Shulou(Shulou.com)05/31 Report--

The editor would like to share Behave with you. What is a plug-in, I believe that most people do not know much, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Behave!

Behave! Is a monitoring plug-in for browser page activity, the majority of researchers can use Behave! To monitor the activities and behaviors of the Web page, the project is still in the development stage.

Behave! Ability to monitor and detect activities within Web pages, including:

Browser port-based scanning activity

The act of accessing a private IP address

DNS rebinding attacks against private IP

Monitor port scan activity

Behave! if the IP address that the target Web page attempts to access falls under the following circumstances. A warning will be issued to the user:

Local loopback address IPv4 127.0.0.1According 8 Local loopback address IPv6:: 1 128 Private IP address IPv4 10.0.0.0 Universe 8-172.16.0 Universe 12-192.168.0.0lap 16 unique local address IPv6 fc00::/7

DNS resolution behavior for private addresses

If a malicious script controls the browser to connect to a FQDN and the authoritative DNS parsing of the FQDN points to a private IP address, Behave! The resolved IP address will be checked to see if it is private. In any case, resolving the IP address of the hostname takes effect only if the port is open.

Behave! You can also prevent TOCTOU attack problems and no external DNS requests are executed. If the port is down, there will be no IP parsing available, so no alarm will be issued.

DNS rebinding bypass

Behave! No direct DNS request is executed, and the IP address is taken from the response information it intercepts. Which means, Behave! Will not be affected by any TOCTOU attacks, such as DNS rebinding attacks.

DNS rebinding monitoring

Behave! It will continuously track whether a hostname will resolve to multiple IP addresses, and if the resolved address is a mixture of public IP and private IP, Behave! A warning will be issued.

Source code acquisition

Researchers can use the following commands to clone the source code of the project locally:

Git clone https://github.com/mindedsecurity/behave.git

Next, extract the source code, open Google Chrome or Chromium, and visit the following address:

Chrome://extension

Activate the developer mode of the browser and load Behave! Directory, then you can use Behave! The powerful function of!

Behave! test

DNS rebinding attack: http://rebind.it:8080/manager.html

JavaScript port scan: http://jsscan.sourceforge.net/jsscan2.html

What is shown below is that we use Behave! To monitor the at.tack.er page, the details of the activity will be recorded in the log record:

The above is all the content of the article "Behave! what is a plug-in?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.