dns/http_log

上计算机网络课的时候并没怎么认真听啊，导致都是很懵逼的状态，记录一下。

dns请求是通过udp实现,http请求是通过tcp完成
通过这点就可以利用套接字来实现一个小小的cloudeye

http_dns_log:

import socket,thread,datetime 
query_history = [] 
url_history = [] 
def web_server(): 
    web = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 
    web.bind(('0.0.0.0',80)) 
    web.listen(10) 
    while True: 
        try: 
            conn,addr = web.accept() 
            data = conn.recv(4096) 
            req_line = data.split("\r\n")[0] 
            path = req_line.split()[1] 
            route_list = path.split('/') 
            html = "NO" 
            if len(route_list) == 3: 
                if route_list[1] == 'add': 
                    url_history.append(route_list[2]) 
                elif route_list[1] == 'check': 
                    if route_list[2] in url_history: 
                        html = 'YES' 
            else: 
                query_str = route_list[1] 
                for query_raw in query_history: 
                    if query_str in query_raw:html = "YES" 
            print datetime.datetime.now().strftime('%m-%d %H:%M:%S') + ' web query: ' + path 
            raw = "HTTP/1.0 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: %d\r\nConnection: close\r\n\r\n%s" %(len(html),html) 
            conn.send(raw) 
            conn.close() 
        except: 
            pass 
if __name__=="__main__": 
    dns = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) 
    dns.bind(('0.0.0.0',53)) 
    thread.start_new_thread(web_server,()) 
    while True: 
        recv,addr = dns.recvfrom(1024) 
        query_history.append(recv) 
        print datetime.datetime.now().strftime('%m-%d %H:%M:%S') + ' Dns Query: ' + recv

一般用python自带的去接收请求log

python -m SimpleHTTPServer 80

利用

dns:
nslookup wolf 66.66.66.66
http:
curl http://66.66.66.66/add/wolf

判断：

dns: http://66.66.66.66/wolf 
http: http://66.66.66.66/check/wolf 
返回YES即此数据存在，也就是存在漏洞触发了验证请求操作。

本文来自：http://zone.wooyun.org/content/27151