7wu1wm0 发表于 2024-8-25 21:52:23

WAF绕过-漏洞发掘-AWVS+Xray+Goby+sqlmap-绕过waf


    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">WAF绕过<span style="color: black;">重点</span>集中在信息收集,漏洞<span style="color: black;">发掘</span>,漏洞利用,权限<span style="color: black;">掌控</span>四个<span style="color: black;">周期</span>。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">1、什么是WAF?</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Web Application Firewall(web应用防火墙),一种公认的说法是“web应用防火墙<span style="color: black;">经过</span>执行一系列针对HTTP/HTTPS的安全策略来专门为web应用<span style="color: black;">供给</span><span style="color: black;">守护</span>的一款<span style="color: black;">制品</span>。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">基本<span style="color: black;">能够</span>分为以下4种:</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">软件型WAF</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">以软件的形式安装在服务器上面,<span style="color: black;">能够</span>接触到服务器上的文件,<span style="color: black;">因此呢</span>就<span style="color: black;">能够</span>检测服务器上<span style="color: black;">是不是</span>有webshell,<span style="color: black;">是不是</span>有文件被创建等。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">硬件型WAF</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">以硬件形式<span style="color: black;">安排</span>在链路中,支持多种<span style="color: black;">安排</span>方式。当串联到链路上时<span style="color: black;">能够</span>拦截恶意流量,在旁路监听模式时只记录攻击<span style="color: black;">然则</span>不进行拦截。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">云WAF</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">通常</span>以反向代理的形式工作,<span style="color: black;">经过</span>配置后,使对网站的请求数据优先经过WAF主机,在WAF主机对数据进行过滤后再传给服务器。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">网站内置的WAF</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">便是</span>来自网站内部的过滤,直接出<span style="color: black;">此刻</span>网站代码中,<span style="color: black;">例如</span>说对输入的参数强制类转换啊,对输入的参数进行<span style="color: black;">敏锐</span>词检测啊什么的。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">2、<span style="color: black;">怎样</span>判断WAF?</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">Wafw00f识别工具:</span><span style="color: black;">https://github.com/EnableSecurity/wafw00f</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">看图识别:</span><span style="color: black;">https://mp.weixin.qq.com/s/3uUZKryCufQ_HcuMc8ZgQQ</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">其他项目脚本平台。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">3</span><span style="color: black;">、<span style="color: black;">日前</span>有<span style="color: black;">那些</span><span style="color: black;">平常</span>WAF<span style="color: black;">制品</span>?</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">参考:https://blog.csdn.net/w2sft/article/details/104533082/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">①硬件型</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">硬件型WAF以一个独立的硬件设备的形态存在,支持以多种方式(如透明桥接模式、旁路模式、反向代理等)<span style="color: black;">安排</span>到网络中为后端的Web应用<span style="color: black;">供给</span>安全防护,是最为传统的WAF型态,在受访企业中<span style="color: black;">安排</span>占比为35.2%。相<span style="color: black;">针对</span>软件<span style="color: black;">制品</span>类的WAF,这类<span style="color: black;">制品</span>的优点是性能好、功能全面、支持多种模式<span style="color: black;">安排</span>等,但它的价格<span style="color: black;">一般</span>比较贵。国内的绿盟、安恒、启明星辰等老牌厂商旗下的WAF都属于此类。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">②软件型</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">这种类型的WAF采用纯软件的方式实现,特点是安装简单,容易<span style="color: black;">运用</span>,成本低。但它的缺点<span style="color: black;">亦</span>是显而易见的,除了性能受到限制外,还可能会存在兼容性、安全等问题。这类WAF的<span style="color: black;">表率</span>有ModSecurity、Naxsi、ShareWAF、安全狗等。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">③云WAF</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">随着云计算技术的快速发展,使得基于云的WAF实现<span style="color: black;">作为</span>可能,在<span style="color: black;">这次</span>调查中占比<span style="color: black;">乃至</span>超过了传统的硬件WAF跃升为<span style="color: black;">第1</span>位,达到39.4%。阿里云、腾讯云、深信服云WAF、Imperva WAF是这类WAF的典型<span style="color: black;">表率</span>。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">常规</span><span style="color: black;">WAF</span><span style="color: black;">检测技术:</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">1.</span><span style="color: black;">正则匹配——容易被绕过(<span style="color: black;">运用</span>加密,编码,分段等)</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">2.</span><span style="color: black;"><span style="color: black;">设备</span>语言</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">3.</span><span style="color: black;"><span style="color: black;">行径</span>分析</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">许多安全<span style="color: black;">制品</span>都会检测工具的特征,<span style="color: black;">咱们</span>需要<span style="color: black;">认识</span>工具的数据包流量特征,<span style="color: black;">才可</span>更好的绕过安全检测。