Obrazowanie ultradźwiękowe wad za pomocą metod syntetycznej ...
Wad(web application detector)
-
Upload
lxghost -
Category
Technology
-
view
613 -
download
2
Transcript of Wad(web application detector)
![Page 2: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/2.jpg)
我是谁
安全研究
扫描器开发
漏洞跟踪
Python控
@红黄满hysia@XEYE weibo.com/hysia
![Page 3: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/3.jpg)
content
• Web 应用的生态环境• Web 应用的指纹特征识别方法• 如何快速识别 Web 应用• WAD 和国外同类项目的异同• Web 应用识别的意义
![Page 4: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/4.jpg)
Web 应用的生态环境
每个 web app 都是生态环境中的一个物种
![Page 5: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/5.jpg)
Web 应用指纹特征• Web 应用的指纹特征识别方法– Header– Html data– Special URL or file
![Page 6: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/6.jpg)
Web 应用的指纹特征识别
• Header
![Page 7: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/7.jpg)
Web 应用的指纹特征识别
• Html Data– Meta generator 、 author– Powered by – Html 注释 <!-- -->– 网页的框架– 特殊的页面:比如 404 页面
![Page 8: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/8.jpg)
Web 应用的指纹特征识别
• Meta generator
![Page 9: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/9.jpg)
Web 应用的指纹特征识别
• Powered by
![Page 10: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/10.jpg)
Web 应用的指纹特征识别
• Html 注释 <!-- -->
more ?
![Page 11: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/11.jpg)
Web 应用的指纹特征识别
• Special URL or file/path– 特定的静态文件内容
( css 、 js 、 html 、 txt )– 特定静态文件的 MD5 Hash ( 2 进制文件等)– 特定目录 (或多个目录组合)
![Page 12: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/12.jpg)
Web 应用的指纹特征识别
• Special URL or file/path
more ?
![Page 13: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/13.jpg)
快速筛选识别规则• 我有 1000+ 规则 , 麻烦来了• 我有 10000+ 网站能快速识别么• 我们需要大规模快速识别应用 ! 必须的 !!
有没有 !!!
![Page 14: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/14.jpg)
快速筛选识别规则• 根据 web server 的 tech 筛选规则– Asp/asp.net/Php/Jsp/Django
• 根据 web 应用的类型筛选规则– Blog/cms/sns/eshop etc….
• 根据 web 应用的流行程度排序筛选规则– 用最短的时间优先命中规则
![Page 15: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/15.jpg)
快速筛选识别规则• Tech – 从目标服务器 server banner 中获得– 参数传入
• web 应用的类型 type– 从目标网站的 title , meta keyword 中尝试自动猜测– 参数传入
• web 应用的流行程度等级 popular– Xml 规则库中配置– 参数传入– 从历史探测的数据中自学习 , 自动更新数值 ( 实验 )
![Page 16: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/16.jpg)
Demo
这里是程序自动匹配到的应用类型根据应用类型 blog 载入规则进行识别
这里是程序没有识别到应用类型默认载入 asp.net 的所有规则进行识别
![Page 17: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/17.jpg)
What’s diffrent• 国外同类型的项目 :– WhatWeb– Blind Elephant– WAFP(Web Application Finger Printing)– Wapplyzer
• 尝试识别 , 不要求 MD5 匹配 , 就算被更改也能识别出应用, md5 匹配只是辅助精确版本
• 我们更了解中国 Web 应用的物种和生态环境
![Page 18: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/18.jpg)
Q&Aweibo.com/hysia
![Page 19: Wad(web application detector)](https://reader030.fdocument.pub/reader030/viewer/2022020218/55c2bfd8bb61ebcf2d8b47cf/html5/thumbnails/19.jpg)
Thanks