'웹사이트'에 해당되는 글 3건
- 2011.06.27 KISA, 웹 표준 및 액티브X 대체기술 교육
- 2010.07.30 Web Traffic Analysis with httpry
- 2009.07.10 웹에서 주소만으로 사이트 캡쳐 (screenshot/websnapshot)
| 트윗하기 | |||
| 트윗하기 | |||
httpry is a tool specialized for the analysis of web traffic. The tool itself can be used to capture traffic (httpry -o file) but other other tools are better suited for that such as tcpdump, Snort, Sguil. When it comes to finding out if certain types of files were downloaded via http, this tool does a super job. It can be used in combination with regular expressions (Regex) to find if a file, a script or a malware was downloaded from site or by a host and will ignore everything else. Whether the http traffic is using port 80, 443, 8080, etc, it will parse and display all the web traffic using this simple command:
httpry -i eth0
If you are working with a large pcap file and want to filter on a particular IP or network, httpry support libpcap filters to zoom in on the web traffic you want to analyze. This libpcap filter will show all the web traffic associated with host 192.168.5.25 using this filter:
httpry -r file 'host 192.168.5.25'
07/28/2010 18:00:02 192.168.5.25 216.66.8.10 > GET www.symantec.com
/enterprise/security_response/threatexplorer/threats.jsp HTTP/1.0 - -
07/28/2010 18:00:02 216.66.8.10 192.168.5.25 < - - - HTTP/1.0 301 Moved
Permanently
07/28/2010 18:00:02 192.168.5.25 216.66.8.16 > GET
www.symantec.com /business/security_response/threatexplorer/threats.jsp HTTP/1.0
- -
07/28/2010 18:00:03 216.66.8.16 192.168.5.25 < - - - HTTP/1.0 200
OK
07/28/2010 18:00:03 192.168.5.25 67.97.80.71 > GET vil.nai.com
/VIL/newly_discovered_viruses.aspx HTTP/1.0 - -
07/28/2010 18:00:03
192.168.5.25 67.97.80.71 > GET vil.nai.com /VIL/newly_discovered_viruses.aspx
HTTP/1.0 - -
07/28/2010 18:00:03 67.97.80.71 192.168.5.25 < - - - HTTP/1.1
200 OK
07/28/2010 18:01:48 74.125.157.101 192.168.5.25 < - - - HTTP/1.1
200 OK
07/28/2010 18:01:48 192.168.5.25 173.194.15.95 > GET
safebrowsing-cache.google.com
/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYlZQCIJaUAioFFooAAAEyBRWKAAAB
HTTP/1.1 - -
07/28/2010 18:01:48 173.194.15.95 192.168.5.25 < - - -
HTTP/1.1 200 OK
If you are checking for a particular file extension such as.exe, .js,
.msi, .jpg, etc, if you combined your search with grep, httpry can be used to
find if any binaries (i.e. malware) were downloaded from a certain site or by a
particular client using a pcap captured files. In this example we grep for all
the JavaScript transffered by host 192.168.5.25.
httpry -r file 'host 192.168.5.25' | grep "\.js"
07/28/2010 10:57:08 192.168.5.25 69.192.143.238 > GET
www.quickquote.lincoln.com
/static/com/forddirect/presentation/constants/SkinConstants_lincoln.js HTTP/1.1
- -
07/28/2010 10:57:08 192.168.5.25 69.192.143.238 > GET
www.quickquote.lincoln.com /yui/yahoo-dom-event/yahoo-dom-event.js HTTP/1.1 -
-
07/28/2010 10:57:08 192.168.5.25 69.192.143.238 > GET
www.quickquote.lincoln.com
/static/com/forddirect/application/bp20/metrics/s_code.js HTTP/1.1 - -
The httpry website is here. The tarball can be
download here and
a freeBSD port here.
출처 : www.sans.org
| 트윗하기 | |||
Installing the screenshot factory on Linux
This page has been updated to work with Browsershots 0.4.