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">AWVS</span><span style="color: black;">绕过安全狗</span><span style="color: black;">(</span><span style="color: black;">Safedog</span><span style="color: black;">)</span><span style="color: black;">——爬虫白名单</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">咱们</span>在<span style="color: black;">运用</span></span><span style="color: black;">AWVS</span><span style="color: black;">扫描配置的安全狗的网站时,经常提示被拦截,<span style="color: black;">没法</span>进行正常扫描</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubIAwmNUANv78Zb3yia6HmD3KUwcRpSQ1MKDf35JCYfbhep8TseMGVfZg/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">AWVS</span><span style="color: black;">绕过安全狗扫描<span style="color: black;">目的</span>网站:</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">1.</span><span style="color: black;"><span style="color: black;">由于</span>安全狗默认开启各大搜索引擎的爬虫白名单,<span style="color: black;">因此</span><span style="color: black;">咱们</span><span style="color: black;">能够</span>伪造</span><span style="color: black;">UA</span><span style="color: black;">头绕过安全狗</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubOGdlWXe7nqz60y2LIxXvEyPnFahic1oeZibvIHlIHaC5kTFmJ6BWg2Bw/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">2.</span><span style="color: black;"><span style="color: black;">起步</span></span><span style="color: black;">awvs</span><span style="color: black;">——添加<span style="color: black;">目的</span>,下滑到</span><span style="color: black;">Crawling</span><span style="color: black;">——<span style="color: black;">选取</span></span><span style="color: black;">Safari</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubyNCQCIzwr8rJQMQAJnlRnv5oIBqzWZ1fUliaicJXpUfuXy4DrqaumLUw/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">3.</span><span style="color: black;">来到网站:</span><span style="color: black;">https://blog.csdn.net/qq_26230421/article/details/99052337</span><span style="color: black;">获取各大搜索引擎的蜘蛛</span><span style="color: black;">UA</span><span style="color: black;">头,我<span style="color: black;">这儿</span><span style="color: black;">运用</span>的是百度蜘蛛</span><span style="color: black;">UA</span><span style="color: black;">:</span><span style="color: black;">Mozilla/5.0
            (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">将</span><span style="color: black;">S</span><span style="color: black;">afari </span><span style="color: black;">UA</span><span style="color: black;">替换为百度蜘蛛</span><span style="color: black;">UA</span><span style="color: black;">:</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdub5qJJwMVlV0k6T6ib5bJe8zzR35WSMXaAaBZA1B41sFcBwrxDkEiaiakog/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">4.</span><span style="color: black;">点击<span style="color: black;">保留</span>,<span style="color: black;">起始</span>扫描。<span style="color: black;">拜访</span>网站<span style="color: black;">亦</span><span style="color: black;">无</span>触发拦截,成功绕过安全狗。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">还<span style="color: black;">能够</span><span style="color: black;">运用</span>代理池绕过狗子。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubXfXmfgE0ZeXfSb5kz6icWHKFcMOykajiavYibjKr6NvyaBAv1ibk3CECqw/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">AWVS</span><span style="color: black;">绕过宝塔防火墙——代理池</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">1.</span><span style="color: black;">购买隧道代理</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">在快代理购买一个代理:</span><span style="color: black;">https://www.kuaidaili.com/cart?t=tps_c</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubZYgJKSfhshvjL7E1NQKPs5fBaNlCOibXM0LO7yibhAS8fWY5HX6RbIhw/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">将自己的</span><span style="color: black;">主机外网</span><span style="color: black;">ip(</span><span style="color: black;">浏览器搜索</span><span style="color: black;">ip</span><span style="color: black;"><span style="color: black;">查找</span>获取外网</span><span style="color: black;">ip) </span><span style="color: black;">设置为白名单,<span style="color: black;">这般</span>本机<span style="color: black;">运用</span>代理就不需要输入账户<span style="color: black;">秘码</span></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubxvd6GKor3pmbbQu5F8icBu9Z09evCzmGia6HUSsqT5ic5ica2fdHd9X9Yw/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">2.</span><span style="color: black;"><span style="color: black;">起步</span></span><span style="color: black;">AWVS</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">添加<span style="color: black;">目的</span></span><span style="color: black;">(Add Targets)</span><span style="color: black;"><span style="color: black;">保留</span></span><span style="color: black;">(save)</span><span style="color: black;">之后<span style="color: black;">转</span>到<span style="color: black;">目的</span>设置</span><span style="color: black;">(T</span><span style="color: black;">arget Settings</span><span style="color: black;">) </span><span style="color: black;">配置代理,配置好点击<span style="color: black;">保留</span>就<span style="color: black;">能够</span><span style="color: black;">起始</span>扫描。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubRbJ1ok95uSEtVrUukliaiaRwMEPr5u1uW4E1Sics6JeeKcP54ApfjHD9w/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">X</span><span style="color: black;">ray</span><span style="color: black;">绕过宝塔防火墙——代理池</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">1.