利用chrome_remote_interface实现程序化、自动化Web安全测试
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>要问有<span style="color: black;">那些</span>抓包神器<span style="color: black;">或</span>流量分析工具?以下几款工具是<span style="color: black;">必要</span>要提的,burpsuite(跨平台)、fiddler(windows下抓包神器)、wireshark(经典网络抓包工具)、justniffer(与前面几个<span style="color: black;">运用</span>代理获取流量不<span style="color: black;">同样</span>的是,justniffer是基于网卡获取流量)等。以上这几款工具之前我有单独成文介绍过,如有<span style="color: black;">必须</span>可点击蓝色链接移步。 <span style="color: black;">那样</span><span style="color: black;">倘若</span>问有<span style="color: black;">那些</span>程序化的抓包工具?(注明一下<span style="color: black;">这儿</span>的程序化指的是可编程)<span style="color: black;">首要</span>burpsuite算一个,<span style="color: black;">由于</span><span style="color: black;">咱们</span><span style="color: black;">能够</span><span style="color: black;">研发</span>扩展工具(burpsuite插件<span style="color: black;">研发</span>之检测越权<span style="color: black;">拜访</span>漏洞);<span style="color: black;">另一</span>fiddle<span style="color: black;">亦</span>算一个,<span style="color: black;">能够</span>编辑配置文件,达到扩展功能,之前<span style="color: black;">亦</span>介绍过。 <span style="color: black;">那样</span><span style="color: black;">倘若</span>问有<span style="color: black;">那些</span>即<span style="color: black;">能够</span>实现程序化又<span style="color: black;">能够</span>实现自动化的抓包工具?(注明一下<span style="color: black;">这儿</span>的自动化<span style="color: black;">指的是</span>自动产生流量)这个问题有点拗口,你可能会想<span style="color: black;">为何</span>一个抓包工具要负责产生流量,流量交给爬虫岂不是更好?这个问题暂且放一放,继续往下看。</p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;">自动化安全测试</h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">平常<span style="color: black;">咱们</span>经常会<span style="color: black;">运用</span>burpsuite等工具检测一个网站的安全性,检测<span style="color: black;">办法</span>不外乎<span style="color: black;">运用</span>浏览器<span style="color: black;">拜访</span>网站且把流量代理到burpsuite上,<span style="color: black;">而后</span>在burpsuite上<span style="color: black;">经过</span>拦截、修改、重放流量等方式测试网站安全性。然而当要测试的网站非常多时,有<span style="color: black;">无</span>一个更自动化、更省力的方式去测试呢?<span style="color: black;">方法</span>肯定是有的,简单<span style="color: black;">来讲</span>要实现自动化web安全测试无非要<span style="color: black;">处理</span>几个问题,<span style="color: black;">首要</span>是流量怎么产生?<span style="color: black;">而后</span>是怎么从流量中分析出漏洞?</p>自动化测试<span style="color: black;">方法</span>:主动扫描器<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">市面上基于爬虫的主动扫描器<span style="color: black;">便是</span>一种自动化安全测试工具,<span style="color: black;">首要</span>它的流量是<span style="color: black;">经过</span>爬虫爬取url主动产生的,<span style="color: black;">而后</span>利用<span style="color: black;">有些</span>漏洞插件去构造<span style="color: black;">区别</span>的<span style="color: black;">拜访</span>请求。短板:<span style="color: black;">日前</span>市面上扫描器爬虫大多基于web1.0,<span style="color: black;">没法</span>加载js渲染网页,而<span style="color: black;">此刻</span>越来越多的网站<span style="color: black;">运用</span>web2.0技术实现前后端数据交互。</p>自动化测试<span style="color: black;">方法</span>:被动扫描器<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> <span style="color: black;">有些</span>大厂内部自研的被动扫描器,<span style="color: black;">首要</span>它的流量不是<span style="color: black;">经过</span>爬虫主动获取的,而是<span style="color: black;">经过</span>监听交换机等网络设备的网卡流量,<span style="color: black;">而后</span>利用<span style="color: black;">有些</span>漏洞插件去分析流量中存在漏洞的点。短板:适合大厂各业务线安全<span style="color: black;">检测</span>不适合测试某个特定的网站,<span style="color: black;">由于</span><span style="color: black;">必须</span>人为<span style="color: black;">拜访</span>网站产生流量。</p>自动化测试<span style="color: black;">方法</span>:selenium+流量获取工具+漏洞插件<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">selenium是一款网站自动化测试工具,<span style="color: black;">能够</span>程序化的操作浏览器,实现自动化产生流量。再结合抓包工具以及漏洞检测插件,应该就<span style="color: black;">能够</span><span style="color: black;">处理</span>流量获取以及漏洞检测的问题。