Amazon Web Application Firewall 소개

AWS WAF 사용의 용이성과 성능에 대한 간략한 소개와 개요를 찾고 있는 모든 사람을 위한 것입니다.

WAF를 사용하는 것은 어떤 식으로든 기밀성, 무결성 또는 가용성에 영향을 미칠 수 있는 일반적인 위협 및 기타 악용으로부터 웹 앱 또는 API를 보호하는 좋은 방법입니다.

클라이언트 도구

매우 간단하게 유지하기 위해 curl 명령과 Python의 조합을 사용하여 스캔 스크립트를 실행합니다.

테스트 신청

먼저 OWASP Juice Shop 앱에 연결하여 AWS WAF 기능을 테스트할 것입니다. 익숙하지 않다면 Juice Shop은 의도적으로 안전하지 않은 오픈 소스 웹 애플리케이션입니다. Juice Shop은 eJPT 시험을 준비하거나 다른 레드 팀 활동에 대해 배우는 사람들을 위한 훌륭한 테스트 앱입니다.

배포 중

AWS Cloud Formation 템플릿을 사용하여 샘플 앱을 배포했습니다.

Step by step instructions:
Give your stack a name
Click the "Next", using the default values
Click the Create stack button
CloudFormation will start the deployment, wait until all stacks are shown in a CREATE_COMPLETE state.

When the create is complete, find the JuiceShopUrl value in the CloudFormation template output, this is the address of your Juice Shop site.

Create new Web ACL under WAF, adding a managed rule group



export JUICESHOP_URL=<Your Juice Shop URL>

curl -X POST $JUICESHOP_URL -F "user='<script><alert>Hello></alert></script>'"

Lets create scanner.py , grab the code below which is also available to download.


# dependencies
import subprocess
import os
import sys

# used to color text
class bcolors:
    HEADER = '\033[95m'
    OKBLUE = '\033[94m'
    OKGREEN = '\033[92m'
    WARNING = '\033[93m'
    OTHER = '\033[95m'
    FAIL = '\033[91m'
    ENDC = '\033[0m'
    BOLD = '\033[1m'
    UNDERLINE = '\033[4m'


# validate command line
if len(sys.argv) != 2:
    print('Usage: scanner.py <target DNS or IP>')
    exit(1)

# set target dns
# target = sys.argv[1];
target = sys.argv[1].strip('/')

# parse HTTP request results
def parse_result(http_result):
    _http_result = ''.join(map(str, http_result))
    if  '403 Forbidden' in _http_result:
        return ('403 Forbidden' , 0)
    elif '200 OK' in _http_result:
        return ('200 OK' , 1)
    elif '404 Not Found' in _http_result:
        return ('404 Not Found' , 2)
    elif '500 Internal Server Error' in _http_result:
        return ('500 Server Error' , 3)
    else:
        return (_http_result , 4)

# tests to execute
tests = [
         {'Name': '--- Canary GET Request' , 'Type': 'Canary' , 'exec_string': "http -v " + target + "/index.php"},
         {'Name': '--- Canary POST Request', 'Type': 'Canary' , 'exec_string': "http -v --form POST " + target + "/index.php"},
         {'Name': '#1 SQLi in Query String' ,  'Type': 'SQLi' , 'exec_string': "http -v '" + target + "/product.php?id=-260479%2F**%2F%2F*!union*%2F%2F**%2F%2F*!select*%2F%2F**%2Fconcat(username%2C0x3a%2Cpassword%2C0x3a%2Cusertype)%2F**%2F%2F*!from*%2F%2F**%2Fjos_users%2F**%2F'"},
         {'Name': '#1 SQLi in Cookie' , 'Type': 'SQLi' ,  'exec_string': "http -v " + target + "/product.php?id=32574938 'Cookie:PHPSESSID=-260479%2F**%2F%2F*!union*%2F%2F**%2F%2F*!select*%2F%2F**%2Fconcat(username%2C0x3a%2Cpassword%2C0x3a%2Cusertype)%2F**%2F%2F*!from*%2F%2F**%2Fjos_users%2F**%2F'"},

         {'Name': '#1 XSS in Query String' , 'Type': 'XSS' , 'exec_string': "http -v '" + target + "/product.php?id=<script%20src%3D\"http%3A%2F%2F127.0.0.1%2Fxss_malware.js\">'"},
         {'Name': '#1 XSS in Body' , 'Type': 'XSS' , 'exec_string': "http -v --form POST " + target + " /product.php" + "[email protected] reviewName=Hacker reviewTitle=Hacked reviewStory='<script>alert(\"Hello World!\")<script/>' reviewSubmit=Submit"},

         {'Name': '#2 Includes Modules' , 'Type': 'Includes' , 'exec_string': "http -v '" + target + "/includes/index.html'"},

         {'Name': '#3 CSRF Missing' , 'Type': 'CSRF' , 'exec_string': "http -v --form POST " + target + "/form.php" + " orderSubmit=Submit"},
         {'Name': '#3 CSRF Invalid' , 'Type': 'CSRF' , 'exec_string': "http -v --form POST " + target + "/form.php" + " orderSubmit=Submit  'x-csrf-token:b@d+0k3n198f3c998eb4c24cc168fd6b92b8c95a'"},