Install prerequisites
sudo apt-get install tightvncserver xfonts-base netpbm xautomation scrot subversion
Get the screenshot factory source code
svn checkout http://svn.browsershots.org/trunk/shotfactory/
Adjust config files
Change the file ~/.vnc/xstartup to the following three lines. This will set a white background and then run nothing except the window manager. Be sure to remove any reference to xterm because it gets in the way. If you have never run tightvncserver before, this file will not yet exist - run it once to automatically generate the file, and then make the change.
#!/bin/sh xsetroot -solid "#FFFFFF" x-window-manager &
If the file doesn't have any effect, make sure it's executable:
chmod a+x ~/.vnc/xstartup
Run
cd shotfactory screen -L python shotfactory.py
See InstallFactory for registration and troubleshooting tips.
More useful packages
You will want to run a lightweight window manager because it will be restarted for each screenshot request. I don't recommend gnome-session because it uses a lot of memory. If you want nice rounded title bars, you can also install ubuntu-artwork.
sudo apt-get install metacity ubuntu-artwork
The firefox package on Ubuntu suggests these font packages (as of 2007-12-01):
sudo apt-get install latex-xft-fonts ttf-kochi-gothic ttf-kochi-mincho ttf-thryomanes ttf-baekmuk ttf-arphic-gbsn00lp ttf-arphic-bsmi00lp ttf-arphic-gkai00mp ttf-arphic-bkai00mp
If you want to run Flash 9, simply install the following package:
sudo apt-get install flashplugin-nonfree
It's also fun to track the system status graphically. Install Munin somewhere and add all your screenshot factory machines to /etc/munin/munin.conf. Then do this on each screenshot factory:
sudo apt-get install lm-sensors smartmontools sudo apt-get install munin-node
How to install the ShotServer
This documentation is for the development version 0.4 of Browsershots (based on Django).
If you want to support the development of Browsershots, you can hire me as a contractor to set up Browsershots as an in-house browser testing system for you, and adapt it to your requirements. I speak German and English (and a little French and Swedish), and will come to your office even if it's in Timbuktu. Send email to johann@browsershots.org if you're interested. My rates are cheap because I'm still a student, so hurry!
Hardware and OS
See RequirementsForServer. The ShotServer software needs Python version 2.4 or newer (e.g. for the function decorator syntax).
Software
Prerequisites
sudo apt-get install netpbm
Install Django source code
Until Django 1.0 is released, Browsershots 0.4 will use the development version (trunk) of Django.
svn checkout http://code.djangoproject.com/svn/django/trunk django cd django sudo python setup.py install
Install ShotServer source code
Use Subversion to check out the latest development version of the software (the same code that is running on http://v04.browsershots.org/):
svn checkout http://svn.browsershots.org/trunk/shotserver
For the quick-start development server, you don't need to install the Browsershots source code in /usr/lib/ because you run the development server from your local copy. Only for use with a real web server like Apache, you would do the following:
cd shotserver sudo python setup.py install
Install the database
You need a recent version of PostgreSQL. If version 8.3 is not available on your distribution, 8.2 or 8.1 should work too.
sudo apt-get install postgresql python-psycopg
You can create the database as the same user that will be running the development server, so you don't need to worry about passwords.
createdb shotserver04 CREATE DATABASE
If necessary, create the database user first (replace www-data with your username):
sudo -u postgres createuser www-data Shall the new role be a superuser? (y/n) n Shall the new role be allowed to create databases? (y/n) y Shall the new role be allowed to create more new roles? (y/n) n CREATE ROLE
Let Django create the database tables for you:
cd shotserver/shotserver04 ./manage.py syncdb
When it asks if you would like to create an admin account, say yes.
Create content folders
If you haven't changed the directories in settings.py, you need the following folders:
sudo mkdir -p /var/www/v04.browsershots.org/png
The png folder must be writable by the user running the server.
sudo chown www-data:www-data /var/www/v04.browsershots.org/png
Quick start with the development server
On a production system, you would use Apache 2 or some other serious web server. But to get started quickly, it is recommended that you use the Django development server first, and then switch to a real web server later when it works okay.
