A Python3 web server that allows only targeted IPs and attempts to fingerprint the incoming requests by capturing connection and browser information.
The hosted HTML contains JS which will POST additional data about the browsers capabilities back to the server.
- IP
- sec-ch-ua
- sec-ch-ua-mobile
- sec-ch-ua-platform
- DNT
- userAgent
- screenResolution
- installedFonts
- browserPlugins
- timezone
- language
- colorDepth
- platform
- User Activity via mousemoved js event listener
and more.
-
Place a whitelist.txt file at the root of the project and populate it with IPv4 or 6 address ranges in CIDR notation (/24) and new line deliniated.
-
Set a GUID for the GET handler, POST handler, and in the sample_site.html postback.
-
Send a link to the target and wait to see target details in the
access.logfile.
Add IP v4 and v6 addresses to the whitelist.txt file to target the logs and to reduce noise from bots and crawlers.
Using GUIDs for GET and POST routes will greatly reduce the number of bots and crawlers hitting your endpoints and dirtying up the logs.