         {'Name': '#4 Path Traversal' , 'Type': 'Traversal' , 'exec_string': "http -v '" + target + "/download.php?form=..%2Fmodules%2Freviews.php'"}
        ]

print('##########################################################')
print('# WAF Tests on Target = ' + target)
print('##########################################################')

# list tests
line_width = 25
for single_test in tests:
    print("\nREQUEST: " + single_test['exec_string'])
    results =  subprocess.getstatusoutput(single_test['exec_string'])
    result_string , ret_code = parse_result(results)
    if ret_code == 1 and 'Canary' not in [single_test['Type']]:
        print(bcolors.FAIL  + 'Test Name:' + single_test['Name'].ljust(line_width) + '  Result: ' + result_string + bcolors.ENDC)
    elif ret_code == 1 and "Canary" in single_test['Type']:
        print(bcolors.OKGREEN  + 'Test Name:' + single_test['Name'].ljust(line_width) + '  Result: ' + result_string + bcolors.ENDC)
    elif ret_code == 0 and 'Canary' not in [single_test['Type']]:
        print(bcolors.OKGREEN  + 'Test Name:' + single_test['Name'].ljust(line_width) + '  Result: ' + result_string + bcolors.ENDC)
    elif ret_code == 0 and "Canary" in single_test['Type']:
        print(bcolors.FAIL  + 'Test Name:' + single_test['Name'].ljust(line_width) + '  Result: ' + result_string + bcolors.ENDC)
    elif ret_code == 2:
        print(bcolors.OKBLUE  + 'Test Name:' + single_test['Name'].ljust(line_width) + '  Result: ' + result_string + bcolors.ENDC)
    elif ret_code == 3:
        print(bcolors.WARNING  + 'Test Name:' + single_test['Name'].ljust(line_width) + '  Result: ' + result_string + bcolors.ENDC)
    else:
        print(bcolors.OTHER  + 'Test Name:' + single_test['Name'].ljust(line_width) + '  Result: ' + result_string + bcolors.ENDC)

python3 scanner.py $JUICESHOP_URL

python3 scanner.py http://abc123.cloudfront.net or $JUICESHOP_URL

##########################################################
# WAF Tests on Target = http://abc123.cloudfront.net
##########################################################

REQUEST: http -v http://abc123.cloudfront.net/index.php
Test Name:--- Canary GET Request     Result: 403 Forbidden

REQUEST: http -v --form POST http://abc123.cloudfront.net/index.php
Test Name:--- Canary POST Request    Result: 403 Forbidden

REQUEST: http -v 'http://abc123.cloudfront.net/product.php?id=-260479%2F**%2F%2F*!union*%2F%2F**%2F%2F*!select*%2F%2F**%2Fconcat(username%2C0x3a%2Cpassword%2C0x3a%2Cusertype)%2F**%2F%2F*!from*%2F%2F**%2Fjos_users%2F**%2F'
Test Name:#1 SQLi in Query String    Result: 403 Forbidden

REQUEST: http -v http://abc123.cloudfront.net/product.php?id=32574938 'Cookie:PHPSESSID=-260479%2F**%2F%2F*!union*%2F%2F**%2F%2F*!select*%2F%2F**%2Fconcat(username%2C0x3a%2Cpassword%2C0x3a%2Cusertype)%2F**%2F%2F*!from*%2F%2F**%2Fjos_users%2F**%2F'
Test Name:#1 SQLi in Cookie          Result: 403 Forbidden

REQUEST: http -v 'http://abc123.cloudfront.net/product.php?id=<script%20src%3D"http%3A%2F%2F127.0.0.1%2Fxss_malware.js">'
Test Name:#1 XSS in Query String     Result: 403 Forbidden

REQUEST: http -v --form POST http://abc123.cloudfront.net /[email protected] reviewName=Hacker reviewTitle=Hacked reviewStory='<script>alert("Hello World!")<script/>' reviewSubmit=Submit
Test Name:#1 XSS in Body             Result: 403 Forbidden

REQUEST: http -v 'http://abc123.cloudfront.net/includes/index.html'
Test Name:#2 Includes Modules        Result: 403 Forbidden

REQUEST: http -v --form POST http://abc123.cloudfront.net/form.php orderSubmit=Submit
Test Name:#3 CSRF Missing            Result: 403 Forbidden

REQUEST: http -v --form POST http://abc123.cloudfront.net/form.php orderSubmit=Submit  'x-csrf-token:b@d+0k3n198f3c998eb4c24cc168fd6b92b8c95a'
Test Name:#3 CSRF Invalid            Result: 403 Forbidden

REQUEST: http -v 'http://abc123.cloudfront.net/download.php?form=..%2Fmodules%2Freviews.php'
Test Name:#4 Path Traversal          Result: 403 Forbidden

좋은 웹페이지 즐겨찾기