Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest stationmaster buy cloud host technology Hall
In a previous "cyber access attack and defense war," it was said that in many large enterprises and in some countries, access restrictions were often made to restrict access to certain websites or use certain Web applications by employees or people. Restrictive methods usually have router IP filtering and enforcing the use of proxy servers, among other ways. So, this article mainly describes the use of Proxy server network access when the attack and defense war.
Many cases of network access through a proxy server are similar to direct access to the network. Proxy server can do without the proxy server for all filtering methods, these filtering methods in the previous article has been explained in detail, the only difference is that the network access to attack and defense all on the proxy server. That is, if you want to apply a direct access network access attack and defense technology to the proxy server, you must first have the browser or network application set up a proxy server.
However, looking for a proxy server address to access the extranet is a learning subject. Some network environment is to set the proxy server's address and port directly in the browser, so it is very easy to obtain its address, and some network environment uses the function of "Automatic proxy configuration script" to access different network use different proxy server function, The well-known autoproxy Plug-ins also use this technology, and even some network environment uses the "Automatic Detection network proxy settings" function to achieve the computer in different network environment can automatically configure the agent function. However, in the latter two settings of the network environment to find access to the external network proxy server address needs to understand these technologies, can refer to the proxy auto-config and Web proxy AutoDiscovery Kyoto. If you are unfamiliar with these technologies, you can also use the Netstat tool or the sniffer tool to identify the proxy server addresses that access the extranet. These techniques and tools are not discussed in this article.
If you successfully find the address of the proxy server, then we can analyze what the proxy server can do and how to break through the restrictions.
Let's skip the attack and defense in the direct access network situation, which has been described in detail in the previous article, to see what further filtering the proxy server can make. Here's a list of the typical filtering methods you'll encounter:
1, domain name filtering. When using a proxy server to access the network, you will encounter a domain name of all pages are denied access to the situation, this is the domain name filter. Typically, however, the proxy server filters the domain name only by parsing the domain name in the access address, rather than through the host field in the HTTP proxy protocol. Then we can solve this problem by replacing the domain name in the access address with the IP address of the domain name.
2, IP address filtering. When accessing a network, there is a time when access to a Web page under an IP address will cause all access denied. and the domain name filter, this kind of filtering way in many cases also just to access the IP filter in the address, then we can change the IP address to the corresponding domain name to solve the problem. If this IP address does not have a domain name or temporarily cannot find its corresponding domain name, you can also register for this IP a free two domain name, then you can change the IP domain name.
3. Port filtration. Because browsing Web pages uses HTTP and HTTPS protocols, the default ports used by these two protocols are 80 and 443, so in order to prevent people from using other protocols, many times the proxy server restricts access to only 80 and 443 external ports. In this way, you can only access other ports using software that supports proxy server cascading. However, because the HTTP protocol is transmitted in clear text, there are many proxy servers that do not filter the HTTP protocol ports, and only the HTTPS protocol has a port limit of 443. If you need to use a different protocol, and the other protocol uses a port that is exactly 443, then we can just take advantage of HTTPS's ciphertext transmission characteristics, connect to the target server 443 ports, the proxy server can not know whether we are using HTTPS or other protocols. If it does not happen that the other protocol uses a port other than 443, we still need to use software that supports proxy server cascading to access other ports.
4, the detection of HTTPS protocol head. Because the initial handshake process for the HTTPS protocol is still plaintext, the proxy server can detect the protocol headers connected to the external 443 port. Disconnect if it is not an HTTPS protocol. Encounter this type of filtering, we can first sniff the normal HTTPS protocol head down to join the two sides of the communication, and then other protocols to communicate, you can solve the problem.
5. NTLM password authentication. Some proxy servers use NTLM password authentication, so IE users will not feel any problems, using the other kernel of the browser or other applications, will be referred to enter the Access Proxy password. Because many proxy cascade software does not support a proxy server that requires a password authentication, it can cause some trouble. You can use a software named NTLM Authorization Proxy server to solve the problem.
6, URL filter. Sometimes a proxy server prevents users from accessing a particular type of application-for example, bbs--filters all access requests with BBS in the URL. In this way, we can only use agent-cascaded software.
This is a general overview of the proxy server filters that are often encountered. However, due to the way the proxy server filters all sorts of strange, this article can not list all the filtering methods. And in addition to the proxy cascade software has ready-made, other problem-solving methods require proxy server users to write their own network procedures, so other ways are mainly for everyone to study.
Finally, I give the HTTP protocol to cascade the software source code, using the Java-dhttp.proxyhost= Proxy server address-dhttp.proxyport= proxy Server port net.tools.web.TunnelClient The proxy server URL that is cascaded by the local proxy server, and then the local proxy server can be used for network access. For example, we have to use the proxy server 192.168.0.200:8080 for external network access, we can run the command java-dhttp.proxyhost=192.168.0.200-dhttp.proxyport=8080 Net.tools.web.TunnelClient 7,890 cascaded Proxy Server URL, then we set the browser proxy server to 127.0.0.1:7890 can be used. I'll give a cascade proxy server URL for http://jinshan.isysjs.com.cn/tunnel/. This URL is for test use only, do not misuse. If you encounter NTLM password authentication, refer to the 5th proxy server above for filtering.
If you are interested to continue to discuss with me about Proxy server network access attack and defense war, you can go to the forum I often visit (need to use foreign IP for access) to find me, or directly to me email.
The author's Twitter: @davidsky2012, the author of Google reader:https://www.google.com/reader/shared/lehui99.
Original articles such as reprint, please specify: Reproduced from the Moonlight Blog [http://www.williamlong.info/]