Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

演示功能 #4

Open
waderwu opened this issue Dec 15, 2018 · 3 comments
Open

演示功能 #4

waderwu opened this issue Dec 15, 2018 · 3 comments

Comments

@waderwu
Copy link
Owner

waderwu commented Dec 15, 2018
edited
Loading

  • 记录日志的功能
  • 查找攻击流量
  • 重放的功能
@waderwu
Copy link
Owner Author

waderwu commented Dec 17, 2018

统计分析功能
如果以ip为对象
想知道访问了哪些path及其次数,总共访问次数,总共攻击次数,攻击成功次数,
以path为对象
哪些ip访问了,分别的访问次数是多少,攻击类型是多少

@waderwu
Copy link
Owner Author

waderwu commented Dec 17, 2018

php waf 需要完成哪些内容?

  1. 记录请求
  2. 记录响应,并检查响应有没有污点数据
  3. 拦截危险请求,直接die()
  4. 发现危险请求,直接转发到蜜罐
  5. ip黑名单
  6. ip白名单

@waderwu
Copy link
Owner Author

waderwu commented Dec 18, 2018

演示步骤:
1.上传wulog.php、cant.html、wulogser.php 到服务器。
2. 然后通过find /var/www/html/ -type f -name "*.php"|xargs sed -i '1 i <?php include_once("/tmp/wulog.php");?>' 部署记录日志
3. 尝试访问u.cn/tmp/shell.php 检查/tmp/res 和/tmp/req 是否有日志生成
4. 将日志取回并分析,并上传ip黑名单
5. 通过更改waf的等级,检查是否能达到相应的效果

  • level1 只记录请求
  • level2 记录请求和响应并检查响应是否有污点数据
  • level3 对黑名单使用waf
  • level4 对非白名单使用waf
  • level5 对黑名单使用蜜罐,对非白名单使用waf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@waderwu