z”, “tgz”, “bmp”, “pdf”, “avi”, “mp3″, “mp4″, “htm”, “html”, “shtml”}
)
// dbsetup sets up the database.
func dbsetup() error {
var err error
// Attemping to establish a connection to the database.
sess, err = db.Open(mongo.Adapter, settings)
fmt.Println(sess)
if err != nil {
log.Fatalf(“db.Open(): %q\n”, err)
}
// Pointing to the “http_info” table.
col, err = sess.Collection(“http_info”)
return nil
}
// filter function
func filter(content_type string, raw_url string) bool {
ret := false
if strings.Contains(content_type, “text/plain”) || strings.Contains(content_type, “application/x-gzip”) {
url_parsed, _ := url.Parse(raw_url)
path := url_parsed.Path
t := strings.Split(path[1:], “.”)
suffix := t[len(t)-1]
if !slice.ContainsString(static_resource, suffix) {
ret = true
}
}
return ret
}
// Parses flags and initializes Hyperfox tool.
func main() {
var err error
var sslEnabled bool
// Parsing command line flags.
flag.Parse()
// Opening database.
if err = dbsetup(); err != nil {
log.Fatalf(“db: %q”, err)
}
// Remember to close the database session.
defer sess.Close()
// Is SSL enabled?
if *flagSSLPort > 0 && *flagSSLCertFile != “” {
sslEnabled = true
}
// User requested SSL mode.
if sslEnabled {
if *flagSSLCertFile == “” {
flag.Usage()
log.Fatal(ErrMissingSSLCert)
}
if *flagSSLKeyFile == “” {
flag.Usage()
log.Fatal(ErrMissingSSLKey)
}
os.Setenv(proxy.EnvSSLCert, *flagSSLCertFile)
os.Setenv(proxy.EnvSSLKey, *flagSSLKeyFile)
}
// Creatig proxy.
p := proxy.NewProxy()
// Attaching logger.
// p.AddLogger(logger.Stdout{})
// Attaching capture tool.
res := make(chan capture.Response, 256)
p.AddBodyWriteCloser(capture.New(res))
// Saving captured data with a goroutine.
go func() {
for {
select {
case r := <-res:
if filter(r.ContentType, r.URL) {
// fmt.Println(r.Method, r.URL, r.ContentType)
if _, err := col.Append(r); err != nil {
log.Printf(ErrDatabaseError.Error(), err)
}
}
}
}
}()
cerr := make(chan error)
// Starting proxy servers.
go func() {
if err := p.Start(fmt.Sprintf(“%s:%d”, *flagAddress, *flagPort)); err != nil {
cerr <- err
}
}()
if sslEnabled {
go func() {
if err := p.StartTLS(fmt.Sprintf(“%s:%d”, *flagAddress, *flagSSLPort)); err != nil {
cerr <- err
}
}()
}
err = <-cerr
log.Fatalf(ErrBindFailed.Error(), err)
}
如何啟動透明代理
1.安裝依賴包
2.git clone https://github.com/netxfly/Transparent-Proxy-Scanner.git 到GOPATH目錄下
3.cd 到 $GOPATH/Transparent-Proxy-Scanner/hyperfox 目錄下編譯hyperfox,如下圖所示:
4.配置iptables,將80和443端口的請求分別轉到透明代理的3129和3128端口,如下圖所示:
透明代理抓取數據測試
1.注釋掉調試代碼,啟動透明代理,手機撥入vpn,打開微博客戶端后發現已經可以抓取到數據了,如下圖所示:
2.去mongodb中再確認下數據是否入庫,如下圖所示:
確認數據已經入庫,接下來就該 任務分發模塊 和 任務執行模塊 出場了,詳情請參考 基于代理的Web掃描器的簡單實現
上一篇:巧用網頁分析“反擊”釣魚網站