Amazon Web Application Firewall 소개
WAF를 사용하는 것은 어떤 식으로든 기밀성, 무결성 또는 가용성에 영향을 미칠 수 있는 일반적인 위협 및 기타 악용으로부터 웹 앱 또는 API를 보호하는 좋은 방법입니다.
클라이언트 도구
매우 간단하게 유지하기 위해 curl 명령과 Python의 조합을 사용하여 스캔 스크립트를 실행합니다.
테스트 신청
먼저 OWASP Juice Shop 앱에 연결하여 AWS WAF 기능을 테스트할 것입니다. 익숙하지 않다면 Juice Shop은 의도적으로 안전하지 않은 오픈 소스 웹 애플리케이션입니다. Juice Shop은 eJPT 시험을 준비하거나 다른 레드 팀 활동에 대해 배우는 사람들을 위한 훌륭한 테스트 앱입니다.
배포 중
AWS Cloud Formation 템플릿을 사용하여 샘플 앱을 배포했습니다.
Step by step instructions:
Give your stack a name
Click the "Next", using the default values
Click the Create stack button
CloudFormation will start the deployment, wait until all stacks are shown in a CREATE_COMPLETE state.
When the create is complete, find the JuiceShopUrl value in the CloudFormation template output, this is the address of your Juice Shop site.
Create new Web ACL under WAF, adding a managed rule group
export JUICESHOP_URL=<Your Juice Shop URL>
curl -X POST $JUICESHOP_URL -F "user='<script><alert>Hello></alert></script>'"
Lets create scanner.py , grab the code below which is also available to download.
# dependencies
import subprocess
import os
import sys
# used to color text
class bcolors:
HEADER = '\033[95m'
OKBLUE = '\033[94m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
OTHER = '\033[95m'
FAIL = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
# validate command line
if len(sys.argv) != 2:
print('Usage: scanner.py <target DNS or IP>')
exit(1)
# set target dns
# target = sys.argv[1];
target = sys.argv[1].strip('/')
# parse HTTP request results
def parse_result(http_result):
_http_result = ''.join(map(str, http_result))
if '403 Forbidden' in _http_result:
return ('403 Forbidden' , 0)
elif '200 OK' in _http_result:
return ('200 OK' , 1)
elif '404 Not Found' in _http_result:
return ('404 Not Found' , 2)
elif '500 Internal Server Error' in _http_result:
return ('500 Server Error' , 3)
else:
return (_http_result , 4)
# tests to execute
tests = [
{'Name': '--- Canary GET Request' , 'Type': 'Canary' , 'exec_string': "http -v " + target + "/index.php"},
{'Name': '--- Canary POST Request', 'Type': 'Canary' , 'exec_string': "http -v --form POST " + target + "/index.php"},
{'Name': '#1 SQLi in Query String' , 'Type': 'SQLi' , 'exec_string': "http -v '" + target + "/product.php?id=-260479%2F**%2F%2F*!union*%2F%2F**%2F%2F*!select*%2F%2F**%2Fconcat(username%2C0x3a%2Cpassword%2C0x3a%2Cusertype)%2F**%2F%2F*!from*%2F%2F**%2Fjos_users%2F**%2F'"},
{'Name': '#1 SQLi in Cookie' , 'Type': 'SQLi' , 'exec_string': "http -v " + target + "/product.php?id=32574938 'Cookie:PHPSESSID=-260479%2F**%2F%2F*!union*%2F%2F**%2F%2F*!select*%2F%2F**%2Fconcat(username%2C0x3a%2Cpassword%2C0x3a%2Cusertype)%2F**%2F%2F*!from*%2F%2F**%2Fjos_users%2F**%2F'"},
{'Name': '#1 XSS in Query String' , 'Type': 'XSS' , 'exec_string': "http -v '" + target + "/product.php?id=<script%20src%3D\"http%3A%2F%2F127.0.0.1%2Fxss_malware.js\">'"},
{'Name': '#1 XSS in Body' , 'Type': 'XSS' , 'exec_string': "http -v --form POST " + target + " /product.php" + "[email protected] reviewName=Hacker reviewTitle=Hacked reviewStory='<script>alert(\"Hello World!\")<script/>' reviewSubmit=Submit"},
{'Name': '#2 Includes Modules' , 'Type': 'Includes' , 'exec_string': "http -v '" + target + "/includes/index.html'"},
{'Name': '#3 CSRF Missing' , 'Type': 'CSRF' , 'exec_string': "http -v --form POST " + target + "/form.php" + " orderSubmit=Submit"},
{'Name': '#3 CSRF Invalid' , 'Type': 'CSRF' , 'exec_string': "http -v --form POST " + target + "/form.php" + " orderSubmit=Submit 'x-csrf-token:b@d+0k3n198f3c998eb4c24cc168fd6b92b8c95a'"},
{'Name': '#4 Path Traversal' , 'Type': 'Traversal' , 'exec_string': "http -v '" + target + "/download.php?form=..%2Fmodules%2Freviews.php'"}
]
print('##########################################################')
