2024-07-12
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
Preface
Welcome to my blog
Homepage:Beiling's desert cat typing on the keyboard - CSDN blog
This article focuses on the process of penetration
CDN related knowledge points
If we allow external access to our server, the access speed will be fast in areas close to our server, while the access speed will be greatly reduced in areas far away. In order to ensure the experience of users in remote areas, we often use CDN services.
CDN means that the operating manufacturer is equipped with servers all over the country. After we deploy CDN, our web information will be cached on the servers, and users who are close to these servers will have priority access to these servers, thereby greatly improving the access speed.
The deployment of CDN makes us more obscure about the real IP address of the server.
Although it has little impact on our web vulnerability testing, it has a greater impact on our port scanning, traffic attack, DOSS, CC attack and other means. Because the IP we access is actually the IP of a nearby server, not the real web IP. Our traffic attack will also be diverted and will not threaten the real server. However, it will also consume the CDN traffic of the webmaster, making the webmaster face high CDN fees. Of course, some manufacturers will block the webmaster's service if they find abnormal traffic.
Domestic service providers:
Alibaba Cloud Baidu Cloud Qiniu Cloud
Ucloud Tencent Cloud
360 ChinaCache
Foreign service providers
CloudFlare StackPath Fastly
Akamai CloudFront Edgecast
CDNetworks Google Cloud CDN
CacheFly Keycdn Udomain CDN77
Configuration 1: Acceleration domain name - the domain name that needs to enable acceleration
Configuration 2: Acceleration zone - the region where acceleration needs to be enabled
Configuration 3: Acceleration Type - Resources that need to be accelerated
Ping servers from multiple locations, test website speed - Webmaster Tools
Use the global ping method. Access from all over the country, and then check the accessed IP. If they are all the same, then they are real IPs. If they are different IPs, then CDN is used.
Principle: He stipulates that www.abc.com is the resolved domain name. That is to say, if we visit abc.com, or visit its subdomain ccc.abc.com, we will visit the real IP.
Precautions:
1. The subdomain and the main site may not be on the same server, which also needs to be determined.
Principle: The server is most likely to be registered there, so the IP in this area is most likely his real IP.
But it cannot be absolute, it is just a reference.
Principle: If the website has functions or vulnerabilities such as remote loading of images and ssrf vulnerabilities, then we can place images on our own server and let this website access the images on our server, and then we can view the IP address of the website server that is accessed from our server.
principle:
1. When receiving an email, the email header will indicate the sender's IP address. Use this feature to find the real website IP address.
2. The mail system cannot use CDN services.
3. If you want to use email to search, the premise is that the website has deployed its own email system. If it uses NetEase, QQ and other emails, then the email you received is sent to you by NetEase or QQ server, so the IP address is not the corresponding website.
Find the email sending function.
for example
Password retrieval, email binding, email verification and other functions.
Product update email push.
Staff mailboxes, weak passwords for internal corporate mailboxes, etc.
principle:
We send an unknown empty email to the mail system of the corresponding URL. Since there is no such user, the other party will reply to us. This can determine the IP address of the sending server.
premise:
We build our own email server instead of using services provided by servers such as QQ.
Because if you use QQ mailbox, the other party will send it to QQ, and QQ will send it to you, so the IP we receive is the IP of QQ mailbox, not the IP of the real server
Principle: Unknown
Operation: Search the website for the real IP address.
website:
Get Site IP - Find IP Address and location from any URL
advantage:
Just don't worry about anything and let him check it out.
Disadvantages:
There are many false positives
Principle: Get the target CDN manufacturer information, then scan all the network segments of the corresponding manufacturer to find sites with similar characteristics to the target website.
Find CDN vendors
Global CDN service provider query_Professional and accurate IP library service provider_IPIP
Chunzhen Network, China's oldest IP geolocation database
IP library manufacturer IP segment
Check the corresponding network segment according to the address.
You can use the pure ip library.
furkcdn scan network segment
How to use his own strategy
I have devoted myself to the research of technology for more than 30 years. I am proficient in various languages such as Java, Linux, JavaScript, PHP, CSS, etc. I have made many contributions in the field of open source. I have established a developer documentation site to share some problems in technology development for everyone to read.