短板:用selenium只能实现<span style="color: black;">有些</span>简单的浏览器操作,<span style="color: black;">针对</span>检测<span style="color: black;">繁杂</span>的网站系统,似乎<span style="color: black;">不足</span>用,<span style="color: black;">况且</span>速度很慢,性能很差。</p>自动化测试<span style="color: black;">方法</span>:chrome_remote_interface+漏洞插件<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">之前我介绍过headless chrome,<span style="color: black;">亦</span>介绍过phantomjs等web2.0爬虫工具,<span style="color: black;">日前</span><span style="color: black;">举荐</span>去学习<span style="color: black;">运用</span>headless-chrome。headless chrome工具是用来自动加载js,获取渲染后的页面源码,<span style="color: black;">处理</span>web2.0爬虫之困。而chrome_remote_interface是一个更底层的工具,<span style="color: black;">能够</span>用来分析协议,简单说<span style="color: black;">便是</span><span style="color: black;">能够</span>分析<span style="color: black;">全部</span>渲染过程,以及截取分析过程中的流量。就类似您打开了chrome浏览器的审查元素功能,<span style="color: black;">而后</span>刷新一下页面,查看一下network信息。</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/fe28601b16db41e286f17df307b45653~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=HEDoMxuvuIQZ7DncyAMWrOEWRU4%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">chrome_remote_interface介绍</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">chrome_remote_interface是一个开源项目,项目<span style="color: black;">位置</span>,并且支持命令行、编码两种方式,且<span style="color: black;">运用</span>node.js<span style="color: black;">研发</span>。</p>安装<span style="color: black;">运用</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">由于</span>chrome_remote_interface是基于nodejs的,<span style="color: black;">因此呢</span><span style="color: black;">必须</span>安装npm包管理工具。</p><span style="color: black;">1</span> yum install <span style="color: black;">npm</span> -y
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">然后创建一个目录,初始化一个项目</p><span style="color: black;">1</span> <span style="color: black;">npm</span> init<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在目录下安装chrome_remote_interface</p><span style="color: black;">1</span> npm install chrome-remote-<span style="color: black;"><span style="color: black;">interface</span></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">创建一个简单的nodejs程序(nmask.js):</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/57d24dbb98ae44db9f601e50778367b0~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=sVtPPkuYUpMsuQoXKrBJKrivUFA%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">说明:在运行这段程序前,<span style="color: black;">必要</span>要在系统上安装chrome以及<span style="color: black;">起步</span>chrome headless监听模式,<span style="color: black;">详细</span>怎么安装chrome headless<span style="color: black;">能够</span>移步:headless chrome and api</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">起步</span>chrome headless监听模式:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/248a9e60d17f48778dced7d1ddd7e8f8~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=OyGQADungwI6c%2FDyyBLQ9HtTGRI%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">而后</span><span style="color: black;">另一</span>开启一个窗口,运行nodejs:</p><span style="color: black;">1</span> node nmask.js https:<span style="color: black;">//thief.one</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">运行结果如下:(输出渲染过程中请求的所有url)</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/8335cda503c24841a37b17510834c628~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=h9ptaPH98NcAkEgGz7URUsUnTRM%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">chrome_remote_interface for python</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">因为</span>chrome_remote_interface是nodejs实现的,<span style="color: black;">因此呢</span><span style="color: black;">针对</span>不<span style="color: black;">熟练</span>nodejs的<span style="color: black;">伴侣</span><span style="color: black;">来讲</span>coding成本比较高。