Shulou(Shulou.com)05/31 Report--

This article mainly explains "Nginx reverse proxy fishing how to achieve", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn "how to achieve Nginx reverse proxy fishing"!

What is reverse proxy?

Here I have found a more official explanation.

Reverse proxy (Reverse Proxy) means that the proxy server accepts the connection request on the Internet, then forwards the request to the server on the internal network, and returns the result obtained from the server to the client requesting the connection on the Internet. At this time, the proxy server behaves as a server. My own understanding is that the proxy server acts as a "middleman". If you don't understand it properly, please point it out.

Nginx reverse proxy instance

Here I take one of my vps as a demonstration ip:39.xxx.xxx.x. Because vps has a pagoda and Nginx in the pagoda.

First find the directory of Nginx. The directory on my vps is / www/server/nginx/

Find / www/server/nginx/config/nginx.conf file

Reverse proxy https://www.xxx.com/

Location / {# if the backend server returns errors such as 502,504, execution timeout, etc., the request is automatically forwarded to another server in the upstream load balancer pool to achieve failover. Proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_pass https://www.xxx.com/; proxy_set_header Host 39.xxx.xxx.9; proxy_set_header X-Forwarded-For $remote_addr;}

The proxy_set_header directive is used to add the specified Header header information when a request is made to the reverse proxy's back-end Web server.

When there are multiple domain name-based virtual hosts on the back-end Web server, the Header header information Host is added to specify the requested domain name, so that the back-end Web server can identify which virtual host handles the reverse proxy access request. 39.xxx.xxx.9 is my vps address. Www.xxx.com is the target to reverse proxy)

Finally, we need to make the following access log content is also modified in nginx.conf. Under http

Log_format TestLog escape=json'$request_filename $http_x_forwarded_for $fastcgi_script_name $document_root $request_body' $http_cookie

The TestLog should correspond to the above access_log or the log will not work.

The point is $request_body (get post data), $http_cookie (get cookie data) this is the core of our fishing. When someone visits and logs in to our reverse proxy website, we click on the log and we can see the username and password submitted by his cookie and post.

Reverse proxy phishing instance

Here I will use a test system of our school as an example to reverse the test system of the school in accordance with the above steps.

And then I saw the exact same interface. I removed the css for fear that the school leader would come to us.

At this time, call our almighty roommates to land on the first wave of Kangkang.

Make sure the log path is / www/wwwlogs/access.log according to Nginx.conf. After logging in, the reasonable roommate should record that the post submitted when he logged in should contain the account password. And cookie information after login.

After accessing the log, you can see the account password at the time of login. The target station is https, but there is no problem. JSESSIONID is followed by getting the cookie of roommates after landing. You can log in to your roommate's account by directly replacing cookie.

Burp performs regular matching cookie and then replaces. Finally successfully landed.

At this point, I believe that everyone on the "Nginx reverse proxy fishing how to achieve" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.