print('# WAF Tests on Target = ' + target)
print('##########################################################')
# list tests
line_width = 25
for single_test in tests:
print("\nREQUEST: " + single_test['exec_string'])
results = subprocess.getstatusoutput(single_test['exec_string'])
result_string , ret_code = parse_result(results)
if ret_code == 1 and 'Canary' not in [single_test['Type']]:
print(bcolors.FAIL + 'Test Name:' + single_test['Name'].ljust(line_width) + ' Result: ' + result_string + bcolors.ENDC)
elif ret_code == 1 and "Canary" in single_test['Type']:
print(bcolors.OKGREEN + 'Test Name:' + single_test['Name'].ljust(line_width) + ' Result: ' + result_string + bcolors.ENDC)
elif ret_code == 0 and 'Canary' not in [single_test['Type']]:
print(bcolors.OKGREEN + 'Test Name:' + single_test['Name'].ljust(line_width) + ' Result: ' + result_string + bcolors.ENDC)
elif ret_code == 0 and "Canary" in single_test['Type']:
print(bcolors.FAIL + 'Test Name:' + single_test['Name'].ljust(line_width) + ' Result: ' + result_string + bcolors.ENDC)
elif ret_code == 2:
print(bcolors.OKBLUE + 'Test Name:' + single_test['Name'].ljust(line_width) + ' Result: ' + result_string + bcolors.ENDC)
elif ret_code == 3:
print(bcolors.WARNING + 'Test Name:' + single_test['Name'].ljust(line_width) + ' Result: ' + result_string + bcolors.ENDC)
else:
print(bcolors.OTHER + 'Test Name:' + single_test['Name'].ljust(line_width) + ' Result: ' + result_string + bcolors.ENDC)
python3 scanner.py $JUICESHOP_URL
python3 scanner.py http://abc123.cloudfront.net or $JUICESHOP_URL
##########################################################
# WAF Tests on Target = http://abc123.cloudfront.net
##########################################################
REQUEST: http -v http://abc123.cloudfront.net/index.php
Test Name:--- Canary GET Request Result: 403 Forbidden
REQUEST: http -v --form POST http://abc123.cloudfront.net/index.php
Test Name:--- Canary POST Request Result: 403 Forbidden
REQUEST: http -v 'http://abc123.cloudfront.net/product.php?id=-260479%2F**%2F%2F*!union*%2F%2F**%2F%2F*!select*%2F%2F**%2Fconcat(username%2C0x3a%2Cpassword%2C0x3a%2Cusertype)%2F**%2F%2F*!from*%2F%2F**%2Fjos_users%2F**%2F'
Test Name:#1 SQLi in Query String Result: 403 Forbidden
REQUEST: http -v http://abc123.cloudfront.net/product.php?id=32574938 'Cookie:PHPSESSID=-260479%2F**%2F%2F*!union*%2F%2F**%2F%2F*!select*%2F%2F**%2Fconcat(username%2C0x3a%2Cpassword%2C0x3a%2Cusertype)%2F**%2F%2F*!from*%2F%2F**%2Fjos_users%2F**%2F'
Test Name:#1 SQLi in Cookie Result: 403 Forbidden
REQUEST: http -v 'http://abc123.cloudfront.net/product.php?id=<script%20src%3D"http%3A%2F%2F127.0.0.1%2Fxss_malware.js">'
Test Name:#1 XSS in Query String Result: 403 Forbidden
REQUEST: http -v --form POST http://abc123.cloudfront.net /[email protected] reviewName=Hacker reviewTitle=Hacked reviewStory='<script>alert("Hello World!")<script/>' reviewSubmit=Submit
Test Name:#1 XSS in Body Result: 403 Forbidden
REQUEST: http -v 'http://abc123.cloudfront.net/includes/index.html'
Test Name:#2 Includes Modules Result: 403 Forbidden
REQUEST: http -v --form POST http://abc123.cloudfront.net/form.php orderSubmit=Submit
Test Name:#3 CSRF Missing Result: 403 Forbidden
REQUEST: http -v --form POST http://abc123.cloudfront.net/form.php orderSubmit=Submit 'x-csrf-token:b@d+0k3n198f3c998eb4c24cc168fd6b92b8c95a'
Test Name:#3 CSRF Invalid Result: 403 Forbidden
REQUEST: http -v 'http://abc123.cloudfront.net/download.php?form=..%2Fmodules%2Freviews.php'
Test Name:#4 Path Traversal Result: 403 Forbidden
Reference
이 문제에 관하여(Amazon Web Application Firewall 소개), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://dev.to/aws-builders/an-intro-to-the-amazon-web-application-firewall-p87텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
좋은 웹페이지 즐겨찾기