然而好在<span style="color: black;">已然</span>有外国友人用python封装了一个工具,项目<span style="color: black;">位置</span>,虽然<span style="color: black;">日前</span>此项目尚<span style="color: black;">处在</span>初级<span style="color: black;">周期</span>,但实实在在地<span style="color: black;">处理</span>了我的问题。</p>安装<span style="color: black;">运用</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">基于是用python3.5<span style="color: black;">研发</span>的,<span style="color: black;">那样</span>就clone一下项目,直接安装吧:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/0dde2c5529164396a67b089ed5220d66~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=sIi0ahQmrdNSN%2F9bOtHjCSNIZM0%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">编写一个python版的程序(nmask.py):</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/9a7b011f3c1d40b0a2eb1db74e5e091e~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=zDlu%2BhCrpbTyPFzhrlxyThy50e0%3D" style="width: 50%; margin-bottom: 20px;"></div>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/13a18a35c1ec42aa91ab41adbf1d585d~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=kniJggRaFVKiwLNpfpUrCXP2RCk%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">说明:<span style="color: black;">一样</span>的在运行这段代码前,先运行chrome headless监听程序。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">而后</span>运行该程序:</p>1 <span style="color: black;">python</span> <span style="color: black;">nmask</span><span style="color: black;">.py</span>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/4785d4258197496ca6a1a4376c0a1812~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=1%2BS6Sju2piVnYYG4WNmltRGNatw%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">说明:运行程序,<span style="color: black;">最后</span>得到渲染过程中请求的url、响应码、响应内容长度。</p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;">Chrome Debugging Protocol</h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">无论是nodejs版本的chrome-remote-interface还是python版本的,实现的底层都是基于Chrome Debugging Protocol接口,官方文档,<span style="color: black;">因此呢</span>在<span style="color: black;">运用</span>chrome-remote-interface过程中,<span style="color: black;">能够</span><span style="color: black;">查找</span>一下这个文档。<span style="color: black;">例如</span>python版本中</p>network__response_received函数,是封装了Chrome Debugging Protocol接口Network.ResponseReceived函数,而此函数接受的参数,以及<span style="color: black;">有些</span>属性<span style="color: black;">办法</span>等都<span style="color: black;">能够</span>在该文档中<span style="color: black;">查找</span>。
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;">处理</span><span style="color: black;">文案</span>开头的问题</h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">文案</span>开头还留了一个问题,有<span style="color: black;">那些</span>即<span style="color: black;">能够</span>实现程序化又<span style="color: black;">能够</span>实现自动化的抓包工具?想想chrome-remote-interface能干啥?其一<span style="color: black;">能够</span><span style="color: black;">运用</span>nodejs、python(可能还有其他语言封装的项目)编程,底层接口文档比较完善;其二用它来写web2.0爬虫,<span style="color: black;">拜访</span>页面产生流量,当然区别web1.0爬虫,<span style="color: black;">这儿</span>的流量是完整的流量,相当于人工打开浏览器<span style="color: black;">拜访</span>网页;其三<span style="color: black;">能够</span>获取流量,并且进行分析。<span style="color: black;">第1</span>点功能实现了程序化,第二三点功能实现了自动化。 最后让<span style="color: black;">咱们</span>回过头看一下前文<span style="color: black;">说到</span>的自动化测试<span style="color: black;">方法</span>–主动扫描器,其短板<span style="color: black;">便是</span>没法<span style="color: black;">处理</span>web2.0爬虫的困境,而chrome-remote-interface恰恰<span style="color: black;">能够</span><span style="color: black;">处理</span>,发挥下想象力,其前途应该无限!</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/392654343823490998774f5c697936b9~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1723899628&x-signature=XxjA7pZUlh%2FnZsdh6RCrBMz%2FCxE%3D" style="width: 50%; margin-bottom: 20px;"></div>
回顾过去一年,是艰难的一年;展望未来,是辉煌的一年。 你的话语如春风拂面,温暖了我的心房,真的很感谢。 论坛是一个舞台,让我们在这里尽情的释放自己。 请问、你好、求解、谁知道等。 我们有着相似的经历,你的感受我深有体会。 感谢楼主的分享!我学到了很多。 感谢您的精彩评论,为我带来了新的思考角度。
页:
[1]