Run the development server
You can do this on your normal user account, but you must have write access to the database shotserver04 and to the directory /var/www/browsershots.org/png/.
cd shotserver/shotserver04 ./manage.py runserver
The above will start the server on the local IP address 127.0.0.1 with port number 8000. If you want the server to be reachable from the outside, you have to specify your external IP address (and your desired port number):
./manage.py runserver 192.168.1.112:8000
More detailed instructions are available in the Django documentation.
Admin interface
Point your browser to http://127.0.0.1:8000/admin/ and enter your username and password.
Adjust the sites configuration
- Go to the "Sites" admin page http://127.0.0.1:8000/admin/sites/site/
- Change "example.com" to "127.0.0.1:8000" or equivalent
- Change the display name to "Browsershots"
Create screenshot factories
http://127.0.0.1:8000/admin/factories/factory/add/
Web frontend
Point your browser to http://127.0.0.1:8000/ to see the web interface. Replace 127.0.0.1 with the hostname of your development machine if you want to access it from other computers.
Add browsers to your factories
Visit http://127.0.0.1:8000/browsers/add/ with each browser on your screenshot factory. The page should detect your browser settings automatically. Enter your password and click submit to register your browser in the database.
You can use http://127.0.0.1:8000/admin/browsers/browser/ to add or delete browsers manually or change their settings.
Run Django with mod_python on Apache
After you get the development server to run, you may want to switch to a real web server for performance and stability. See the Django documentation for details, and InstallServerApache for example configuration.
Install the ShotServer with Apache
For a production system, you don't want to use the development server that comes with Django. Here's how you set up Apache for Browsershots.
sudo apt-get install apache2 libapache2-mod-python
Create directory for log files:
sudo mkdir -p /var/log/apache2/v04.browsershots.org/
Enable mod_rewrite:
sudo a2enmod rewrite
Then put the following in /etc/apache2/sites-available/v04.browsershots.org:
ExtendedStatus On
NameVirtualHost *:80
<VirtualHost *:80>
ServerName browsershots.example.com # FQDN
ServerAlias browsershots # Local alias
ServerAdmin webmaster@example.com
ServerSignature On
LogLevel warn
ErrorLog /var/log/apache2/v04.browsershots.org/error.log
CustomLog /var/log/apache2/v04.browsershots.org/access.log combined
DocumentRoot /var/www/v04.browsershots.org
<Directory /var/www/v04.browsershots.org>
Options -Indexes
RewriteEngine On
RewriteBase /
# Force canonical hostname.
RewriteCond %{HTTP_HOST} !^browsershots.example.com(|:80)$
RewriteRule ^(.*)$ http://browsershots.example.com/$1 [R,L]
# Static files at server root
RewriteRule ^(favicon.ico|robots.txt)$ static/$1 [L]
# Force HTTPS for secure pages (uncomment next line to enable)
# RewriteRule ^(admin|accounts)(/.*)$ https://browsershots.example.com/$1$2 [R,L]
</Directory>
<Location />
SetHandler python-program
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE shotserver04.settings
PythonDebug Off
PythonAutoReload Off
</Location>
<Location /png>
SetHandler None
</Location>
<Location /static>
SetHandler None
</Location>
<Location /media>
SetHandler None
</Location>
<Location /server-status>
SetHandler server-status
Allow from all
</Location>
</VirtualHost>
# Local variables:
# mode: apache
# end:
Make sure that file is the first symlink in /etc/apache/sites-enabled and then restart Apache:
sudo a2dissite default sudo a2ensite v04.browsershots.org sudo apache2ctl restart
Create some symlinks for static content:
cd /var/www/v04.browsershots.org/ sudo ln -s /usr/lib/python2.5/site-packages/shotserver04/static sudo ln -s /usr/lib/python2.5/site-packages/django/contrib/admin/media
Prev