</span><span style="color: black;">不配置代理池</span><span style="color: black;"><span style="color: black;">起步</span></span><span style="color: black;">xray</span><span style="color: black;">扫描<span style="color: black;">目的</span>,被拦截<span style="color: black;">没法</span>扫描</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubicjuyogcav3bibZISEPYMhZQib3Bh1HHk1C8CCogy6LNsw23dFsT8dzNQ/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">拜访</span><span style="color: black;">目的</span>,</span><span style="color: black;">ip</span><span style="color: black;">还被宝塔拉入黑名单</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubFbo7sWbJaYviboTpOW8jh1hv4kCxIicibVD4BczzNMrt1bgpN5nIjjv3Q/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">2.</span><span style="color: black;">配置代理池</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">打开</span><span style="color: black;">X</span><span style="color: black;">ray</span><span style="color: black;">根目录,打开</span><span style="color: black;">config.yaml</span><span style="color: black;">文件配置代理</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdub6mYEJMXD6NeuaXH8LJmr6ibtB42y7eyEwj0XiaYcZtru0ricdOYeCJAVQ/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">配置好</span><span style="color: black;">X</span><span style="color: black;">ray</span><span style="color: black;">代理,在运行</span><span style="color: black;">xray</span><span style="color: black;">请求就会经过代理池发送给<span style="color: black;">目的</span>。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">运行</span><span style="color: black;">xray</span><span style="color: black;">,成功<span style="color: black;">起始</span>正常扫描</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubGJyI4eHFiavWcGXB9CIo0mRxHwXPDy4CI5Z039WvOsTwgFjDiaiareBPg/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">拜访</span>网站<span style="color: black;">亦</span><span style="color: black;">无</span>被拉黑,成功绕过宝塔防火墙。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubgECHD61pscR0ib3RQAk9MLRY0UUZMDAAtJicAORZXtBA9Ibky3ic8fuibw/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">G</span><span style="color: black;">oby</span><span style="color: black;">绕过宝塔防火墙——代理池</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">根据</span></span><span style="color: black;">goby</span><span style="color: black;">的规则配置好代理。<span style="color: black;">重视</span>:</span><span style="color: black;">goby</span><span style="color: black;">不走</span><span style="color: black;">http</span><span style="color: black;">协议,<span style="color: black;">因此</span>配置时要配置</span><span style="color: black;">socks</span><span style="color: black;">协议的端口号。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">填写好代理信息,点击</span><span style="color: black;">C</span><span style="color: black;">heck Proxy</span><span style="color: black;">测试代理<span style="color: black;">是不是</span>可用</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubFdhSibgMawxV8NDTwMlnATAN3poYoctZibQqXFUPnibDWRDUE2t2lUUvQ/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">测试成功,</span><span style="color: black;">G</span><span style="color: black;">oby</span><span style="color: black;">成功配置代理</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubC3h4EgJG6DNFgaEtv6MZemuoKDMFbluxtJP6jueulicKSQibgM9zmZKQ/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">起始</span>扫描,成功绕过宝塔防火墙</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/sz_mmbiz_png/b9ibb0kbHCIkDXC07oJaZhO7ZGeBjjdubJALlgE8Y4icLcnUdJ1m2T8nlmLLibQ0IEDDHnuCelOCE2LMXhLibibJv9g/640?wx_fmt=png&amp;from=appmsg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">S</span><span style="color: black;">qlmap</span><span style="color: black;">绕过宝塔防火墙——代理池</span><span style="color: black;">+</span><span style="color: black;">随机</span><span style="color: black;">UA</span><span style="color: black;">头</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">运用</span>参数绕过防火墙:</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">--</span><span style="color: black;">proxy=</span><span style="color: black;">“</span><span style="color: black;">http://</span><span style="color: black;">代理池<span style="color: black;">位置</span></span><span style="color: black;">:</span><span style="color: black;">端口”</span><span style="color: black;">#</span><span style="color: black;">配置代理</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">--</span><span style="color: black;">random-agent#</span><span style="color: black;">随机</span><span style="color: black;">UA</span><span style="color: black;">头</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">起步</span></span><span style="color: black;">sqlmap</span><span style="color: black;">,<span style="color: black;">起始</span>扫描</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">输入:</span><span style="color: black;">python
            sqlmap.py -u "</span><span style="color: black;"><span style="color: black;">目的</span><span style="color: black;">位置</span></span><span style="color: black;">"
            --proxy="http://r354.kdltps.com:15818" --random-agent</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">网络安全技术交流群:wx加我好友,备注“进群”。学习网络安全<span style="color: black;">亦</span>可联系</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">QQ群:708769345</p>




nuanhome 发表于 2024-8-29 11:27:51

回顾历史,我们不难发现:无数先辈用鲜血和生命铺就了中华民族复兴的康庄大道。

nqkk58 发表于 2024-10-19 04:01:11

谷歌外链发布 http://www.fok120.com/

j8typz 发表于 2024-11-12 00:20:07

我深感你的理解与共鸣,愿对话长流。

b1gc8v 发表于 2024-11-12 10:46:26

认真阅读了楼主的帖子,非常有益。
页: [1]
查看完整版本: WAF绕过-漏洞发掘-AWVS+Xray+Goby+sqlmap-绕过waf